Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 48
December 6, 2004

SANS Newsletters Home

Windows administrators will want to block ports 42/tcp and 42/udp at the network perimeter, shut off the WINS service, or configure the WINS servers to use IPsec for database replication. Exploits are circulation (see #1 below) and Microsoft has no patch yet. You'll also want to roll out the December 1 Microsoft patch to all your Internet Explorer desktops. (See #2 below) Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1 (#1)
    • Other Microsoft Products
    • 2 (#2, #8)
    • Third Party Windows Apps
    • 7 (#3, #4, #6)
    • Mac Os
    • 3
    • Linux
    • 2
    • Unix
    • 6 (#5)
    • Cross Platform
    • 9 (#7)
    • Web Application
    • 12

********************* This Issue Sponsored by ISS ***********************

Keeping Your Organization Ahead of the Threat All intrusion prevention systems (IPS) are not created equal. Find out the difference between reactive and preemptive IPS appliances. Preemptive IPS solutions shield vulnerabilities AND block threats. Reactive IPS solutions only block attacks. Download the FREE whitepaper, "Defining the Rules of Preemptive Protection: The ISS Intrusion Prevention System," to learn more http://www.iss.net/proof/ipswp/sans/11014

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Unix
Cross Platform
Web Application

************************** SPONSORED LINKS ******************************

Privacy notice: Sponsored links redirect to non-SANS web pages. #1 Simple, secure alternative to NIS/NIS+ and LDAP for UNIX/Linux user account and password management. FREE downloads. http://www.sans.org/info.php?id=670 #2 Stop Cyber Attacks Now. FREE White Paper: How to Evaluate Intrusion Prevention Systems http://www.sans.org/info.php?id=671 #3 "The Hacking Evolution: New Trends in Exploits and Vulnerabilities"- Webcast From SPI Dynamics http://www.sans.org/info.php?id=672

*************************************************************************

Highlighted Cybersecurity Training of the Week Highlighted SANS Cybersecurity Training: December 6, 7 and 9 FREE Programs to Help You Find WhatWorks Among Security Tools WhatWorks in Intrusion Prevention and WhatWorks in Stopping Spam and Email Viruses Sign up for these user case studies at http://www.sans.org/webcasts Immersion Training Courses **Washington DC, December 7 - 14 [14 Hands-On Immersion tracks] http://www.sans.org/cdieast04

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft WINS Service Buffer Overflow
  • Affected:
    • Windows NT/2000/2003 Servers running WINS service Microsoft Small Business Server

  • Description: Microsoft Windows Internet Naming Service (WINS) provides a mapping between IP addresses and NETBIOS names. The replication service provided by the WINS can be used to replicate the WINS database amongst multiple WINS servers. The replication service, which runs on port 42/tcp, contains a memory overwrite flaw that can be triggered by a sequence of specially crafted packets. An attacker can exploit the memory overwrite to execute arbitrary code with "SYSTEM" privileges on the vulnerable server. The technical details about the flaw have been publicly posted. Exploit code is also available for the users of CORE Impact and ImmunitySec CANVAS products. Note that WINS service is not installed by default on Windows NT/2000/2003 servers with the exception of the Small Business server. However, WINS running on domain controllers (a likely configuration) may result in compromising an entire Windows domain.

  • Status: Microsoft is aware of the problem but has not issued any patch.A workaround is to block the ports 42/tcp and 42/udp at the network perimeter. Another workaround is to configure the WINS servers to use IPsec for database replication.

  • Council Site Actions: All reporting council sites are blocking ports42 TCP and UDP at their network perimeters and they are waiting for a patch from Microsoft. One site is researching the possibility of removing the service entirely (although unlikely). Another site is using host-base firewalls to block ports 42 TCP and UDP. One of the council sites is a customer of one of the companies that provides WINS exploit code in its product, thus they were able to confirm the vulnerability on a number of their systems. This was important because they did not want to impose requirements on their system administrators during the holiday weekend unless the vulnerability was actually known to be exploitable. They began notifying the system administrators on Friday afternoon November 26 and continued into the weekend. They also deployed IDS signatures for WINS attacks. Their WINS services were operating on servers in several of their larger departments, but their central IT department has never relied on or supported WINS. They suggested that the departments' main options were to use IP Security Policies on their servers to restrict access to port 42 to the necessary client IP addresses, or to shut off the WINS service. Shutting off WINS service was the popular choice.

  • References:
Other Software
  • (3) HIGH: MailEnable IMAP Server Buffer Overflow
  • Affected:
    • MailEnable Professional Edition version 1.52 MailEnable Enterprise Edition version 1.01

  • Description: MailEnable, a Windows-based mail server, contains a stack-based buffer overflow in its IMAP server. An unauthenticated attacker can trigger the flaw by sending an overlong command string (over 8198 bytes). The flaw can be exploited to execute arbitrary code with the privileges of the IMAP server. Exploit code has been publicly posted.

  • Status: Vendor confirmed, hot fixes available.Council Site Actions:The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (4) HIGH: Ipswitch WS_FTP Server Buffer Overflows
  • Affected:
    • WS_FTP server version 5.03

  • Description: Ipswitch's WS_FTP server, a popularly used FTP server on Windows platforms, reportedly contains multiple buffer overflow vulnerabilities. An authenticated attacker ("anonymous" logins may work) can provide overlong arguments to FTP commands such as "SITE","MKD","XMKD" and "RNFR" and trigger the overflows. The flaws may be exploited to execute arbitrary code on the server with the privileges of the WS_FTP process, possibly "SYSTEM". Exploit code has been publicly posted.

  • Status: Vendor has been contacted; no patches available yet.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (5) HIGH: Jabber Server Remote Compromise
  • Affected:
    • jabberd version 2.x

  • Description: Jabber is an open-source protocol mainly used for instant messaging. jabberd, the Jabber server for Unix systems, reportedly contains a buffer overflow in its C2S (client to server) module. An unauthenticated attacker can provide an overlong username to trigger the overflow, and exploit the flaw to possibly execute arbitrary code on the jabber server. The problem arises because the attacker can bypass the username length checking. The technical details about the flaw are available.

  • Status: Vendor confirmed, patch available via CVS. If Jabber is used only internally in an organization, block the port 5222/tcp at the network perimeter.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
  • (7) PHP memory_limit Remote Code Execution

  • Description: Exploit code has been publicly posted for the flaw in PHP when configured with the "memory_limit" directive. The flaw can be exploited to execute arbitrary code on a web server running PHP.

  • Council Site Actions: Only two of the reporting council sites provided an update for this item. One site is waiting on a response from the vendor. The other site has patched all of their Red Hat and Debian systems, but still has some Mac OX X systems running Apache web servers with PHP. They don't believe that Apple has issued a PHP update. They were considering referring their Mac OS X PHP users to the Web site for binary downloads of PHP 5.0.2 ( http://www.php.net/downloads.php links to http://www.entropy.ch/software/macosx/php/), but the Web site contains a message "The main www.entropy.ch server/website was hacked and defaced on December 1st". They will most likely suggest compiling PHP 5.0.2 or 4.3.9 from the source code.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 48, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3893 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.48.1 - CVE: CAN-2004-1080
  • Platform: Windows
  • Title: Microsoft Windows WINS Replication Remote Buffer Overflow
  • Description: Microsoft Windows Internet Name Service (WINS) allows the mapping of NetBIOS names to IP addresses and vice versa. WINS is vulnerable to a remote buffer overflow in its replication feature. No patch is available. Microsoft recommends to disable WINS.
  • Ref: http://www.immunitysec.com/downloads/instantanea.pdf
  • 04.48.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Download Filename Extension Spoofing
  • Description: Microsoft Internet Explorer is reported to be vulnerable to a filename extension spoofing issue in the "Save Image As" feature. This can be leveraged by a malicious site to save files to a user's filesystem with arbitrary extensions. This could cause hostile content to be inadvertently executed by unsuspecting users.
  • Ref: http://support.microsoft.com/kb/250747
  • 04.48.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Infinite Array Sort Denial of Service
  • Description: Microsoft Internet Explorer is vulnerable to a denial of service that may result in a browser crash when the browser performs an infinite JavaScript array sort operation.
  • Ref: http://www.securityfocus.com/archive/1/382257
  • 04.48.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Mercury Mail Remote IMAP Stack Buffer Overflow
  • Description: Mercury Mail is a Mail Transfer Agent (MTA) acting as an SMTP, IMAP, and POP server. Mercury Mail is vulnerable to a stack-based buffer overflow issue in its IMAP server implementation. Mercury Mail version 4.01 is known to be vulnerable.
  • Ref: http://home.kabelfoon.nl/~jaabogae/han/m_401b.html
  • 04.48.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CuteFTP Multiple Command Response Buffer Overflows
  • Description: CuteFTP is vulnerable to multiple remote buffer overflow conditions due to insufficient sanitization of client supplied network data. A remote attacker may leverage these issues towards a denial of service or hostile code execution on the vulnerable host. CuteFTP version 6.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382712
  • 04.48.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ipswitch WS_FTP Multiple Remote Buffer Overflows
  • Description: Ipswitch WS_FTP Server is an FTP implementation for Microsoft Windows. It is vulnerable to multiple remote buffer overflow issues due to improper validation of the length of user-supplied strings when processing SITE, XMKD, MKD and RNFR commands. IPswitch WS_FTP server versions 5.03 and before are vulnerable.
  • Ref: http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
  • 04.48.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable IMAP Service Multiple Remote Buffer Overflows
  • Description: MailEnable is a commercially available POP3, IMAP and SMTP server for the Microsoft Windows platform. Its IMAP service is vulnerable to multiple remote buffer overflow issues due to improper bounds checking of user-supplied data. MailEnable Professional versions 1.53 and earlier, and MailEnable Enterprise 1.02 and earlier are vulnerable.
  • Ref: http://www.mailenable.com/hotfix/default.asp
  • 04.48.8 - CVE: CAN-2004-0953
  • Platform: Third Party Windows Apps
  • Title: CMailServer Multiple Remote Vulnerabilities
  • Description: Youngzsoft CMailServer is an email server which supports web-based email clients. CMailServer is vulnerable to multiple security issues such as buffer overflow, SQL injection and cross-site scripting. CMailServer Version 5.2 is known to be vulnerable.
  • Ref: http://www.security.org.sg/vuln/cmailserver52.html
  • 04.48.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cisco CNS Network Registrar Remote Denial of Service
  • Description: Cisco CNS Network Registrar for Windows is vulnerable to multiple remote denial of service issues in its Domain Name Service and Dynamic Host Configuration Protocol server components. An attacker may exploit these issues to cause a crash or CPU starvation by sending a specially crafted packet sequence to an affected server. CNS Network Registrar versions 6.1.1.3 and before are vulnerable.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a008036786d.s
    html
  • 04.48.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Mercury Mail Multiple Remote IMAP Buffer Overflows
  • Description: Mercury Mail is a Mail Transfer Agent (MTA) server. It is reported to be vulnerable to multiple remote buffer overflows, due to insufficient bounds checking. Mercury Mail versions 4.01 and earlier are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13348/
  • 04.48.11 - CVE: Not Available
  • Platform: Mac Os
  • Title: Safari Web Browser Denial of Service
  • Description: Apple Safari web browser is vulnerable to a denial of service condition. This is due to improper handling of the stack memory in the "sort()" functionality. All current Safari versions are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382262
  • 04.48.12 - CVE: Not Available
  • Platform: Mac Os
  • Title: Mozilla Camino Web Browser Denial of Service
  • Description: Mozilla Camino is a Web browser that runs on Mac OS X. A denial of service issue exposes itself when the browser performs an infinite JavaScript array sort operation. This causes it to go into an infinite recursion resulting in a stack overflow. Mozilla Camino versions 0.7 and 0.8 are affected.
  • Ref: http://www.securityfocus.com/bid/11761/info/
  • 04.48.13 - CVE: CAN-2004-1121, CAN-2004-1083, CAN-2004-1084, CAN-2004-1081, CAN-2004-1089, CAN-2004-1085, CAN-2004-1088, CAN-2004-1086, CAN-2004-1123, CAN-2004-1087
  • Platform: Mac Os
  • Title: Apple Mac OS X Multiple Remote and Local Vulnerabilities
  • Description: Multiple security vulnerabilities are reported to affect Apple Mac OS X. These include sensitive information disclosure in Apple's Apache distribution and the AppKit suite, an authentication bypass in the Cyrus IMAP server, and a kiosk-mode bypass in the HIToolbox application. Apple has released an advisory and patches to fix these issues.
  • Ref: http://secunia.com/advisories/13362/
  • 04.48.14 - CVE: Not Available
  • Platform: Linux
  • Title: IPCop Web Administration Interface Proxy Log HTML Injection
  • Description: IPCop is an open source Linux firewall distribution. It is vulnerable to an HTML injection issue in its proxy log viewer. This is due to improper sanitization of user-supplied input and can allow attacker-supplied HTML or script code to be displayed to administrative users. IPCop versions 1.4.1 and before are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382853
  • 04.48.15 - CVE: CAN-2004-0993
  • Platform: Linux
  • Title: HP hpsockd Unspecified Remote Buffer Overflow
  • Description: hpsockd is a socks v5 server offered by HP. It is reported to be vulnerable to an unspecified remote buffer overflow issue, due to improper boundary checks of user-supplied data. hpsockd versions 0.5 and earlier are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13371/
  • 04.48.16 - CVE: Not Available
  • Platform: Unix
  • Title: File ELF Header Unspecified Buffer Overflow
  • Description: The Unix file command is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string lengths in the affected files prior to copying them into static process buffers. This can be leveraged by an attacker to execute hostile code on the vulnerable system.
  • Ref: http://www.securityfocus.com/advisories/7566
  • 04.48.17 - CVE: CAN-2004-0987
  • Platform: Unix
  • Title: Yard Radius Remote Buffer Overflow
  • Description: Yard Radius is a RADIUS server. Insufficient boundary checks in the "process_menu()" function of the "menu.c" file expose a remote buffer overflow issue in the application. YardRadius version 1.x is affected.
  • Ref: http://www.debian.org/security/2004/dsa-598
  • 04.48.18 - CVE: Not Available
  • Platform: Unix
  • Title: Open DC Hub Remote Buffer Overflow
  • Description: Open DC Hub is an open source software application for peer-to-peer networking using the Direct Connect protocol available for Unix platforms. It is vulnerable to a remote buffer overflow issue due to improper validation of the length of user-supplied strings when processing the "$RedirectAll" command. An attacker may exploit this issue to execute arbitrary code. Oen DC Hub versions 0.7.14 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/advisories/7565
  • 04.48.19 - CVE: CAN-2004-0953
  • Platform: Unix
  • Title: Jabber Server Multiple Remote Buffer Overflows
  • Description: Jabber Studio jabberd is an implementation of the Jabber instant messaging protocol. Due to insufficient sanitization of network data, it is vulnerable to multiple remote buffer overflow conditions. These could be leveraged by an attacker to execute hostile code on the vulnerable host. Jabber Server version 2.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382250
  • 04.48.20 - CVE: Not Available
  • Platform: Unix
  • Title: RSSH Remote Arbitrary Command Execution
  • Description: rssh is a shell that restricts users to utilizing scp or sftp. Insufficient sanitization of user supplied input exposes a remote arbitrary command execution issue. All versions of rssh are affected.
  • Ref: http://secunia.com/advisories/13363/
  • 04.48.21 - CVE: Not Available
  • Platform: Unix
  • Title: SCPOnly Remote Arbitrary Command Execution
  • Description: scponly is a secure copy client. It is reportedly vulnerable to a remote arbitrary command execution issue. The issue occurs because some of the predefined applications support flags, which allow command execution. This can be exploited to bypass the shell restriction and execute arbitrary commands. scponly version 4.0 reportedly fixes this issue.
  • Ref: http://secunia.com/advisories/13364/
  • 04.48.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FreeImage Interleaved Bitmap Buffer Overflow
  • Description: FreeImage is an image library. Insufficient boundary checking of data while loading malformed Interleaved Bitmap (ILBM) images exposes a buffer overflow issue in the library. FreeImage version 3.5.1 addresses this issue.
  • Ref: http://www.securityfocus.com/bid/11778
  • 04.48.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JanaServer 2 Multiple Remote Denial of Service Vulnerabilities
  • Description: JanaServer 2 is a proxy server. It is reported to be vulnerable to a denial of service issue due to improper sanitization of user-supplied input. JanaServer 2 versions 2.4.4 and earlier are reported to be vulnerable.
  • Ref: http://aluigi.altervista.org/adv/janados-adv.txt
  • 04.48.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: 21-6 Productions Orbz Remote Buffer Overflow
  • Description: 21-6 Productions Orbz is a game for multiple platforms. It is reported to be vulnerable to a remote buffer overflow issue, due to improper boundary checks of the "password" field. Orbz versions 2.10 and earlier are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-11/0381.html
  • 04.48.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Virtual Machine Serialization API Remote Denial of Service
  • Description: A remote denial of service vulnerability exists in the Java Virtual Machine when Java serialization API is used to overload a remote JVM. Java versions prior to 1.4.2_06 are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382309
  • 04.48.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Infinite Array Sort Denial of Service
  • Description: Opera Web browser is vulnerable to a browser crash issue when performing an infinite JavaScript array sort operation. This may be exploited to cause a denial of service attack. All current known versions of Opera are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382262
  • 04.48.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Browser Infinite Array Sort Denial of Service
  • Description: Mozilla Browser is reported to be vulnerable to a denial of service issue. The issue presents itself when the browser performs an infinite JavaScript array sort. Currently all Mozilla browser versions are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382262
  • 04.48.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Denial of Service
  • Description: The Mozilla Firefox web browser is vulnerable to a denial of service condition. This is due to improper handling of the stack memory in the "sort()" functionality. Firefox versions 0.8 through 0.10.1 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382262
  • 04.48.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Star Wars Battlefront Game Server Denial of Service
  • Description: LucasArts Star Wars Battlefront is a computer game. It is reported to be vulnerable to multiple remote denial of service issues, due to improper boundary checks. LucasArts Star Wars Battlefront versions 1.11 and earlier are reported to be vulnerable.
  • Ref: http://aluigi.altervista.org/adv/swb-adv.txt
  • 04.48.30 - CVE: CAN-2003-0190
  • Platform: Cross Platform
  • Title: OpenSSH-portable PAM Authentication Remote Information Disclosure
  • Description: OpenSSH is an open source implementation of the Secure Shell protocol. It is vulnerable to a remote information disclosure issue that allows an attacker to guess valid user names on the target system. OpenSSH version 3.9p1 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/advisories/7575
  • 04.48.31 - CVE: Not Available
  • Platform: Web Application
  • Title: Hitachi Groupmax Cross-Site Scripting and Directory Traversal
  • Description: Hitachi Groupmax World Wide Web is a web-based groupware application. Insufficient sanitization of the "QUERY" parameter and certain directory traversal sequences exposes various cross-site scripting and directory traversal issues in the application. Hitachi Groupmax World Wide Web version 06-52-/C addresses these issues.
  • Ref: http://www.hitachi-support.com/security_e/vuls_e/HS04-007_e/01-e.html
  • 04.48.32 - CVE: Not Available
  • Platform: Web Application
  • Title: YaBB JavaScript Injection Vulnerability
  • Description: YaBB (Yet Another Bulletin Board) is reported to be vulnerable to a JavaScript injection issue due to insufficient sanitization of web input. This could be leveraged by an attacker to execute hostile scripts in legitimate clients' browsers. YaBB version 1 Gold SP 1.4 fixes this issue.
  • Ref: http://www.securityfocus.com/bid/11764/
  • 04.48.33 - CVE: Not Available
  • Platform: Web Application
  • Title: phpCMS Cross-Site Scripting
  • Description: phpCMS is a content management system. Insufficient sanitization of the "file" parameter of the "parser.php" script exposes a cross-site scripting issue in the application. phpCMS versions earlier than 1.2.1pl1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/382376
  • 04.48.34 - CVE: Not Available
  • Platform: Web Application
  • Title: pnTresMailer Directory Traversal
  • Description: pnTresMailer is a newsletter module for PostNuke. It is reported to be vulnerable to a directory traversal issue, due to improper sanitization of the "filetodownload" parameter in the "codebrowserpntm.php" script. pnTresMailer version 6.03 is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-11/0367.html
  • 04.48.35 - CVE: Not Available
  • Platform: Web Application
  • Title: Sun Java Plug-in Sandbox Security Bypass
  • Description: A security bypass vulnerability is exposed in the Java Plug-in due to a design error. JavaScript code can create and transfer objects to untrusted applets for some private and restricted classes used internally by the Java Virtual Machine (JVM). The issue has been reported in SDK/JRE versions 1.4.2_05 and earlier, all 1.4.1 and 1.4.0 versions, and versions 1.3.1_12 and earlier.
  • Ref: http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities&
    amp;flashstatus=false
  • 04.48.36 - CVE: Not Available
  • Platform: Web Application
  • Title: InShop and InMail Cross-Site Scripting
  • Description: InSite InMail and InShop are reported to be vulnerable to cross-site scripting issues, due to improper sanitization of the "acao" and "screen" URL arguments.
  • Ref: http://secunia.com/advisories/13188/
  • 04.48.37 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPNews SQL Injection
  • Description: PHPNews is a web-based news application. It is reported to be vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data. This can be leveraged by an attacker to compromise the backend database. PHPNews version 1.2.3 is reported to be vulnerable.
  • Ref: http://newsphp.sourceforge.net/changelog/changelog_1.24.txt
  • 04.48.38 - CVE: Not Available
  • Platform: Web Application
  • Title: JSPWiki Cross-Site Scripting
  • Description: JSPWiki is a Wiki application. Insufficient sanitization of user-supplied input to the "query" parameter in the "search.jsp" script exposes a cross-site scripting issue. JSPWiki version 2.1.120 is affected.
  • Ref: http://www.securityfocus.com/archive/1/382214
  • 04.48.39 - CVE: Not Available
  • Platform: Web Application
  • Title: KorWeblog Remote Directory Listing Vulnerability
  • Description: KorWeblog is a web-based log application implemented in PHP. It is vulnerable to a remote directory disclosure issue due to improper user data validation in the "viewmg.php" file. An attacker can exploit this issue to gain access to sensitive information. KorWebLog versions 1.6.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/382135
  • 04.48.40 - CVE: Not Available
  • Platform: Web Application
  • Title: Zwiki Cross-Site Scripting Vulnerability
  • Description: Zwiki is wiki software for zope. It is reported to be vulnerable to a cross-site scripting issue, due to improper sanitization of URL input. Zwiki version 0.36.2 is reported to be vulnerable.
  • Ref: http://zwiki.org/925ZwikiXSSVulnerability
  • 04.48.41 - CVE: Not Available
  • Platform: Web Application
  • Title: Blog Torrent Remote Directory Traversal
  • Description: Blog Torrent is a web-based application that allows users to host files for Bit Torrents. It is reported to be vulnerable to a remote directory traversal issue due to improper sanitization of user-supplied input. Blog Torrent preview version 0.8 is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-12/0017.html
  • 04.48.42 - CVE: Not Available
  • Platform: Web Application
  • Title: S9Y Serendipity Cross-Site Scripting
  • Description: S9Y Serendipity is a web blog software application implemented in PHP. It is vulnerable to a cross-site scripting attack in the "searchTerm" parameter of the "compat.php" script. Serendipity version 0.7.1 has been released to fix this issue.
  • Ref: http://www.s9y.org/12.html

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner. ==end== Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters. To change your subscription, address, or other information, visit http://portal.sans.org Copyright 2004. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

I have attended several of SANS rivals and SANS blew them away!
-Alton Thompson, US Marines

AMEX gift card with Mentor class

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP