Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 45
November 15, 2004

SANS Newsletters Home

A quiet week for vulnerability remediation, but that makes it a great time to plan for some end-of-year, award-winning security training in Washington in December. More information at http://www.sans.org/cdieast04

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Other Microsoft Products
    • 2 (#3, #4, #5)
    • Third Party Windows Apps
    • 8 (#6, #7)
    • Linux
    • 2 (#2)
    • Unix
    • 5
    • Cross Platform
    • 15 (#8)
    • Web Application
    • 13
    • Network Device
    • 3 (#1)

********************* This Issue Sponsored by Radware *******************

Radware Intrusion Prevention Switch protects against worms, viruses, malicious intrusions, Denial of Service attacks and Trojans - securing networked applications at 3-Gbps. Featuring inline security switching and accelerated, stateful and deep-packet inspection, DefensePro isolates attacks and dynamically moderates bandwidth to stop propagation across the network. http://www.radware.com/content/products/dp/whtpaper/_download-20040204b/form.asp

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
Unix
Cross Platform
Web Application
Network Device

************************** SPONSORED LINKS ******************************

Privacy notice: Sponsored links redirect to non-SANS web pages.

(1) Simple, secure alternative to NIS/NIS+ and LDAP for UNIX/Linux user account and password management. FREE downloads. http://www.sans.org/info.php?id=649

(2) Employee Security Awareness? Solved! Find out how at http://www.sans.org/info.php?id=650

*************************************************************************

Highlighted Cybersecurity Training: Washington, DC, Dec. 7-13, 2004

SANS best instructors will be in DC teaching great courses for

  • Auditors who want the technical skills so critical to successful audits.
  • Security Managers interested in best practices and SANS exclusive "security make-over"
  • Security professionals seeking CISSP (a trademark of (ISC)2) certification who want a more effective course.
  • Technical security professionals with hands-on responsibility: Hacker Exploits; Intrusion Detection In-Depth; Introduction to Information Security; SANS Security Essentials; Firewalls, VPNs, and Perimeter Protection; Securing Windows; Securing Linux/Linux; System Forensics, Investigation & Response; .Net Security.

More information and http://www.sans.org/cdieast04

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) MODERATE: Cisco IOS DHCP Denial of Service
  • Affected:
    • Cisco devices running any of the following IOS versions -
    • 12.2(14)SZ
    • 12.2(18)EW, EWA, S, SE, SV, SW and higher

  • Description: Cisco IOS contains a denial of service vulnerability thatcan be triggered by a series of specially crafted DHCP packets. The DHCPpackets may be directed to any of the router's interface IP addresses.A successful attack will cause the router to stop processing traffic onthe targeted interface(s). Further, after a period of 4 hours, therouter may be unable to route any traffic as the router's ARP cache willbe cleared. The problem arises because the crafted DHCP packets remainin the router's "input" queue, and the router stops processing trafficon any interface when the input queue gets full. A hard reboot isrequired to bring the router back to normalcy. Note that Cisco routersprocess DHCP packets by default. No technical details regarding how tocraft the packets that will trigger this vulnerability have been posted.

  • Status: Cisco has released corrected versions of IOS. A workaround isto configure "no service DHCP" on the routers that do not require DHCPservice.

  • Council Site Actions: Three of the reporting council sites are using theaffected software and version. One site has already applied the patch.The second site has disabled the DHCP service and does not pass DHCPthrough its firewalls. The third site will deploy the patch during itsnext regularly scheduled system update process.

  • References:
  • (2) MODERATE: ISC DHCP Format String Vulnerability
  • Affected:
    • ISC DHCP versions 2.x

  • Description: ISD DHCP software ships with almost all flavors of Linux.The DHCP server contains a format string vulnerability that can betriggered by a specially crafted DNS response. An attacker in controlof a DNS server on the same network as the DHCP server may exploit thisflaw to possibly execute arbitrary code on the DHCP server with rootprivileges. An attacker on the local network as the DHCP server may alsospoof a DNS response to exploit the flaw. Limited technical detailsregarding the flaw have been posted.

  • Status: Debian, which includes ISC DHCP versions 2.x in the stablerelease, has issued fixes. The version 2.x of DHCP is no longersupported by ISC. Please upgrade to stable 3.x version.

  • Council Site Actions: One council site responded and is stillinvestigating needed action. They use Lucent's QDDNS for DNS and DHCP,which bundles ISC DHCP. They believe that the Lucent software stilluses ISC version 2.x. However, the vulnerability seems to work only ifa hacker is able take over the local DNS server. Thus, they feel thereis no increased risk.

  • References:
  • (3) LOW: Microsoft ISA and Proxy Server Content Spoofing Vulnerability
  • Affected:
    • Microsoft ISA Server 2000 SP1 and SP2
    • Microsoft Proxy Server 2000 SP1
    • Microsoft Small Business Server 2000 and 2003 (Premium)

  • Description: The Microsoft ISA server and Proxy server are typicallydeployed between the intranet and the Internet, and are designed tocache Internet content to serve the intranet users. The servers containa vulnerability that can be exploited to spoof a malicious site suchthat it appears to be a trusted site. Hence, the vulnerability can beexploited to conduct phishing attacks to steal sensitive userinformation such as bank accounts. In order to exploit the flaw, anattacker has to host a malicious webserver and a DNS server. Theattacker has to entice an intranet user to visit this webserver via alink (in an email or webpage) that contains the IP address of theattacker's webserver. When the intranet user clicks such a link, the ISAor Proxy server automatically perform a reverse DNS look-up (a querythat correlates IP address with domain names) for the attacker'swebserver IP address. The attacker's DNS server can then provide anon-authoritative answer to the ISA or Proxy server's reverse DNS query,and claim that the attacker's IP address belongs to a trusted domainsuch as "citibank.com". The ISA or Proxy server caches the results ofthe reverse look-up. When the intranet user then tries to visit"citibank.com", he is directed to the attacker's webserver.

  • Status: Microsoft confirmed, apply the patch referenced in the MicrosoftSecurity Bulletin MS04-039.

  • Council Site Actions: Two of the reporting council sites are running theaffected software on a small number of systems. Both sites have deployedthe patch.

  • References:
Other Software
  • (6) HIGH: Youngzsoft CCProxy Buffer Overflow
  • Affected:
    • CCProxy server versions 6.x prior to 6.2

  • Description: CCProxy proxy server is designed for small businesses toenable multiple computers to connect to the Internet via single Internetconnection. The proxy server can be configured as a web proxy, SOCKSproxy, IRC proxy etc. The server reportedly contains a stack-basedbuffer overflow that can be triggered by an overlong HTTP "GET" request.The overflow can be exploited to execute arbitrary code on the server.Exploit code has been publicly posted.

  • Status: Upgrade to version 6.2 to fix the flaw.Council Site Actions:The affected software is not in production or widespread use at any ofthe council sites. They reported that no action was necessary.

  • References:
  • (7) HIGH: WhitSoft SlimFTPd Buffer Overflows
  • Affected:
    • SlimFTPd version 3.15

  • Description: SlimFTPd, a FTP server for Windows based platforms,contains multiple buffer overflow vulnerabilities. The flaws can betriggered by passing an overlong to multiple FTP commands such as CWD,MKD, STAT, STOR etc. The flaws can be exploited by an authenticatedattacker to execute arbitrary code on the server. Exploit code has beenposted. The FTP servers configured for anonymous access face the maximumrisk.

  • Status: Vendor confirmed, upgrade to version 3.16.Council Site Actions:The affected software is not in production or widespread use at any ofthe council sites. They reported that no action was necessary.

  • References:
Patches
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 45, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3857 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.45.1 - CVE: Not Available
  • Platform: Windows
  • Title: Windows DDEShare Buffer Overflow
  • Description: Microsoft Windows "ddeshare.exe" is a utility used to manage Dynamic Data Exchange (DDE) communications. This utility is vulnerable to a buffer overflow issue. All versions of Microsoft Windows 2000 and XP are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/380650
  • 04.45.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Embedded Content Obfuscation
  • Description: Microsoft Internet Explorer is reported to be vulnerable to a status bar URI obfuscation weakness when an embedded object is encapsulated in an HREF tag. All versions of Internet Explorer through version 6 are affected.
  • Ref: http://secunia.com/advisories/13156/
  • 04.45.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Local Resource Enumeration
  • Description: Microsoft Internet Explorer is reportedly vulnerable to a local resource enumeration issue. By knowing which files exist on the target, an attacker may be able to launch more serious attacks, including social engineering attacks. Microsoft Internet Explorer version 6 SP1 (6.0.2800.1106) is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/380541
  • 04.45.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CCProxy Logging Function Remote Buffer Overflow
  • Description: The CCProxy proxy server is reportedly vulnerable to a remote buffer overflow condition. Attackers could use malformed HTTP requests to cause a denial of service condition or even execute arbitrary code on the vulnerable server. All versions of CCProxy are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13085
  • 04.45.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZoneLabs IMsecure URI Filter Bypass Vulnerability
  • Description: ZoneLabs IMsecure is security software designed to protect against SPAM, virus, and other attacks in major instant messaging protocols. It is vulnerable to a filter bypass issue. IMsecure versions prior to 1.5.0.39 are affected.
  • Ref: http://www.zonelabs.com/store/content/catalog/products/sku_list_ims.jsp
  • 04.45.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 04WebServer Multiple Remote Vulnerabilities
  • Description: 04WebServer is a web server application. Due to insufficient sanitization of user-supplied input, 04WebServer is vulnerable to multiple security issues including cross-site scripting attacks. This type of attack could be used to steal cookie-based authentication credentials.
  • Ref: http://www.security.org.sg/vuln/04webserver142.html
  • 04.45.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SlimFTPd Remote Buffer Overflow
  • Description: WhitSoft Development SlimFTPd is an FTP server. SlimFTPd is affected by a remote buffer overflow vulnerability that could allow an attacker to take control of the server. SlimFTPd version 3.16 has been released to fix this issue.
  • Ref: http://secunia.com/advisories/13161/
  • 04.45.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kerio Personal Firewall IP Options Denial of Service
  • Description: Kerio Personal Firewall (KPF) is a desktop firewall. It is reported to be vulnerable to a remote denial of service issue. The issue exists due to improper sanitization of malformed network packets. Kerio Personal Firewall versions 4.1.1 and earlier are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-11/0120.html
  • 04.45.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec LiveUpdate Directory Traversal
  • Description: The LiveUpdate feature of Symantec's products is vulnerable to a directory traversal issue. LiveUpdate versions 1.80.19.0 and 2.5.56.0 are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/380602
  • 04.45.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 602 LAN Suite Multiple Remote Denial of Service Vulnerabilities
  • Description: 602 LAN Suite is reported to be vulnerable to multiple remote denial of service issues. The issues exist due to improper sanitization prior to allocation of memory. Software602 602Pro LAN Suite 2004.0.04.0909 and earlier are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-11/0083.html
  • 04.45.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MiniShare Server Remote Buffer Overflow
  • Description: MiniShare is an HTTP server used for file sharing. It is vulnerable to a buffer overflow issue in the GET request. An attacker could use this flaw to execute arbitrary commands on the vulnerable server. MiniShare version 1.4.1 is known to be vulnerable.
  • Ref: http://sourceforge.net/forum/forum.php?forum_id=420682
  • 04.45.12 - CVE: CAN-2004-0983
  • Platform: Linux
  • Title: Yukihiro Matsumoto Ruby CGI Module Unspecified Denial of Service
  • Description: Ruby is an object-oriented scripting language created by Yukihiro Matsumoto. It is reported to be vulnerable to an unspecified remote denial of service issue. Ruby versions 1.8.2 pre1 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11618/info/
  • 04.45.13 - CVE: Not Available
  • Platform: Linux
  • Title: Gentoo Multiple PDF EBuild Update Vulnerabilities
  • Description: Gentoo Linux is vulnerable to an unspecified issue affecting only 64-bit platforms. This vulnerability was introduced during a recent patch release to fix an integer overflow issue. Please refer to the Gentoo Linux advisory GLSA 200410-30:02 for details on affected packages and versions.
  • Ref: http://www.securityfocus.com/advisories/7459
  • 04.45.14 - CVE: Not Available
  • Platform: Unix
  • Title: Jwhois Double Free Memory Corruption
  • Description: jwhois is an open source Internet whois client for Unix platforms. It is vulnerable to a double free vulnerability which can allow a remote attacker to run arbitrary code. This issue is fixed in the 3.2.2-6.FC3.1 release.
  • Ref: http://securityfocus.com/advisories/7486
  • 04.45.15 - CVE: Not Available
  • Platform: Unix
  • Title: BNC getnickuserhost IRC Server Response Buffer Overflow
  • Description: BNC is a proxy server for IRC. It is reported to be vulnerable to a stack-based buffer overflow issue. The issue exists due to improper sanitization of input in the "getnickuserhost()" function. BNC version 2.8.9 is reported to be vulnerable.
  • Ref: http://security.lss.hr/en/index.php?page=details&ID=LSS-2004-11-03
  • 04.45.16 - CVE: Not Available
  • Platform: Unix
  • Title: Up-IMAPProxy Multiple Remote Denial of ServiceVulnerabilities
  • Description: Up-imapproxy is an IMAP proxy service. It is reported to be vulnerable to multiple remotely exploitable denial of service issues. up-imapproxy versions 1.2.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/380595
  • 04.45.17 - CVE: Not Available
  • Platform: Unix
  • Title: Sophos MailMonitor for SMTP Email Handling Vulnerability
  • Description: Sophos MailMonitor for SMTP is a gateway email filtering application. It is reportedly vulnerable to an unspecified denial of service condition that is triggered while handling certain malformed emails. Sophos MailMonitor for SMTP version 2.1 is affected.
  • Ref: http://www.sophos.com/support/knowledgebase/article/2122.html
  • 04.45.18 - CVE: Not Available
  • Platform: Unix
  • Title: Zile Multiple Unspecified Vulnerabilities
  • Description: Zile is a text editor available for Unix platform. It is affected by multiple unspecified security vulnerabilities which may lead to unauthorized access or privilege escalation. Zile versions earlier than 2.0 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=279570
  • 04.45.19 - CVE: CAN-2004-0947
  • Platform: Cross Platform
  • Title: UNARJ Remote Buffer Overflow
  • Description: ARJ Software ARJ/UNARJ is a file compression/decompression utility. A buffer overflow issue is triggered when specially crafted compressed files are decompressed by the UNARJ utility. UNARJ versions 2.x are affected.
  • Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138468
  • 04.45.20 - CVE: CAN-2004-0941
  • Platform: Cross Platform
  • Title: GD Graphics Library Multiple Remote Buffer Overflows
  • Description: The GD Graphics Library (gdlib) is reported to be vulnerable to multiple unspecified remote buffer overflow issues, which exist due to improper boundary checks in the "gdmalloc()" function. GD Graphics Library versions 2.x are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13179/
  • 04.45.21 - CVE: CAN-2004-0980
  • Platform: Cross Platform
  • Title: ez-ipupdate Remote Format String Vulnerability
  • Description: ez-ipupdate is a tool which updates DNS records when the IP address changes. When running in the daemon mode, ez-ipupdate is vulnerable to a remote format string issue. ez-ipupdate versions 3.x are known to be vulnerable.
  • Ref: http://secunia.com/advisories/13167/
  • 04.45.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BNC IRC Server Proxy Authentication Bypass
  • Description: BNC is an IRC (Internet Relay Chat) proxy server. It is vulnerable to an authentication bypass vulnerability. BNC version 2.9.0 is vulnerable to this issue.
  • Ref: http://www.gotbnc.com/changes.html
  • 04.45.23 - CVE: CAN-2004-0930
  • Platform: Cross Platform
  • Title: Samba Remote Wild Card Denial of Service
  • Description: Samba is a file and printer sharing application. When an excessive number of wild card characters are included in a file request, the application goes into an infinite loop. Samba versions 3.0.x prior to 3.0.7 are affected.
  • Ref: http://us1.samba.org/samba/security/CAN-2004-0930.html
  • 04.45.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firefox Download Dialog Box Filename Spoofing Vulnerability
  • Description: Mozilla Firefox Web browser has a design flaw which makes it vulnerable to a download dialog box filename spoofing vulnerability. The vulnerable software truncates long filenames specified in the download dialog which can be exploited to spoof file extensions. Mozilla FireFox versions prior to 1.0 are vulnerable.
  • Ref: http://secunia.com/advisories/13144/
  • 04.45.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PvPGN Packet Handler Buffer Overflow
  • Description: PvPGN (Player vs. Player Gaming Network) is a network gaming application. PvPGN is vulnerable to a remote buffer overflow issue that could be used by an attacker to gain unauthorized access to an affected computer. PvPGN version 1.7.3 has been released to fix this issue.
  • Ref: http://developer.berlios.de/project/shownotes.php?release_id=3846
  • 04.45.26 - CVE: CAN-2004-0789
  • Platform: Cross Platform
  • Title: Multiple Vendor DNS Response Flooding Denial of Service Vulnerabilities
  • Description: Multiple DNS vendors are reportedly vulnerable to a denial of service condition. The issue is that certain DNS implementations respond to even DNS response messages arriving at the service. This allows an attacker to set up an infinite loop between two such vulnerable DNS servers. This could result in the consumption of network and CPU resources, denying DNS service to legitimate users.
  • Ref: http://www.securityfocus.com/bid/11642/
  • 04.45.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SQLgrey Postfix Greylisting Service SQL Injection
  • Description: SQLgrey Postfix Greylisting Service is an email filter application. It is reported to be vulnerable to an SQL injection issue. The issue presents itself due to improper sanitization of "email" fields. SQLgrey Postfix Greylisting Service versions 1.1.1 and 1.1.3 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11633
  • 04.45.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Nortel VPN Client Username Enumeration
  • Description: Nortel Contivity VPN Client is used to connect to Contivity VPN gateways. It is vulnerable to a username enumeration issue that could be used by an attacker to guess valid usernames on the VPN gateway. Nortel Contivity VPN Client versions 5.01_030 and earlier are known to be vulnerable.
  • Ref: http://www.kb.cert.org/vuls/id/830214
  • 04.45.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Pavuk Multiple Unspecified Remote Buffer Overflow Vulnerabilities
  • Description: Pavuk is a web spider application. It is reportedly vulnerable to multiple unspecified remote buffer overflows. A remote attacker may exploit these issues via a malicious web site to cause a denial of service condition or execute arbitrary code on a system running the spider application. Pavuk versions 0.9pl30b and prior are reported to be affected.
  • Ref: http://www.securityfocus.com/advisories/7493
  • 04.45.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Java Runtime Environment Denial of Service
  • Description: Sun Java runtime environment is affected by a denial of service issue. It uses the "InitialDirContext" object to process DNS requests, which fails to properly handle DNS request IDs due to a variable casting error. Sun Java Runtime Environment versions 1.4.2 and 1.5.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/380549
  • 04.45.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EGroupWare JiNN Application Unspecified Vulnerability
  • Description: eGroupWare is a collaboration and project management tool implemented in PHP. It is reported to be vulnerable to an unspecified issue. All versions of eGroupWare prior to version 1.0.00.006 are affected by this vulnerability.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=280695
  • 04.45.32 - CVE: CAN-2004-1003
  • Platform: Cross Platform
  • Title: Trend Micro ScanMail for Domino Remote File Disclosure
  • Description: Trend Micro ScanMail for Domino is an antivirus application for Lotus Domino mail server. It is reportedly vulnerable to a remote file disclosure issue that leaks sensitive configuration files to remote attackers. All versions of ScanMail for Domino are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11612/
  • 04.45.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Lithtech Game Engine Multiple Format String Vulnerabilities
  • Description: Monolith Lithtech game engine is reported to be vulnerable to multiple remote format string issues, due to improper sanitization of user input. Monolith Lithtech game engine prior to 2.2.2 are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-11/0078.html
  • 04.45.34 - CVE: Not Available
  • Platform: Web Application
  • Title: Phorum follow.php SQL Injection Vulnerability
  • Description: Phorum is a web-based content management system. Insufficient sanitization of the "forum_id" parameter in the "follow.php" script exposes an SQL injection issue in the application. Phorum versions 5.0.12 and earlier are affected.
  • Ref: http://secunia.com/advisories/13174/
  • 04.45.35 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin LAST.PHP SQL Injection
  • Description: vBulletin is a web-based bulletin board application. It is reported to be vulnerable to a remote SQL injection issue, due to improper sanitization of the "fsel" parameter in the "last.php", "ttlast.php" and "last10.php" scripts. VBulletin Forums version 3.0.x is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-11/0144.html
  • 04.45.36 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCalendar Multiple Remote Vulnerabilities
  • Description: WebCalendar is a PHP-based calendar application. It is reported to be vulnerable to cross-site scripting, HTTP response splitting and authentication bypass vulnerabilities. The issues exist due to improper sanitization of user-supplied input. WebCalendar versions 0.9.x are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-11/0126.html
  • 04.45.37 - CVE: Not Available
  • Platform: Web Application
  • Title: SquirrelMail decodeHeader HTML Injection
  • Description: SquirrelMail is a web mail application. SquirrelMail is vulnerable to an email header HTML injection. An attacker could exploit this issue to gain sensitive user information. SquirrelMail version 1.4.3a has been released to fix this issue.
  • Ref: http://secunia.com/advisories/13155/
  • 04.45.38 - CVE: Not Available
  • Platform: Web Application
  • Title: Sun One/IPlanet Messaging Server Webmail Unauthorized Email Access
  • Description: iPlanet Messaging Server is a web mail product. It is reported to be vulnerable to an unauthorized email account access issue. A remote attacker can exploit this issue through a specially crafted email message to access another user's email account. iPlanet Messaging Server version 5.2 and Sun One Messaging Server version 6.1 are reported to be vulnerable.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57665-1
  • 04.45.39 - CVE: Not Available
  • Platform: Web Application
  • Title: JAF CMS Directory Traversal Vulnerability
  • Description: JAF CMS is an open source PHP web application providing content management functionality. It is vulnerable to a directory traversal issue which may allow information disclosure and server side code execution. JAF CMS versions 3.0 RC and earlier are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/380652
  • 04.45.40 - CVE: Not Available
  • Platform: Web Application
  • Title: Nucleus CMS Multiple Unspecified Input Validation Vulnerabilities
  • Description: Nucleus CMS is a web-based content management system. It is reportedly vulnerable to multiple web input validation issues including HTML injection and SQL injection. These may be exploited to steal cookie based authentication credentials or to compromise the remote backend database. Version 3.1 is reported to be vulnerable.
  • Ref: http://www.maxpatrol.com/mp_advisory.asp
  • 04.45.41 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP Message Board Multiple Input Validation Vulnerabilities
  • Description: Infusium ASP Message Board is a web-based content management system. ASP Message Board is vulnerable to multiple security issues such as HTML injection, SQL injection and cross-site scripting. ASP Message Board version 2.2.1c is known to be vulnerable.
  • Ref: http://www.maxpatrol.com/mp_advisory.asp
  • 04.45.42 - CVE: Not Available
  • Platform: Web Application
  • Title: GFHost Cross-Site Scripting and Server-Side Script Execution
  • Description: GFHost is a web application that uses Google's GMail service as a content storage mechanism. Insufficient sanitization of the "label" URL parameter exposes a denial of service condition. A similar issue exists in "dl.php" that allows script execution. GFHost version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/11629/info/
  • 04.45.43 - CVE: Not Available
  • Platform: Web Application
  • Title: Mantis Multiple Information Disclosure Vulnerabilities
  • Description: Mantis is a web-based bug tracking system. It is reported to be vulnerable to multiple information disclosure issues due to improper sanitization of user-supplied input. Mantis versions 0.19.0a and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11622/info/
  • 04.45.44 - CVE: Not Available
  • Platform: Web Application
  • Title: AntiBoard SQL Injection
  • Description: AntiBoard is a web-based bulletin board system. Insufficient sanitization of user supplied input exposes an SQL injection issue in the application. AntiBoard version 0.7.3 is affected.
  • Ref: http://secunia.com/advisories/12137/
  • 04.45.45 - CVE: Not Available
  • Platform: Web Application
  • Title: IceWarp Web Mail Multiple Remote Vulnerabilities
  • Description: IceWarp Web Mail is a web interface for IceWarp email server. It is vulnerable to multiple security issues such as access validation bypass and theft of user authentication credentials. IceWarp Web Mail versions 5.3 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/380446
  • 04.45.46 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Remote Glossary Module SQL Injection
  • Description: Moodle is course management system. Insufficient sanitization of user-supplied input exposes various SQL injection issues in the application. Moodle versions 1.2.x, 1.3.x and 1.4.x are affected.
  • Ref: http://secunia.com/advisories/13091/
  • 04.45.47 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Security Agent Buffer Overflow Protection Bypass
  • Description: Cisco Security Agent provides protection against buffer overflow attacks. It is reported to be vulnerable to a protection bypass issue when certain conditions are met. This aids attackers in exploiting latent vulnerabilities in services protected by the affected package. Versions prior to 4.0.3.728 are reported to be vulnerable.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml
  • 04.45.48 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco IOS DHCP Denial of Service
  • Description: Cisco IOS is affected by a remote denial of service vulnerability. Specially crafted DHCP packets have the ability to block the input queue and remain permanently in the input queue. This causes legitimate packets to be dropped once the queue is full. Cisco IOS versions 12.x and R12.x are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml
  • 04.45.49 - CVE: Not Available
  • Platform: Network Device
  • Title: Netgear DG834 ADSL Firewall Router Multiple Issues
  • Description: The web interface for the Netgear DG834 ADSL Firewall Router is vulnerable to a denial of service issue due to excessive simultaneous connections. Another issue exists in the content filtering component of the firewall which can be evaded, allowing users to access restricted sites.
  • Ref: http://secunia.com/advisories/13138/

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2004. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

SANS delivers the best training I have seen in the industry.
-Brian Hughes, Idaho State University

GIAC GMOB Certification

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP