Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 43
November 1, 2004

SANS Newsletters Home

For most of you, this will be a quiet week. On the other hand, since many organizations do not officially support Real or Apple media players, millions of users will be urged to patch their players (#1 and #6 below).

Has anyone found a great (low cost and massively effective) way to get users to act quickly to install patches (other than automated patching)? We've started a new project called Security Awareness Tool of the Month. If you have found something that works, it might win a prize.

And a quick survey to help make @RISK better. Just answer here and return it to info@sans.org

How would you rate the @RISK newsletter on a scale from 1 (Poor) to 5 (Excellent) in terms of information content, coverage, references etc.?

What other information would you like to see included in the @RISK ?

Do you have any suggestions to improve the current format of the newsletter?

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Other Microsoft Products
    • 5 (#2, #3)
    • Third Party Windows Apps
    • 6 (#1, #4, #6)
    • HP-UX
    • 1
    • Unix
    • 3 (#5, #7, #8, #9)
    • Cross Platform
    • 15
    • Web Application
    • 14
    • Network Device
    • 1

*************This Issue Sponsored by Internet Security Systems**************

Keeping Your Organization Ahead of the Threat

All intrusion prevention systems (IPS) are not created equal. Find out the difference between reactive and preemptive IPS appliances. Preemptive IPS solutions shield vulnerabilities AND block threats. Reactive IPS solutions only block attacks. Download the FREE whitepaper, "Defining the Rules of Preemptive Protection: The ISS Intrusion Prevention System," to learn more http://www.iss.net/proof/ipswp/sans/11014

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
HP-UX
Unix
Cross Platform
Web Application
Network Device

************************** SPONSORED LINKS ******************************

Privacy notice: Sponsored links redirect to non-SANS web pages.

(1) Simple, secure alternative to NIS/NIS+ and LDAP for UNIX/Linux user account and password management. FREE downloads. http://www.sans.org/info.php?id=635

*************************************************************************

Highlighted Cybersecurity Training: Washington, DC, Dec. 7-13, 2004

SANS best instructors will be in DC teaching great courses for

  • Auditors who want the technical skills so critical to successful audits.
  • Security Managers interested in best practices and SANS exclusive "security make-over"
  • Security professionals seeking CISSP (a trademark of (ISC)2) certification who want a more effective course.
  • Technical security professionals with hands-on responsibility: Hacker Exploits; Intrusion Detection In-Depth; Introduction to Information Security; SANS Security Essentials; Firewalls, VPNs, and Perimeter Protection; Securing Windows; Securing Linux/Linux; System Forensics, Investigation & Response; .Net Security.

More information and http://www.sans.org/cdieast04

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: RealNetworks RealPlayer Zipped Skin File Overflow
  • Affected:
    • RealPlayer 10.5 (6.0.12.1053 and earlier)
    • RealPlayer 10
    • RealOne Player v2
    • RealOne Player v1

  • Description: RealPlayer, a popular media player, has over 200 millionusers world wide. The player's user interface can be enhanced byinstalling "skin" files. A vulnerability exists in the player's handlingof skin files that can be exploited to execute arbitrary code on aclient system. The exploitation proceeds as follows: A user clicks amalicious link in an email or a webpage that points to a file with a".rjs" extension i.e. a skin file whose format is similar to that of azip file. Internet Explorer silently downloads the skin file without anyuser warning. This specially crafted skin file triggers a stack-basedoverflow in the player's "dunzip32.dll", the DLL used to unzip the skinfile. The overflow can be exploited to execute arbitrary code on theclient machine with the privileges of the logged-on user. The problemoccurs because the dunzip32.dll does not validate the length of afilename in the zip file. The technical details required to exploit theflaw have been publicly posted.

  • Status: Vendor confirmed, updates available. To install the update,click the "Tools" option on the player's menu bar, and then select the"Check for Update" option. Select the "Security Update - Skin FileOverflow" for installation.

  • Council Site Actions: All of the reporting council sites have thisapplication in use; however, most do not officially support it and arenot planning any direct action. Several sites did send out anotification to their user base requesting them to download the updates.One site is actively encouraging users to remove the application unlessthere is a true business need and no alternative player exists. One siteis installing the updates for their users.

  • References:
  • (2) MODERATE: Internet Explorer IFRAME Processing Overflow
  • Affected:
    • Internet Explorer version 6.0 SP1

  • Description: Internet Explorer reportedly contains an overflow whenprocessing "IFRAME" tag with overlong "SRC" and "NAME" attributes. Amalicious webpage can possibly exploit the flaw to execute arbitrarycode on a client system (not confirmed). The flaw was discovered whiletesting Internet Explorer with an HTML fuzzer. The fuzzer generates anumber of HTML test pages that contain tags with malformed attributes.The reporter of this flaw has warned that a working exploit for thisflaw would not take too long to surface.

  • Status: Microsoft has not confirmed and no updates are available.

  • Council Site Actions: All sites are waiting for confirmation fromMicrosoft and a patch, if appropriate.

  • References:
  • (3) UPDATE: Internet Explorer Drag and Drop Vulnerability

  • Description: Microsoft has published a Knowledge Base article, KB888534,that explains how to mitigate the risks associated with the InternetExplorer "Drag and Drop" vulnerability discussed in the last week's@RISK newsletter. Note that the vulnerability can be exploited toexecute arbitrary code on a Windows client. Another exploit code hasalso been publicly posted.

  • Council Site Actions: Two of the reporting council sites are investingthe mitigation steps suggested by Microsoft in KB888534. The remainingcouncil sites are waiting for a patch from the vendor.

  • References:
Other Software
  • (4) HIGH: Tabs Laboratories MailCarrier Server Overflow
  • Affected:
    • MailCarrier version 2.51

  • Description: MailCarrier, a mail server that runs on Windows2000/XP/2003 platforms, reportedly contains a buffer overflow in itsSMTP server. The overflow can be triggered by an overlong SMTP "EHLO"or "HELO" command. Either of these is the first command a client sendsto an SMTP server to identify itself. Hence, an unauthenticated attackermay exploit this flaw to execute arbitrary code on the server. Exploitcode, which can be used to compromise a Windows 2000 SP4 or Windows XPSP2 system running the MailCarrier server, has been posted.

  • Status: Unknown.

  • Council Site Actions: The affected software is not in production orwidespread use at any of the council sites. They reported that no actionwas necessary.

  • References:
  • (6) MODERATE: Apple QuickTime Integer Overflow
  • Affected:
    • QuickTime version 6.5.1 and earlier on Windows platforms

  • Description: Apple's QuickTime media player for Windows contains aninteger overflow vulnerability. The overflow can be exploited by amalicious webpage or an HTML email to execute arbitrary code on a clientmachine. The discoverers of the flaw have not released any technicaldetails yet but have rated the flaw as a "High Risk". Judging by thesimilar rating for other advisories from the discoverers, the flaw islikely to be easy to exploit.

  • Status: Apple has confirmed the flaw and released a security update onOctober 27, 2004.

  • Council Site Actions: Most of the reporting council sites are respondingto this vulnerability. Several sites already have updates in progressand others will deploy during the next regularly scheduled system updateprocess.

  • References:
  • (7) LOW: libxml2 URL Parsing Overflow
  • Affected:
    • libxml2-2.6.12
    • libxml2-2.6.13
    • libxml2-2.6.14

  • Description: libxml2 is an XML parsing library that can be installed ona large number of platforms including all UNIXes, Mac, Windows, OS/2etc. The library contains a stack-based buffer overflow in parsing URLScontaining FTP information. The problem exists in the"xmlNanoFTPScanURL" function that does not perform bounds checkingbefore copying the user-supplied URL into a fixed-sized buffer. Anyprogram or software linked against the libxml2 library and invoking thisfunction is potentially vulnerable. Exploit code has been publiclyposted.

  • Status: Vendor has confirmed and version 2.6.15 is now available. Notethat the library is primarily used for parsing XML, and there may beonly a limited number of programs invoking the vulnerable function.

  • Council Site Actions: Two of the reporting council sites are using theaffected software. Both plan to deploy patches within the next month.

  • References:
Patches
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3819 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.43.1 - CVE: Not Available
  • Platform: Windows
  • Title: Windows XP WAV File Handler Denial of Service
  • Description: Microsoft Windows XP SP1 is affected by a denial of service issue due to insufficient sanitization performed on the "fmt" value of the WAV file header.
  • Ref: http://www.hexview.com/docs/20041021-1.txt
  • 04.43.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Malformed HTML Null Pointer Dereference Vulnerability
  • Description: Microsoft Internet Explorer is reported to be vulnerable to a null pointer dereference issue. Malformed HTML may crash the browser. Currently, all Internet Explorer versions are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/379207
  • 04.43.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Restricted Zone Status Bar Spoofing
  • Description: Microsoft Internet Explorer is vulnerable to a restricted zone status bar spoofing when an HREF tag contains an additional HREF tag contained within a TABLE tag. An attacker could display false information in the status bar to display web pages to users that seem to originate from a trusted location. Internet Explorer version 6 is known to be vulnerable except on Windows XP SP2.
  • Ref: http://secunia.com/advisories/13015/
  • 04.43.4 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Malformed IFRAME Remote Buffer Overflow
  • Description: Microsoft Internet Explorer is affected by a remote buffer overflow issue. Insufficient sanitization of the "SRC" and "NAME" properties of the "IFRAME" tag exposes this issue. Internet Explorer version 6 running on a Windows 2000 SP4 platform is affected.
  • Ref: http://www.securityfocus.com/archive/1/379341
  • 04.43.5 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer HHCtrl ActiveX Control Cross-Domain Scripting
  • Description: Microsoft Internet Explorer is vulnerable to a cross-domain scripting issue. This vulnerability is in the "hhctrl" ActiveX control, allowing an attacker to run scripts in the context of a foreign domain. All available versions of Internet Explorer are vulnerable.
  • Ref: http://www.securityfocus.com/bid/11521/info/
  • 04.43.6 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Font Tag Denial of Service
  • Description: Microsoft Internet Explorer is reportedly vulnerable to a remote denial of service condition. The issue presents itself due to a malfunction that occurs when certain font tags are encountered and rendered. Malicious web sites can crash all instances of Internet Explorer on a vulnerable host this way.
  • Ref: http://www.jehiah.com/archive/ie-vertical-align-top-vulnerability
  • 04.43.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ability Server FTP STOR Argument Buffer Overflow
  • Description: Code-Crafters Ability Server is a suite that includes HTTP, FTP and POP3 servers. Insufficient sanitization of the FTP STOR command exposes a buffer overflow condition in the application. Ability Server versions 2.34 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/379196
  • 04.43.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NetCaptor Cross-Domain Tab Vulnerability
  • Description: NetCaptor is a web browser based on Microsoft Internet Explorer. An access validation error in the application allows a web page to gain access to form fields in other web pages rendered in different tabs of the same browser window. NetCaptor version 7.5.2 is affected.
  • Ref: http://secunia.com/secunia_research/2004-10/
  • 04.43.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NetCaptor Cross-Domain Dialog Box Spoofing
  • Description: NetCaptor is a web browser based on Microsoft Internet Explorer. The vulnerability presents itself as dialog boxes from inactive tabs that may appear in other tabs. NetCaptor version 7.5.2 is affected.
  • Ref: http://secunia.com/secunia_research/2004-10/
  • 04.43.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Connectivity FTP Application Denial of Service
  • Description: The Hummingbird Connectivity FTP server application is reportedly vulnerable to a denial of service condition. This allows remote attackers to crash the affected application, denying service to legitimate users. Connectivity FTP server versions 7.1 and 9.0 are reported to be vulnerable.
  • Ref: http://www.uniras.gov.uk/vuls/2004/841713/index.htm
  • 04.43.11 - CVE: CAN-2004-0988CAN-2004-0988
  • Platform: Third Party Windows Apps
  • Title: QuickTime Remote Integer Overflow
  • Description: An unspecified integer overflow can be exploited to cause a buffer overflow and execute arbitrary code on a user's system via a specially crafted HTML document. Only Windows versions are affected. QuickTime version 6.5.2 has been released to fix this issue.
  • Ref: http://docs.info.apple.com/article.html?artnum=61798
  • 04.43.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailCarrier Remote SMTP EHLO/HELO Buffer Overflow
  • Description: Tabs Laboratories MailCarrier is affected by a remote SMTP EHLO/HELO buffer overflow vulnerability. This issue is due to a failure of the application to perform adequate bounds checking on network messages prior to copying them into process buffers. MailCarrier version 2.51 is affected.
  • Ref: http://www.securityfocus.com/archive/1/379391
  • 04.43.13 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP ServiceGuard Pivilege Escalation
  • Description: HP ServiceGuard is a facility shipped with HP-UX. It is designed to ensure high-availability of HP systems and clusters. A defect was discovered which allows non-root users on the subnet to obtain elevated privileges on the affected host.
  • Ref: http://www.securityfocus.com/advisories/7366
  • 04.43.14 - CVE: Not Available
  • Platform: Unix
  • Title: ZGV Image Viewer Multiple Remote Integer Overflow Vulnerabilities
  • Description: zgv is a picture viewer with a thumbnail-based file selector. There are a total of 11 overflows that may be exploited to execute arbitrary code. zgv Image Viewer version 5.5 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/379472
  • 04.43.15 - CVE: Not Available
  • Platform: Unix
  • Title: Kaffeine Remote Buffer Overflow
  • Description: Kaffeine is a xine-based media player for KDE3. It is affected by a remote buffer overflow vulnerability. The problem is due to insufficient boundary checks on user-supplied strings. An attacker can leverage this issue remotely to execute arbitrary code on an affected computer.
  • Ref: http://www.securityfocus.com/bid/11528/info/
  • 04.43.16 - CVE: Not Available
  • Platform: Unix
  • Title: Konqueror IFRAME Cross-Domain Scripting
  • Description: Konqueror is a web browser maintained by the KDE project. Konqueror is vulnerable to a cross-domain scripting issue due to a failure to prevent JavaScript rendered in one frame from accessing properties of a site contained in another frame of the same frameset. KDE Konqueror version 3.2.3 was released to fix this issue.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1036.html
  • 04.43.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gaim MSN Remote File Transfer Denial of Service
  • Description: Gaim, an instant messaging client is vulnerable to a remote MSN file transfer denial of service issue due to improper handling of exceptions. Gaim versions 1.0.1 and earlier are reported to be vulnerable.
  • Ref: http://gaim.sourceforge.net/security/index.php?id=7
  • 04.43.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Altiris Deployment Server Remote Command Execution
  • Description: Altiris Deployment Server is remote administration software. It is vulnerable to a remote command execution issue which can be exploited to issue arbitray commands to client computers. Altiris Deployment Server versions 6.1 SP1 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/379004
  • 04.43.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Socat Remote Format String Vulnerability
  • Description: Socat is a relay for bidirectional data communications. It is reported to be vulnerable to a remote format string issue due to improper sanitization of user-supplied input. Socat versions prior to 1.4.0.3 are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-10/0271.html
  • 04.43.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenWFE Multiple Vulnerabilities
  • Description: OpenWFE is a workflow application. Insufficient sanitization of user-supplied input exposes cross-site scripting and unauthorized proxy connection issues. OpenWFE workflow engine version 1.4.6 fixes these issues.
  • Ref: http://www.securityfocus.com/archive/1/379360
  • 04.43.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Master of Orion III Multiple Remote Denial of Service
  • Description: Quicksilver Master of Orion III is a client/server spatial strategy game. It is reported to be vulnerable to multiple denial of service issues. These vulnerabilities exist due to improper sanitization of input. Master of Orion III 1.2.5 and prior versions are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-10/0293.html
  • 04.43.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WvTftp Server Remote Buffer Overflow
  • Description: WvTftp is a TFTP server from Net Integration Technologies. It is vulnerable to a remote buffer overflow issue due to improper sanity checking of TFTP packets. An attacker may leverage this issue to compromise the affected computer. WvTftp version 0.9 is vulnerable.
  • Ref: http://open.nit.ca/wiki/index.php?page=WvTftp
  • 04.43.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Quake II Server Multiple Remote Vulnerabilities
  • Description: ID Software's Quake II is a multiplayer game. It is reported to be vulnerable to denial of service, buffer overflow and access validation issues. These vulnerabilities exist due to improper sanitization of input. Quake II versions 3.2x are reported to be vulnerable.
  • Ref: http://secur1ty.net/advisories/001-Multiple_Vulnerabilites_In_Quake_II_Server.tx
    t
  • 04.43.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ImageMagick Remote EXIF Parsing Buffer Overflow
  • Description: ImageMagick is an image manipulation program. It is reported to be vulnerable to a remote buffer overflow issue. The vulnerability exists due to improper boundary checks. All ImageMagick versions prior to 6.1.2 are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/12995/
  • 04.43.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: InetUtils TFTP Client Remote Buffer Overflow
  • Description: InetUtils is a collection of common network programs. InetUtils tftp client is vulnerable to a remote buffer overflow issue due to insufficient boundary checks on user-supplied data. InetUtils versions 1.4.2 and earlier are vulnerable to this issue.
  • Ref: http://www.gnu.org/software/inetutils/inetutils.html
  • 04.43.27 - CVE: CAN-2004-0989
  • Platform: Cross Platform
  • Title: Libxml2 Remote Stack Buffer Overflow
  • Description: Libxml2 is an XML parser and toolkit library. It is vulnerable to multiple remote stack buffer overflow issues, which are exploitable by attackers to run arbitrary code. Libxml2 versions 2.6.12 to 2.6.14 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/11526
  • 04.43.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FlashPeak Slim Browser Multiple Cross-Domain Access Vulnerabilities
  • Description: FlashPeak Slim Browser is affected by issues that can be exploited to carry out phishing style attacks. One is a cross-domain dialog box spoofing vulnerability and the other is a cross-domain tab window form field focus vulnerability. Slim Browser versions 4.0 to 4.01.003 are vulnerable.
  • Ref: http://secunia.com/secunia_research/2004-10/advisory/
  • 04.43.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GD Graphics Library Remote Integer Overflow
  • Description: The GD Graphics Library is a dynamic graph generation library. It is vulnerable to an integer overflow issue which may be exploited remotely to execute arbitrary code. gdlib versions 2.0.23 to 2.0.28 are affected.
  • Ref: http://www.securityfocus.com/advisories/7405
  • 04.43.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: phpCodeGenie PHP Code Injection
  • Description: phpCodeGenie is a code generator for data driven php applications. It is vulnerable to a code injection issue which allows an attacker to execute arbitrary code in the context of the web server. All versions of phpcodeGenie before 3.0.2 are vulnerable.
  • Ref: http://phpcodegenie.sourceforge.net/
  • 04.43.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RealOne Player/RealPlayer Skin File Remote Buffer Overflow
  • Description: RealNetworks RealPlayer and RealOne Player are media players. Both are vulnerable to a remote stack-based buffer overflow due to a failure to handle a skin filename of 32768 bytes. The following versions are known to be vulnerable: RealPlayer versions 10.5 prior to build 6.0.12.1056, RealPlayer version 10, RealOne Player versions 2 and 1.
  • Ref: http://www.eeye.com/html/research/advisories/AD20041027.html
  • 04.43.32 - CVE: Not Available
  • Platform: Web Application
  • Title: UBB.threads SQL Injection Vulnerability
  • Description: UBBCentral UBB.threads is a web-based forum application. It is reportedly vulnerable to an SQL injection issue due to insufficient user-supplied input sanitization. Attackers could use this towards compromising the remote backend database. UBB.threads versions 3.4 and 3.5 were reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/379073
  • 04.43.33 - CVE: Not Available
  • Platform: Web Application
  • Title: Netbilling NBMEMBER Script Information Disclosure
  • Description: Netbilling is an Internet transaction processing service. The "nbmember.cgi" script in Netbilling is vulnerable to an information disclosure vulnerability. This issue can allow remote attackers to gain access to user authentication credentials.
  • Ref: http://www.securityfocus.com/bid/11504
  • 04.43.34 - CVE: Not Available
  • Platform: Web Application
  • Title: DWC_Articles Multiple SQL Injection Vulnerabilities
  • Description: DWC_Articles is a web application. It is vulnerable to multiple SQL injection issues which can enable an attacker to manipulate SQL queries and perform unauthorized actions. DWC_Articles version 1.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/379204
  • 04.43.35 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP cURL Open_Basedir Restriction Bypass
  • Description: cURL is a non-interactive web client that has a cURL module to allow its use in PHP scripts. A local attacker could access files outside the restricted "open_basedir" directory by using the functions "curl_init()" and "curl_exec()". PHP version 4.3.8 with CURL 7.10.6 is known to be vulnerable.
  • Ref: http://secunia.com/advisories/13023/
  • 04.43.36 - CVE: Not Available
  • Platform: Web Application
  • Title: LinuxStat Directory Traversal
  • Description: LinuxStat is a web application designed to display statistics like CPU and disk usage. Insufficient sanitization of user-supplied "../" sequences exposes a directory traversal issue in the application. LinuxStat version 2.3.1 fixes the issue.
  • Ref: http://secunia.com/advisories/12963/
  • 04.43.37 - CVE: Not Available
  • Platform: Web Application
  • Title: Mega Upload Progress Bar File Upload Vulnerability
  • Description: Mega Upload Progress Bar is a progress indicator for server site web uploads. It is reported to be vulnerable to an unspecified issue. The vulnerability exists due to improper sanitization of file names. Mega Upload Progress Bar versions 1.44 and earlier are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/12993/
  • 04.43.38 - CVE: Not Available
  • Platform: Web Application
  • Title: MoniWiki Cross-Site Scripting
  • Description: MoniWiki is a Wiki application. Insufficient sanitization of user-supplied input exposes a cross-site scripting issue in the application. MoniWiki version 1.0.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/379329
  • 04.43.39 - CVE: Not Available
  • Platform: Web Application
  • Title: IPplan SQL Injection
  • Description: IPplan is an IP address management web application. Insufficient sanitization of user-supplied input exposes an SQL injection issue in the application. IPplan version 4.0 fixes the issue.
  • Ref: http://www.securityfocus.com/bid/11518/info/
  • 04.43.40 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPList Multiple Vulnerabilities
  • Description: PHPList is a web-based utility to manage personalized mailing and customer list. It is reported to be vulnerable to multiple unspecified issues. The vulnerabilities exist due to improper sanitization of user-supplied input. PHPList versions prior to 2.8.12 are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/12994/
  • 04.43.41 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Application Framework Cross-Site Scripting
  • Description: Horde Application Framework is a series of web applications, implemented in PHP. It is reported to be vulnerable to an unspecified cross-site scripting issue in a help window. The vulnerability exists due to improper sanitization of user-supplied input. Horde Application Framework versions 2.2.6 and earlier are reported to be vulnerable.
  • Ref: http://lists.horde.org/archives/announce/2004/000107.html
  • 04.43.42 - CVE: Not Available
  • Platform: Web Application
  • Title: PostNuke Trojan Horse
  • Description: The server hosting PostNuke, www.postnuke.com, was compromised recently and the attacker modified the download location of the "PostNuke-0.750.zip" file to point to a trojened version. Users that downloaded the PostNuke archive between Sunday the 24th of Oct 2004 at 23:50 GMT and Tuesday the 26th of Oct 2004 at 8:30 GMT are likely affected.
  • Ref: http://www.postnuke.com/
  • 04.43.43 - CVE: Not Available
  • Platform: Web Application
  • Title: Bugzilla Authentication Bypass and Information Disclosure Vulnerabilities
  • Description: Bugzilla is a bug tracking software package. Insufficient sanitization of the HTTP POST request in the "process_bug.cgi" script exposes an authentication bypass and information disclosure issue. The issue has been fixed in Bugzilla versions 2.16.7 and 2.18 rc3.
  • Ref: http://www.bugzilla.org/security/2.16.6/
  • 04.43.44 - CVE: Not Available
  • Platform: Web Application
  • Title: My Wiki Unspecified Vulnerability
  • Description: SKForum "my wiki" is a web application. A remotely exploitable vulnerability exists in "my wiki" that could be exploited to compromise the web application. SKForum "my wiki" version 1.4.1 addresses the issue.
  • Ref: http://soft.killingar.net/wiki.view.action?context=skforum&wiki=1.4.1+Releas
    e+notes
  • 04.43.45 - CVE: Not Available
  • Platform: Web Application
  • Title: Phorum Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: The Phorum board is reportedly vulnerable to unspecified cross-site scripting and SQL injection issues. These are due to insufficient user-supplied input sanitization. Phorum version 5.0.11 is reported to be vulnerable.
  • Ref: http://www.maxpatrol.com/mp_advisory.asp
  • 04.43.46 - CVE: Not Available
  • Platform: Network Device
  • Title: Hawking Technology DSL Router Unauthenticated Access
  • Description: The HAR11A DSL routers do not require authentication before allowing access to the CLI interface. This allows remote attackers to get administrative access to the device.
  • Ref: http://www.securityfocus.com/archive/1/379437

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2004. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

Since I am fresh out of college this was a definite eye opener. This course was very valuable in that it gives a view of most tools available for auditing networks.
-Ryan Awai, Eisner LLP

SANS Pen Test Hackfest 2013 - Washington

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.