Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 40
October 11, 2004

SANS Newsletters Home

Another quiet week, but Microsoft will make its monthly announcement of new vulnerabilities on Tuesday.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Microsoft Windows
    • 1 (#1, #4)
    • Third Party Windows Apps
    • 6 (#5)
    • Mac Os
    • 2 (#3)
    • Linux
    • 1
    • Unix
    • 2 (#7, #9, #10, #11)
    • Cross Platform
    • 11 (#2)
    • Web Application
    • 15 (#6, #8)
    • Network Device
    • 1

******************** Security Training Update ************************

Featured Training program of the Week: SANS Cyber Defense Initiative CDI is in two parts: CDI South in New Orleans November 1-4 ( http://www.sans.org/cdisouth04) and CDI East in Washington, DC, December 7-14 ( http://www.sans.org/cdieast04)

New Orleans offers a whole new type of program that many people have asked us to provide: 18 one and two day courses on issues shaping the future of information security, from the newest hacker tools to changes in legal issues surrounding security. Perfect for people who have taken SANS courses and want updates and for people who just don't have time to attend a full class. On the other hand, Washington offers 13 full length immersion courses an a few short courses.

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Third Party Windows Apps
Mac Os
Linux
Unix
Cross Platform
Web Application
Network Device

************************** SPONSORED LINKS ******************************

Privacy notice: Sponsored links redirect to non-SANS web pages.

Simple, secure alternative to NIS/NIS+ and LDAP for UNIX/Linux user account and password management. FREE downloads. http://www.sans.org/info.php?id=611

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) MODERATE: Microsoft Word Buffer Overflow
  • Affected:
    • Microsoft Word 2002 and possibly all earlier versions

  • Description: Microsoft Word reportedly contains an overflow that can be triggered by a specially crafted Word document header. The flaw may be exploited to overwrite large amount of memory; hence, it may be possible to exploit the flaw to execute arbitrary code (not confirmed). A webpage serving a malicious Word document, or an email with a malicious Word attachment, may leverage the flaw to compromise a client. The technical details regarding the flaw have been publicly posted. Note that Internet Explorer automatically opens a Word document, which makes it easy to exploit the vulnerability via HTTP.

  • Status: Microsoft has not confirmed, no updates available.

  • Council Site Actions: Most of the council sites are waiting for confirmation and patches from Microsoft. One site said they may consider disabling using MS Word as an email editor in Outlook if attacks appear in the wild. One site relies on the users using Microsoft Office Update to update their own systems.

  • References:
  • (2) MODERATE: IBM DB2 Multiple Buffer Overflows
  • Affected:
    • DB2 8.1 FixPak 6, 7 and possibly earlier versions

  • Description: IBM's DB2 database, which enjoys a significant share of the database market, contains more than 15 buffer overflow vulnerabilities. These flaws may be exploited to execute arbitrary code and compromise the database server. The discoverers of the flaws have not released any technical details yet, but have rated many of the flaws as "High" and one of the flaws as "Critical". Judging by other advisories from the discoverers, their ratings imply that some of the flaws may be exploited by remote unauthenticated attackers, or attackers with limited privileges. The administrators should patch their DB2 servers on a priority basis. The technical details are scheduled to be posted in January 2005. Some information about the flaws may be obtained by reviewing the IBM "APAR" list.

  • Status: IBM has confirmed, patches available.

  • Council Site Actions: Two of the reporting council sites responded to this item. They are trying to determine whether the affected versions are in use.

  • References:
  • (3) MODERATE: Apple QuickTime BMP Decoding Vulnerability
  • Affected:
    • Mac OS X version 10.3.5, 10.2.8

  • Description: Apple's QuickTime, a popular digital media player for Windows and Mac platforms, contains a heap-based buffer overflow. The problem lies in the QuickTime's BMP image processing, and may be exploited to execute arbitrary code on a client system. A webpage serving a malicious QuickTime media file may leverage this flaw to compromise a client. Note that users who have QuickTime as their default media player may be compromised via any of the media file formats. No technical details have been posted. The overflow may be similar to other BMP decoding overflows discovered earlier in the Qt package.

  • Status: Apple released a cumulative security update on Sept 30, 2004 that fixes this and other vulnerabilities.

  • Council Site Actions: Three of the reporting council sites responded to this issue. One site has already pushed out the patch and the second site is in process of pushing out the patch. The third site relies on Apple's Software Update facility to distribute patches and does not plan to launch a remediation effort to ensure all systems receive the patch.

  • References:
  • (4) MODERATE: Microsoft ASP.NET Authentication Bypass
  • Affected:
    • All web servers running ASP.NET on Windows 2000/XP/2003

  • Description: Microsoft's ASP.NET software is used to create dynamic web-based applications. The software reportedly runs on 2.9 million web servers. ASP.NET contains a vulnerability that may be exploited to bypass Forms-based authentication or Windows-based authentication to obtain an unauthorized access to password protected files on the web server. The authentication checks can be bypassed by accessing the password protected files directly via an HTTP request that contains a "\" (backslash) or "%5c" (hex encoded backslash), instead of a "/" in the URL. It is reported that inserting "%20" (hex encoded space) in the URL also bypasses the authentication checks. An attacker may exploit the flaw to obtain sensitive information that may be used to further compromise the web server.

  • Status: Microsoft is investigating the flaw. Web administrators are advised to apply "ASP.NET ValidatePath" module to their web servers.

  • Council Site Actions: Two of the reporting sites are waiting for final confirmation from Microsoft. Another site is investigating whether they have any APS.NET implementations. A fourth site is in process of modifying code on their .NET apps and will deploy the patch within a week or two. The last site will rely on the public Windows Update site or their local SUS server for deployment of patches when they become available.

  • References:
Other Software
  • (5) HIGH: Vypress Messenger Buffer Overflow
  • Affected:
    • Vypress Messenger version 3.5 and 3.5.1

  • Description: Vypress Messenger is designed for Windows intranets and supports delivery of text messages. The messenger contains a buffer overflow in a "visualization" function that can be triggered by a message with an overlong (over 776 bytes) "#1" field. The flaw can be exploited to execute arbitrary code with the privileges of the messenger application. Note that the messenger supports broadcast messages. Hence, an attacker in the intranet can possibly compromise all the messenger clients via a single UDP broadcast packet. Proof of concept exploit has been posted.

  • Status: Vendor confirmed, upgrade to version 4.0 RC1.

  • Council Site Actions: The affected software is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (6) HIGH: BlackBoard Remote File Include Vulnerability
  • Affected:
    • Blackboard version 1.5.1 and possibly prior

  • Description: BlackBoard, a PHP-based bulletin board software, contains a remote file include vulnerability in its checkdb.inc.php script. The problem occurs because the user-supplied value to the "libpath" parameter is not properly sanitized. The flaw can be exploited by an attacker to execute arbitrary PHP scripts on the BlackBoard server. The attacker would need to create a malicious "_more.php" script in the "lang" directory on a web server under his control to exploit this flaw.

  • Status: Vendor confirmed, apply patch 1.5.1-h.

  • Council Site Actions: The affected software is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (7) MODERATE: Cyrus-SASL Buffer Overflow
  • Affected:
    • Cyrus-SASL version 2.1.18-r1 or prior

  • Description: Simple Authentication and Security Layer (SASL) provides a general framework that can be used by protocols like IMAP or SMTP for authentication purposes. Cyrus-SASL library is a popular SASL implementation which is used by widely deployed software such as sendmail. The library contains a buffer overflow in processing MD5 digests that may be exploited to execute arbitrary code with the privileges of the application using the Cyrus-SASL library. The technical details regarding the overflow can be obtained by diffing the digestmda5.c file between the patched and the unpatched versions.

  • Status: Vendor confirmed, upgrade to version 2.1.19. Gentoo and other Linux distributions have also provided updated packages.

  • Council Site Actions: One site is still in the process of determining if the affected version is bundled within the sendmail versions they have in use. A second site is running the Cyrus-SASL sendmail but not in the vulnerable configuration. A third site has Cyrus-SASL in use in multiple packages. Some of their systems have already been updated and some updates are still in progress. For the Mac OS systems, they rely on Apple's Software Update utility; thus the patch will be distributed shortly after its release from the vendor.

  • References:
Exploit Code
Patches
  • (9) HIGH: Mozilla Application Suite Multiple Vulnerabilities

  • Council Site Updates: Two council sites have provided an update. One site has already patched their systems. The second site have a small number of Tru64 UNIX systems, but Mozilla is rarely used, if ever. Thus they don't plan to take any action.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 40, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3758 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.40.1 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Word Denial of Service
  • Description: Microsoft Word is a document editor. Insufficient sanitization of specially crafted ".doc" files exposes a denial of service issue in the software. Microsoft Office 2000, Microsoft Office XP, Microsoft Word 2000, 2002 and 2003 are affected.
  • Ref: http://secunia.com/advisories/12758/
  • 04.40.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TriDComm FTP Server Directory Traversal
  • Description: TriDComm is a file manager, network tracerouter, and FTP server. TriDComm is vulnerable to a directory traversal in its FTP server component that could allow attackers to retrieve and write to any files on the remote file system. TriDComm versions 1.2 and 1.3 are known to be vulnerable.
  • Ref: http://aluigi.altervista.org/adv/tridcomm-adv.txt
  • 04.40.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Alpha Black Zero Remote Denial of Service
  • Description: The Alpha Black Zero game server is reportedly vulnerable to a remote denial of service condition. This issue is exposed when the server receives a large number of UDP connection requests. Attackers can crash the server remotely denying service to legitimate clients. Alpha Black Zero versions up to and including 1.04 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/376956
  • 04.40.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AtHoc ToolBar Multiple Remote Code Execution
  • Description: AtHoc Toolbar is a web-based toolbar. It is reported to be vulnerable to multiple remote code execution issues. These issues exist due to improper sanitization of user supplied strings. This issue affects the AtHoc toolbar applications distributed by the following vendors: eBay, Accenture, ThomasRegister, ThomasRegional, Juniper Networks, WiredNews, CarFax, and Agile PLM.
  • Ref: http://www.nextgenss.com/advisories/athoc-01.txt
  • 04.40.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VyPRESS Messenger Remote Buffer Overflow
  • Description: VyPRESS Messenger is a messaging system designed for the enterprise. VyPRESS is vulnerable to a remote buffer overflow attack due to a failure to verify user-supplied strings. It may be possible for an attacker to execute arbitrary code remotely. VyPRESS Messenger 4.0 RC1 fixes the issue.
  • Ref: http://www.securityfocus.com/archive/1/377286
  • 04.40.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NetworkActiv Web Server Remote Denial of Service
  • Description: NetworkActiv is an HTTP web server. A denial of service issue is exposed when a remote attacker issues an HTTP GET request containing a "%25" character to the server. This causes the server to crash or hang. NetworkActiv Web Server version 1.0 is affected.
  • Ref: http://secunia.com/advisories/12719/
  • 04.40.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Flash Messaging Server Remote Denial of Service
  • Description: The Flash client/server instant messaging system is reportedly vulnerable to a remote denial of service issue. This issue is exposed due to the server's inability to handle certain software exceptions. Remote attackers could exploit this issue to crash the server denying service to legitimate clients. Flash Messaging server versions 5.2.0g and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/377783
  • 04.40.8 - CVE: CAN-2004-0925
  • Platform: Mac Os
  • Title: Postfix SMTP AUTH User Name Denial of Service
  • Description: Postfix is an SMTP server. Postfix is vulnerable to a denial of service issue due to a failure to clear user names between authentication attempts. Only the longest user names would be able to authenticate. APPLE-SA-2004-09-30 was released to fix this issue.
  • Ref: http://www.securityfocus.com/advisories/7279
  • 04.40.9 - CVE: CAN-2004-0921, CAN-2004-0922, CAN-2004-0924,CAN-2004-0926, CAN-2004-0927
  • Platform: Mac Os
  • Title: Apple Mac OS X Multiple Security Vulnerabilities
  • Description: Multiple vulnerabilities were reported for the Apple Mac OS X. These include remote buffer overrun and remote denial of service conditions. Apple has released a security update that addresses these issues.
  • Ref: http://www.securityfocus.com/advisories/7279
  • 04.40.10 - CVE: CAN-2004-0911
  • Platform: Linux
  • Title: Debian GNU/Linux Telnetd Invalid Memory Handling
  • Description: Telnetd, as provided by Debian/GNU Linux, is reportedly vulnerable to an invalid memory handling issue. This could be used by attackers to execute arbitrary code on the vulnerable host in the context of the telnetd process. Versions of telnetd prior to 0.17-18woody1 for the stable branch, and 0.17-26 for the unstable branch are reported to be affected by this vulnerability.
  • Ref: http://www.securityfocus.com/advisories/7273
  • 04.40.11 - CVE: Not Available
  • Platform: Unix
  • Title: GNU Sharutils Multiple Buffer Overflows
  • Description: GNU Sharutils is a set of utilities for creating and manipulating shell archive files. Sharutils is vulnerable to multiple buffer overflow exploits. GNU Sharutils versions 4.2 and 4.2.1 are affected.
  • Ref: http://www.securityfocus.com/advisories/7268
  • 04.40.12 - CVE: CAN-2004-0601
  • Platform: Unix
  • Title: distcc Access Control Bypass
  • Description: distcc is a distributed compiler. distcc, when installed on a 64-bit architecture, doesn't enforce access controls. distcc version 2.16 was released to fix this issue.
  • Ref: http://distcc.samba.org/ftp/distcc/distcc-2.16.NEWS
  • 04.40.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sticker Unauthorized Secure Message Sending Vulnerability
  • Description: Sticker is a ticker messaging and virtual presence client. It is possible to send an unauthorized message from an unauthenticated user to groups. Sticker version 3.1 beta 1 is known to be vulnerable.
  • Ref: http://www.tickertape.org/projects/sticker/release_notes-3.1.0b2.html
  • 04.40.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RealOne Player and RealPlayer Remote Integer Overflow Vulnerability
  • Description: RealNetworks RealPlayer and RealOne Player are vulnerable to a remote integer overflow condition. This issue is present in the "pnen3260.dll" library that processes the Real Media ".rm" files. Successful exploitation could allow for a denial of service or even remote code execution on the vulnerable host.
  • Ref: http://www.service.real.com/help/faq/security/040928_player/EN/
  • 04.40.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RealOne Player and RealPlayer File Deletion Vulnerability
  • Description: RealNetworks RealPlayer and RealOne Player are affected by an issue that may allow an attacker to delete files on the client computer. The issue is fixed in RealPlayer version 10.5 build 6.0.12.1053.
  • Ref: http://www.service.real.com/help/faq/security/040928_player/EN/
  • 04.40.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Save Dialog File Deletion Vulnerability
  • Description: Mozilla Firefox is a web browser that is reported to be vulnerable to a file deletion issue. The vulnerability exists due to improper sanitization of URL input. Versions prior to 0.10.1 are reported to be vulnerable.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=259708
  • 04.40.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xerces C++ XML Parsing Denial of Service
  • Description: Xerces C++ is a validating XML parser. Xerces is vulnerable to a denial of service condition due to a failure to handle some XML content. Xeres version 2.5.0 is known to be vulnerable.
  • Ref: http://xml.apache.org/xerces-c/releases.html
  • 04.40.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ColdFusion MX Template Handling Privilege Escalation
  • Description: Macromedia ColdFusion MX is an application server for developing Macromedia infrastructure. A remote authenticated user that can create templates on the affected server is able to craft a template that reveals the administrator password. Macromedia ColdFusion MX version 6.1 is affected.
  • Ref: http://secunia.com/advisories/12693/
  • 04.40.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Multiple Remote Vulnerabilities
  • Description: IBM DB2 is reported to be vulnerable to multiple remote buffer overflow and other unspecified vulnerabilities. DB2 8.1 Fixpak 7 and earlier are reported to be vulnerable.
  • Ref: http://www.nextgenss.com/advisories/db2-02.txt
  • 04.40.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Jetty Directory Traversal Vulnerability
  • Description: Jetty is an HTTP server. Insufficient sanitization of the "../" characters exposes a directory traversal issue. Jetty server versions 3.x and 4.x are affected.
  • Ref: http://www.securityfocus.com/bid/11330
  • 04.40.21 - CVE: CAN-2004-0928
  • Platform: Cross Platform
  • Title: ColdFusion MX Remote File Content Disclosure
  • Description: Macromedia ColdFusion MX is an application server for developing Macromedia infrastructure. Insufficient access validation of "*.cfm" files that are not associated with the ColdFusion plugin exposes a file disclosure issue. Macromedia ColdFusion MX versions 6.0 and 6.1 are affected.
  • Ref: http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
  • 04.40.22 - CVE: CAN-2004-0884
  • Platform: Cross Platform
  • Title: Cyrus SASL Multiple Vulnerabilities
  • Description: SASL (Simple Authentication and Security Layer) is a method for adding authentication support to connection-based protocols. The first issue is a buffer overflow that could lead to remote arbitrary code execution. The second one is a local vulnerability allowing a local attacker to load an arbitrary plugin with the SASL_PATH environment variable. Cyrus version 2.1.19 was released and fixes this issue.
  • Ref: http://secunia.com/advisories/12760/
  • 04.40.23 - CVE: CAN-2004-0774
  • Platform: Cross Platform
  • Title: Real Networks Helix Universal Server Remote Denial of Service
  • Description: Real Networks Helix Universal Server is reportedly vulnerable to a remote denial of service condition. This issue is exposed due to an integer signedness exception when "-1" is specified as the "Content-Length" of a request. An attacker could exploit this issue to hang the server process, denying service to other legitimate clients.
  • Ref: http://www.idefense.com/application/poi/display?id=151&type=vulnerabilities
  • 04.40.24 - CVE: Not Available
  • Platform: Web Application
  • Title: Serendipity Multiple Input Validation Vulnerabilities
  • Description: Serendipity is web blog software. Insufficient sanitization of user-supplied input exposes various cross-site scripting and SQL injection issues. Serendipity version 0.7-beta1 is affected.
  • Ref: http://secunia.com/advisories/12673/
  • 04.40.25 - CVE: Not Available
  • Platform: Web Application
  • Title: BlackBoard Internet Newsboard System Remote File Include
  • Description: BlackBoard Internet Newsboard System is a web-based bulletin board. It is reported to be vulnerable to a remote file include issue. The issue exists due to improper sanitization of "libpach" URL parameter in the "checkdb.inc.php" script. BlackBoard Internet Newsboard System version 1.5.1 is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-10/0044.html
  • 04.40.26 - CVE: Not Available
  • Platform: Web Application
  • Title: Brooky CubeCart SQL Injection Vulnerability
  • Description: Brooky CubeCart is an online storefront application written in PHP. It is reported to be vulnerable to an SQL injection issue. The problem exists due to improper sanitization of "cat_id" parameter of the "index.php" script. CubeCart version 2.0.1 is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-10/0041.html
  • 04.40.27 - CVE: Not Available
  • Platform: Web Application
  • Title: DCP-Portal Multiple Cross-Site Scripting Vulnerabilities
  • Description: DCP-Portal is a content management system. DCP-Portal is vulnerable to multiple cross-site scripting issues due to insufficient URL filtering. DCP-Portal versions 5.x and 6.x are known to be vulnerable.
  • Ref: http://secunia.com/advisories/12751/
  • 04.40.28 - CVE: Not Available
  • Platform: Web Application
  • Title: W-Agora Multiple Input Validation Vulnerabilities
  • Description: W-Agora is web forum software. Insufficient sanitization of user-supplied input exposes various cross-site scripting and SQL injection issues. W-Agora version 4.1.6a is affected.
  • Ref: http://www.securityfocus.com/archive/1/377006
  • 04.40.29 - CVE: Not Available
  • Platform: Web Application
  • Title: AJ-Fork Insecure Default Permissions
  • Description: AJ-Fork is a web-based content management application. Incorrect file permissions to the "data" folder can allow remote attackers to gain access to sensitive information such as "users.db.php" file which contains authentication credentials. AJ-Fork version 167 is affected.
  • Ref: http://echo.or.id/adv/adv07-y3dips-2004.txt
  • 04.40.30 - CVE: Not Available
  • Platform: Web Application
  • Title: DCP-Portal Multiple HTML Injection Vulnerabilities
  • Description: The DCP-Portal web-based content management system is vulnerable to multiple HTML injection issues. This is due to insufficient user-input sanitization performed in several scripts. When rendered in the browsers of legitimate users, this could be used towards theft of cookie-based authentication or other attacks.
  • Ref: http://www.securityfocus.com/archive/1/377680
  • 04.40.31 - CVE: Not Available
  • Platform: Web Application
  • Title: DCP-Portal Calendar.PHP HTTP Response Splitting
  • Description: DCP-Portal is a content management system. Insufficient sanitization of the "full_month" parameter of the "calender.php" script exposes an HTTP response splitting issue allowing remote attackers to influence or misrepresent how web content is served, cached or interpreted. DCP-Portal versions 5.x and 6.x are affected.
  • Ref: http://secunia.com/advisories/12751/
  • 04.40.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Real Estate Management Software Multiple Vulnerabilities
  • Description: Real Estate Management Software allows users to list and manage real estate properties. The vendor has reported multiple unspecified vulnerabilities in version 1.0 of the software. The issues are fixed in version 1.1 of the software.
  • Ref: http://www.osvdb.org/10480
  • 04.40.33 - CVE: Not Available
  • Platform: Web Application
  • Title: online-bookmarks Authentication Bypass Vulnerability
  • Description: online-bookmarks is a PHP based bookmark application. It is vulnerable to an authentication bypass issue, allowing an attacker to gain unauthorized access to another user's bookmarks. online-bookmarks version 0.4.6 was released to fix the issue.
  • Ref: http://freshmeat.net/projects/onlinebookmarks/?branch_id=34962&release_id=17
    4401
  • 04.40.34 - CVE: Not Available
  • Platform: Web Application
  • Title: Recruitment Agency Software Unspecified Vulnerability
  • Description: Recruitment Agency Software is a web-based virtual recruitment agency software. It is reported to be vulnerable to an undisclosed issue. Recruitment Agency Software version 1.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11306/info/
  • 04.40.35 - CVE: Not Available
  • Platform: Web Application
  • Title: BugPort Unspecified Remote Vulnerability
  • Description: INCOGEN BugPort is a web-based bug tracking system implemented in PHP. It is reported to be vulnerable to an unspecified issue due to improper handling of file attachments. BugPort versions 1.133 and prior are reported to be vulnerable.
  • Ref: http://www.incogen.com/index.php?type=General&param=bugport
  • 04.40.36 - CVE: Not Available
  • Platform: Web Application
  • Title: FuzzyMonkey My Blog Multiple Input Validation Vulnerabilities
  • Description: FuzzyMonkey My Blog is a CGI used to integrate web log into an existing web page. FuzzyMonkey My Blog is vulnerable to input validation issues in multiple modules. FuzzyMonkey My Blog versions 1.20 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11325
  • 04.40.37 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board Cross-Site Scripting
  • Description: Invision Power Board is web forum software. It is reported to be vulnerable to a cross-site scripting issue. The problem exists due to improper sanitization of "Referer" field of an HTTP request. Invision Power Board v2.0.0 is affected.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-10/0037.html
  • 04.40.38 - CVE: Not Available
  • Platform: Web Application
  • Title: Wordpress HTTP Response Splitting Vulnerability
  • Description: Wordpress is a web-based application. It is reported to be vulnerable to an HTTP response splitting issue. The issue exists due to improper sanitization of HTTP response headers in "wp-login.php" script. Wordpress version 1.2 is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-10/0063.html
  • 04.40.39 - CVE: Not Available
  • Platform: Network Device
  • Title: HP LaserJet Arbitrary Firmware Upgrade
  • Description: HP LaserJet 4200 and 4300 printers are susceptible to an arbitrary firmware upgrade vulnerability. These printers can upgrade their firmware by sending specially-formatted print jobs, which allow for firmware upgrades to be initiated by unauthenticated FTP access or by copying firmware files to the printer via CIFS.
  • Ref: http://ftp.hp.com/pub/printers/software/lj4200lbreadmefw.txt

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2004. All rights reserved. No posting or reuse allowed, other than listed above, without prior written permission.

SANS is without a doubt the best technical training organization out there. If I had to limit my training budget to one course per year, it would be from SANS.
-Anthony DiMarco, Osteotech, Inc.

Forensics 585

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee