Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 50
December 20, 2004

SANS Newsletters Home

This week has seen the greatest number of new vulnerabilities since @RISK started more than three years ago. Normally we tell you about one or two in this opening paragraph, but there are simply too many important new vulnerabilities this week. Alan PS. To win one of four new iPods, registering for SANS big Orlando Training Program by December 31. It is in early February and has 14 immersion tracks. The drawing for iPods will be on January 1. Conference and registration details: http://www.sans.org/orlando05

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 3 (#1, #2)
    • Microsoft Office
    • 2 (#7)
    • Other Microsoft Products
    • 2 (#6)
    • Third Party Windows Apps
    • 5 (#8
    • Linux
    • 7
    • Unix
    • 9 (#3
    • Novell
    • 1 (#10)
    • Cross Platform
    • 19 (#4, #5, #9)
    • Web Application
    • 23 (#11, #12)
    • Network Device
    • 2
    • Hardware
    • 1
Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
Unix
Novell
Cross Platform
Web Application
Network Device
Hardware

****************Sponsored by SANS Orlando 2005***************************

Fourteen immersion training tracks for managers, auditors, sysadmins, security professionals and for those seeking to pass the ISC2 CISSP exam. The best teachers in security, in Florida, when it is cold in the north and Europe. Plan to bring the family along for a weekend at Disney World. Conference and registration details: http://www.sans.org/orlando05

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft WINS Service Buffer Overflow
  • Affected:
    • Windows NT/2000/2003 Servers running WINS service
    • Microsoft Small Business Server

  • Description: Microsoft Windows Internet Naming Service (WINS) providesa mapping between IP addresses and NETBIOS names. The replicationservice provided by the WINS can be used to replicate the WINS databaseamongst multiple WINS servers. The replication service, which runs onport 42/tcp, contains a buffer overflow in its computer name validationroutine. An attacker can exploit the buffer overflow to executearbitrary code with "SYSTEM" privileges on the vulnerable server.Exploit code is available for the users of CORE Impact and ImmunitysecCanvas products. Note that WINS service is not installed by default onWindows NT/2000/2003 servers with the exception of the Small Businessserver. However, WINS running on domain controllers (a likelyconfiguration) may result in compromising an entire Windows domain.Scans for port 42/tcp have been reported in the wild.

  • Status: Apply the patch contained in the Microsoft Security BulletinMS04-045 that was released on December 14, 2004. This update also fixesanother CRITICAL code execution flaw reported in a previous @RISKnewsletter. A workaround is to block the ports 42/tcp and 42/udp at thenetwork perimeter. Another workaround is to configure the WINS serversto use IPsec for database replication.

  • Council Site Actions: All of the reporting council sites are respondingto this item. Most plan to deploy the patch during their next regularlyscheduled system update process. Several sites have patching underwayas of this past weekend.

  • References:
  • (2) HIGH: Microsoft DHCP Service Buffer Overflow
  • Affected:
    • Windows NT 4.0/Terminal Server

  • Description: Microsoft DHCP server included in Windows NT contains abuffer overflow vulnerability that can be triggered by a speciallycrafted DHCP request. The flaw can be exploited to execute arbitrarycode with "SYSTEM" privileges. No technical details about how toconstruct the malicious DHCP request have been publicly posted. Notethat the service is not turned on by default on the NT servers.

  • Status: Apply the patch contained in the Microsoft Security BulletinMS04-042 that was released on December 14, 2004. A workaround is toblock the ports 67/udp and 68/udp at the network perimeter.

  • Council Site Actions: Three of the reporting council sites are usingthe affected software. One site is patching this weekend and the othertwo sites plan to patch during their next regularly scheduled systemupdate process.

  • References:
  • (3) HIGH: Samba Security Descriptor Integer Overflow
  • Affected:
    • All versions of Samba prior to 3.0.8

  • Description: Samba is the UNIX server standard for providingSMB/CIFS-based file and print services. Samba server contains an integeroverflow vulnerability that can be triggered by a request to open afile, if the request contains a large number of "security descriptors".The flaw can be exploited by an authenticated user to corrupt heapmemory in a controllable fashion, and execute arbitrary code on theserver with the privileges of smbd (typically root). Note that ifanonymous users are allowed to access any files, the flaw may beexploited by an unauthenticated attacker. The technical details requiredto leverage the flaw have been publicly posted.

  • Status: Samba team has released version 3.0.10. Multiple Linux vendorssuch as RedHat, Gentoo, OpenPKG have also released updates.

  • Council Site Actions: Four of the reporting council sites are using theaffected software. Three of these sites will deploy the patches duringtheir next regularly scheduled system update process. The final sitenotified their Samba users and instructed them to upgrade. Several ofthese sites are waiting on patches from Sun and HP, as well. Also, theaffected ports are typically blocked at network perimeter securitycontrol points.

  • References:
  • (4) HIGH: PHP Remote Code Execution Vulnerabilities
  • Affected:
    • PHP version 4.3.9 and prior
    • PHP version 5.0.2 and prior

  • Description: PHP, a popularly used language for web development, isreportedly installed on 50% of the Apache servers used world-wide. PHPcontains multiple vulnerabilities that may be exploited to executearbitrary code on a webserver. The most likely target of an attack wouldbe PHP scripts that invoke "unserialize()" function. A proof-of-conceptstring that will result in arbitrary code execution when passed to the"unserialize()" function has been developed for AMD64 systems (notpublicly available). An exploit has also been publicly posted. It isimportant to note that popularly used PHP bulletin boards such as phpBB,vBulletin, Invision Board reportedly contain scripts that arevulnerable.

  • Status: Vendor confirmed, upgrade to versions 4.3.10 or 5.0.3.

  • Council Site Actions: Only two of the reporting council sites are usingthe affected software and only on a limited basis. One site has notifiedtheir users and they are in the process of patching. The other site hasverified their supported systems running the affected software do nothave any scripts that have been identified as vulnerable. On theirremaining systems they have not yet tried to determine how many have ascript that invokes "unserialize()". The PHP bulletin boards that use"unserialize()" are, as far as they know, not in use at their site.Their Linux systems will, for the most part, obtain vendor patches asthey are released. A few of their systems were already updated to 4.3.10because waiting for the vendor patch was considered undesirable in thesecases.

  • References:
  • (5) HIGH: Adobe Reader Multiple Vulnerabilities
  • Affected:
    • Adobe Reader version 6.02
    • Adobe Acrobat Reader version 5.09 for UNIX

  • Description: Adobe Acrobat Reader contains the following vulnerabilitiesthat may be exploited to execute arbitrary code on a client system. (1)The Adobe reader contains a format string vulnerability. The flaw canbe triggered by the "title" or "baseurl" fields containing format stringcharacters such as "%x" in a ".etd" file. The ".etd" file is associatedwith eBook transactions. (2) The Adobe Acrobat Reader for UNIX containsa buffer overflow in the function which checks if an input file is anemail message. An attacker can exploit these flaws by hosting themalicious files on a webserver/shared folder or sending the files as anemail attachment.

  • Status: Adobe confirmed. Versions 6.03 and 5.10 have been released.

  • Council Site Actions: All of the reporting council sites are respondingto this item. Most of them plan to deploy the patch during their nextregularly scheduled system update process. One site is still evaluatingneeded actions. The final site distributes version 6.0, and provideslocal support for their users. When a non-vulnerable version isavailable, they will update their local distribution point and this willhelp to address the vulnerability for new Windows installations and forexisting installations when a user chooses to manually update. Forexisting installations they plan to use Adobe's built-in updatefunctionality as their primary method for updates.

  • References:
  • (6) MODERATE: Microsoft HyperTerminal Buffer Overflow
  • Affected:
    • Windows NT/2000/XP/2003

  • Description: Microsoft HyperTerminal application can be used to connectto other computers via modem, COM ports or telnet protocol. Theapplication allows users to save session information in a file with a".ht" extension. HyperTerminal contains a heap-based buffer overflowthat can be triggered by a specially crafted ".ht" file. The overflowcan be exploited to execute arbitrary code with the privileges of thecurrently logged-on user. In order to exploit this vulnerability, anattacker can take any of the following actions:

    (a) Host the malicious .ht file on his webserver and entice a user tovisit his webpage.

    (b) Send the malicious .ht file as an email attachment.

    (c) Host the malicious .ht file on his shared folder and entice a userto browse the shared folder.Note that in all the above scenarios, if HyperTerminal is not set as thedefault telnet client (a default setting) a user is prompted beforeopening the .ht file. Hence, this vulnerability cannot be exploitedwithout user interaction. The technical details that can be used toconstruct a malicious .ht file have been publicly posted.

  • Status: Apply the patch contained in the Microsoft Security BulletinMS04-043 that was released on December 14, 2004. Users should be advisednot to open any .ht files posted on websites or attached in emails.

  • Council Site Actions: All of the reporting council sites are respondingto this item. Most plan to deploy the patch during their next regularlyscheduled system update process. Several sites have patching underwayas of this past weekend.

  • References:
  • (7) MODERATE: Microsoft WordPad Buffer Overflow Vulnerabilities
  • Affected:
    • Windows NT/2000/XP/2003

  • Description: Microsoft Word for Windows Converter converts documentsfrom Microsoft Word to WordPad format. This converter contains twobuffer overflow vulnerabilities that can be triggered by a speciallycrafted WordPad file. The overflows can be exploited to executearbitrary code on a client with the privileges of the currentlylogged-on user. WordPad opens files with ".wri" extension by default,and when Microsoft Word is not installed also opens files with ".rtf"and ".doc" extensions. Hence, in order to exploit the flaws, an attackercan take any of the following actions:

    (a) Host the malicious .wri/.rtf/.doc file on his webserver and enticea user to visit his webpage.

    (b) Send the malicious .wri/.rtf/.doc file as an email attachment.

    (c) Host the malicious .wri/.rtf/.doc file on his shared folder andentice a user to browse the shared folder.Note that the user would be prompted prior to converting the fileformat. Hence, the flaws can be exploited only with user interaction.The technical details regarding one of the overflows have been publiclyposted.

  • Status: Apply the patch contained in the Microsoft Security BulletinMS04-041 that was released on December 14, 2004. Users should be advisednot to convert untrusted files to WordPad format.

  • Council Site Actions: All of the reporting council sites are respondingto this item. Most plan to deploy the patch during their next regularlyscheduled system update process. Several sites have patching underwayas of this past weekend.

  • References:
Other Software
  • (8) CRITICAL: Veritas Backup Exec Agent Buffer Overflow
  • Affected:
    • Backup Exec version prior to 8.60.3878 Hotfix 68
    • Backup Exec version prior to 9.1.4691 Hotfix 40

  • Description: Veritas Backup Exec is a backup and restore solution forWindows server environment. The benetns.exe service running on thebackup server allows the backup engine to discover the end systems thatare running a backup agent. This service contains a stack-based bufferoverflow that can be triggered by specially crafted registrationrequests. The problem arises when processing client registrationrequests containing an overlong hostname. The flaw can be exploited toexecute arbitrary code with the privileges of the benetns.exe process,possibly domain administrator.

  • Status: Veritas confirmed, hot fixes available. A workaround is to blockthe TCP port used by benetns.exe process at the network perimeter.

  • Council Site Actions: Three of the reporting council sites are usingthe affected software. One site is still investigating to determinewhether they have any benetns.exe processes set up to execute withdomain-administrator credentials. The other two sites plan to patchduring their next regularly scheduled system update process.

  • References:
  • (9) HIGH: Multiple Cisco Products Default Administrative Accounts
  • Affected:
    • Cisco Guard version prior to 3.1
    • Cisco Traffic Anomaly Detector version prior to 3.1
    • Cisco Unity versions 2.x, 3.x, 4.x when integrated with Microsoft Exchange

  • Description: The following Cisco products have an account with maximumprivileges on the device/software that has a default password: CiscoGuard, Cisco Traffic Anomaly Detector, Cisco Unity integrated withExchange. An attacker may obtain an administrative control of thedevices/software via the default password.

  • Status: Cisco has released or will release fixed versions of thesoftware. Users of the above products should ensure that passwords havebeen manually reset for all default accounts.

  • Council Site Actions: Two of the reporting council sites are using theaffected software. One site is still investigating to determinepotential impact of configuration changes. The other site only has theproducts in the staging process and not in production yet. They planto investigate and resolve the issue before these products are placedin production.

  • References:
  • (10) HIGH: Novell NetMail IMAPD Buffer Overflow
  • Affected:
    • NetMail 3.10 and possibly prior versions

  • Description: Novell has reported that NetMail IMAP daemon contains abuffer overflow that can be exploited via "101_mEna" script. A scriptwith the same name posted on the Internet exploits a buffer overflowvulnerability in the Mercury mail IMAP server. Hence, it is possiblethat the same flaw exists in NetMail IMAP daemon i.e. parsing commandstrings over 8198 bytes. The flaw may be exploited by an unauthenticatedattacker to execute arbitrary code on the server.

  • Status: Novell reported the flaw, and has provided a fix.

  • Council Site Actions: The affected software is not in production orwidespread use, or is not officially supported at any of the councilsites. They reported that no action was necessary.

  • References:
  • (11) HIGH: Opentools Attachment Mod Remote Command Execution
  • Affected:
    • Attachment Mod version prior to 2.3.11

  • Description: The Attachment Mod module adds the ability to attach filesto the messages posted to any phpBB bulletin board. This module containsa directory traversal vulnerability that allows a user to upload filesin other directories on the bulletin board server. The directorytraversal may be used to upload malicious PHP files, and executearbitrary PHP code with the privileges of the web server. The postedadvisory shows how to exploit the flaw.

  • Status: Vendor confirmed, upgrade to version 2.3.11.

  • Council Site Actions: The affected software is not in production orwidespread use, or is not officially supported at any of the councilsites. They reported that no action was necessary.

  • References:
  • (12) MODERATE: phpMyAdmin Remote Command Execution
  • Affected:
    • phpMyAdmin versions prior to 2.6.1-rc1

  • Description: phpMyAdmin is a PHP-based tool widely used to administerMySQL databases via HTTP. The phpMyAdmin MIME-based transformations areused to display the contents of a SQL column in any chosen format whenviewed in the PhpMyAdmin browsing mode. When these "external"transformations are configured, and the PHP safe mode is off (not atypical configuration), phpMyAdmin contains a vulnerability that may beexploited to execute arbitrary commands. The problem occurs because theuser-input is not sanitized for shell meta-characters. The postedadvisory shows how to craft the malicious request to leverage the flaw.

  • Status: Vendor confirmed, version 2.6.1-rc1 fixes the flaw.

  • Council Site Actions: The affected software is not in production orwidespread use, or is not officially supported at any of the councilsites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 50, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3960 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.50.1 - CVE: CAN-2004-0567
  • Platform: Windows
  • Title: Microsoft Windows WINS Name Value Handling Remote Buffer
  • Description: Microsoft Windows Internet Name Service (WINS) allows the mapping of NetBIOS names to IP addresses and vice versa. It is reported to be vulnerable to a buffer overflow issue due to insufficient boundary checks performed on computer "name" data handled during a WINS transaction. This issue is addressed in Microsoft Security Bulletin MS04-045.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms04-045.mspx
  • 04.50.2 - CVE: CAN-2004-0899
  • Platform: Windows
  • Title: Microsoft Windows DHCP Server Logging Remote Denial of Service
  • Description: Microsoft Windows DHCP server on NT4 server platforms is reported susceptible to a remote denial of service vulnerability in its logging functionality. The issue presents itself due to improper sanitization of user-supplied network input.
  • Ref: http://secunia.com/advisories/13463/
  • 04.50.3 - CVE: CAN-2004-0900
  • Platform: Windows
  • Title: Microsoft Windows DHCP Server Remote Buffer Overflow
  • Description: Windows DHCP (Dynamic Host Configuration Protocol) server implementation on NT4 servers is vulnerable to a remote buffer overflow issue. Microsoft has released patch MS04-042 to fix this issue.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms04-042.mspx
  • 04.50.4 - CVE: CAN-2004-0571
  • Platform: Microsoft Office
  • Title: Microsoft Word Converter 6.0 Table Conversion Buffer Overflow
  • Description: Microsoft Word 6.0 Converter is used to convert Word 6.0 file formats to the WordPad file formats. Insufficient boundary checks in the table conversion functionality of the application exposes a buffer overflow condition.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms04-041.mspx
  • 04.50.5 - CVE: CAN-2004-0901
  • Platform: Microsoft Office
  • Title: Microsoft Word Converter 6.0 Font Conversion Buffer Overflow
  • Description: Microsoft Word for Windows 6.0 Converter is used to convert Word 6.0 file formats to the WordPad file formats. It is reported to be vulnerable to a buffer overflow condition while parsing maliciously crafted files. Microsoft has released a patch to address this issue.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms04-041.mspx
  • 04.50.6 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Search Pane URI Obfuscation
  • Description: Microsoft Internet Explorer 6.0 is reported to be vulnerable to a URI obfuscation issue in the search pane functionality. Malicious web pages that are rendered in the browser could display misleading information to unsuspecting users and could aid in phishing style attacks.
  • Ref: http://www.securityfocus.com/archive/1/383717
  • 04.50.7 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer DHTML Edit Control Script Injection
  • Description: It is reported that Microsoft Internet Explorer DHTML Edit control may be used to carry out cross-domain script injection. This issue may allow an attacker to execute malicious script code in a user's browser to facilitate cross-site scripting type attacks. All current versions of Internet Explorer 6 are affected.
  • Ref: http://secunia.com/advisories/13482/
  • 04.50.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nullsoft Winamp Tag Processing Remote Denial of Service
  • Description: Winamp is a freely available media player from Nullsoft for Windows. It is reported to be vulnerable to a remote denial of service issue. The issue presents itself when ".mp4" and ".m4a" files containing tags that have been edited using the Winamp tag-editing tool are processed. NullSoft Winamp versions 5.07 and prior are affected.
  • Ref: http://www.securityfocus.com/archive/1/384241
  • 04.50.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Digital Illusions CE Codename Eagle Remote Denial of Service
  • Description: Digital Illusions CE Codename Eagle is an action based computer game designed for Windows. It is reported to be vulnerable to a remote denial of service issue due to a failure of the application to properly handle a UDP network message of zero size. Digital Illusions CE Codename Eagle versions 1.42 and prior are reportedly affected.
  • Ref: http://aluigi.altervista.org/adv/ceaglesock-adv.txt
  • 04.50.10 - CVE: CAN-2004-0568
  • Platform: Third Party Windows Apps
  • Title: Hilgraeve HyperTerminal Session Data Buffer Overflow
  • Description: Hilgraeve HyperTerminal is a communications/telnet application. A buffer overflow vulnerability affects the session file parsing functionality of Hilgraeve HyperTerminal. This could be exposed while opening malicious session files or automatically handling telnet URIs for the system. Attackers could leverage this to execute arbitrary code on the vulnerable system.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms04-043.mspx
  • 04.50.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cisco Unity Default User Accounts and Password
  • Description: Unity is a Cisco software product designed to unify voice message, fax, and email into a user's inbox. Vulnerable systems contain default user accounts and passwords that can be used by an attacker to gain unauthorized access. This issue only arises when Unity is integrated with Microsoft Exchange. Cisco Unity versions 2.x, 3.x and 4.x are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20041215-unity.shtml
  • 04.50.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LinPopUp Remote Buffer Overflow
  • Description: LinPopUp is an instant messaging application. It is vulnerable to a remote buffer overflow, due to insufficient checking of user-supplied data. This buffer overflow may allow a remote attacker to gain access to the computer which runs LinPopUp, in the context of the LinPopUp application. LinPopUp version 1.2.0 is believed to be vulnerable.
  • Ref: http://www.littleigloo.org/software_002.php3
  • 04.50.13 - CVE: CAN-2004-1137
  • Platform: Linux
  • Title: Linux Kernel IGMP Multiple Vulnerabilities
  • Description: The Linux kernel supports Internet Group Management Protocol (IGMP). The first issue exists in the "ip_mc_source()" function and may allow local attackers to cause a denial of service condition. It may also allow disclosure of large portions of kernel memory. The second issue exists due to insufficient sanitization of the "ih3->nsrcs" parameter of the "igmp_marksources()" function and can result in a buffer overflow. Linux kernel versions 2.4.x and 2.6.x are affected.
  • Ref: http://isec.pl/vulnerabilities/isec-0018-igmp.txt http://isec.pl/vulnerabilities/isec-0019-scm.txt
  • 04.50.14 - CVE: CAN-2004-0946
  • Platform: Linux
  • Title: Linux NFS 64-Bit Remote Buffer Overflow
  • Description: Linux implementation of NFS is vulnerable to a remote buffer overflow issue in the disk quota functionality due to a failure to properly validate the length of user-supplied strings. NFS versions 1.0.6-r6 and earlier are known to be vulnerable.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200412-08.xml
  • 04.50.15 - CVE: CAN-2004-0999
  • Platform: Linux
  • Title: ZGV Image Viewer Animated GIF Remote Memory Corruption
  • Description: ZGV is a command-line image viewer. It is reported to be vulnerable to remote memory corruption issue, due to a failure of the application to handle malformed image files. ZGV versions 5.5 to 5.8 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11915/info/
  • 04.50.16 - CVE: Not Available
  • Platform: Linux
  • Title: Opera Web Browser Remote Command Execution
  • Description: The Opera web browser is reported to be vulnerable to a remote command execution issue. If a user attempts to download content with an unknown MIME-type, Opera will download the content and attempt to open it with "kfmclient". Attackers could leverage this to execute arbitrary code on the vulnerable browser. Version 7.54 of Opera for Linux with KDE version 3.2.3 is reported vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/384240
  • 04.50.17 - CVE: Not Available
  • Platform: Linux
  • Title: xine-lib Remote Client-Side Buffer Overflow
  • Description: Xine is a multimedia player designed for Unix/Linux variants. xine-lib is reported to be vulnerable to a remote buffer overflow issue, due to improper boundary checks in the "open_aiff_file()" function of the "demux_aiff.c" file. xine-lib versions 1-rc5 and 1-rc7 are reported to be vulnerable.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt
  • 04.50.18 - CVE: Not Available
  • Platform: Linux
  • Title: mpg123 Find Next File Remote Client-Side Buffer Overflow
  • Description: mpg123 is a media file player for Linux and Unix platforms. It is reported to be vulnerable to a remote buffer overflow issue, due to improper boundary checks of user-supplied strings in the "find_next_file()" function of the "playlist.c" file. mpg123 0.59r is reported to be vulnerable.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/mpg123.txt
  • 04.50.19 - CVE: Not Available
  • Platform: Linux
  • Title: Mantis Arbitrary File Access Vulnerability
  • Description: Mantis is a web-based bug tracking system implemented in PHP utilizing a MySQL database as the back end. It is reported to contain a vulnerability that allows unauthorized access to files. Logged in users are able to download any bug attachment or project document. This issue is fixed in Mantis version 0.18.3.
  • Ref: http://www.securityfocus.com/bid/11966
  • 04.50.20 - CVE: CAN-2001-1413
  • Platform: Unix
  • Title: NCompress Long Filename Buffer Overflow
  • Description: NCompress is a compression utility based on the Lempel-Ziv compression algorithm. A filename longer than 1023 characters causes an internal buffer to overflow in the application. NCompress versions 4.2.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/advisories/7626
  • 04.50.21 - CVE: CAN-2004-1152
  • Platform: Unix
  • Title: Adobe Acrobat Reader Email Message Remote Buffer Overflow
  • Description: Adobe Acrobat Reader is an application designed for reading Portable Document Format (PDF) files. It is reported to be vulnerable to a buffer overflow issue due to improper parsing of a malformed PDF file. Adobe Acrobat 5.0.9 is reported to be vulnerable to the issue.
  • Ref: http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities
  • 04.50.22 - CVE: CAN-2004-1138
  • Platform: Unix
  • Title: Vim Modelines Arbitrary Command Execution
  • Description: Vim is a text editor application. It is affected by an arbitary command execution issue due to certain Modelines options. Vim version 6.0 is affected.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
  • 04.50.23 - CVE: Not Available
  • Platform: Unix
  • Title: tnftp FTP Client Directory Traversal
  • Description: tnftp is an FTP client. It vulnerable to a file name verification issue that may allow an attacker to overwrite local files. tnftp version 20030825 is known to be vulnerable.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/tnftp.txt
  • 04.50.25 - CVE: Not Available
  • Platform: Unix
  • Title: Sun ONE/iPlanet Messaging Server Webmail HTML Injection
  • Description: Sun ONE and iPlanet Messaging Server webmail are vulnerable to an HTML injection issue. Sun Java System Messaging Server version 6 and Sun ONE Messaging Server versions 5 are known to be vulnerable.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57691-1
  • 04.50.26 - CVE: Not Available
  • Platform: Unix
  • Title: jpegtoavi File List Buffer Overflow
  • Description: jpegtoavi creates an AVI MJPEG file from a list of JPEG/JFIF files. It is susceptible to a buffer overflow attack. An attacker could hand a file list, which contains exploit code that triggers the buffer overflow, to a user and subsequently trick this user into running jpegtoavi with the file list. This could result in execution of attacker-supplied code in the context of the user.
  • Ref: http://freshmeat.net/projects/jpegtoavi/
  • 04.50.27 - CVE: Not Available
  • Platform: Unix
  • Title: 2fax Tab Expansion Buffer Overflow Vulnerability
  • Description: 2fax is a text to tiff conversion application. It is reported to be vulnerable to a buffer overflow issue due to improper boundary checks of the "expandtabs()" function in the "2fax.c" script. 2fax versions 3.04 and earlier are reported to be vulnerable.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/2fax.txt
  • 04.50.28 - CVE: Not Available
  • Platform: Unix
  • Title: Convex 3D Buffer Overflow
  • Description: Convex 3D is an open source converter, viewer and object extractor for 3D file formats. Convex 3D is vulnerable to a buffer overflow isssue. All Convex 3D versions are vulnerable.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/convex3d.txt
  • 04.50.29 - CVE: Not Available
  • Platform: Novell
  • Title: Novell NetMail Multiple Remote Vulnerabilities
  • Description: Novell NetMail is an e-mail and calendaring system. It is reported to be vulnerable to buffer overflow and denial of service issues, due to improper sanitization of input. Novell has released update 3.10H to address this issue.
  • Ref: http://secunia.com/advisories/13448/
  • 04.50.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Java System Web and Application Server Remote Session Disclosure
  • Description: It is reported that Sun Java System Web and Application Servers is vulnerable to a remote session disclosure issue due to a design error that may cause session IDs to be revealed. Sun Java System Application Server version 7.0 and Sun Java System Web Server versions 6.1 SP2 and prior are affected. The vendor has released a patch for the issue.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57699-1
  • 04.50.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SQLgrey Postfix Greylisting Service Unspecified SQL Injection
  • Description: SQLgrey Postfix Greylisting Service is an email filter application that uses an SQL database as a backend. It is reported to be vulnerable to an SQL injection issue due to insufficient sanitization of SQL syntax from fields in email processed by the software. The issue is fixed in SQLgrey Postfix Greylisting Service version 1.4.0.
  • Ref: http://www.securityfocus.com/bid/11898/
  • 04.50.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gadu-Gadu Multiple Remote Vulnerabilities
  • Description: Gadu-Gadu is an instant messenger. It is reported to be vulnerable to multiple remote vulnerabilities due to improper sanitization of input. Gadu-Gadu version 6.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11895
  • 04.50.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Monolith Lithtech Game Engine Remote Denial of Service
  • Description: Monolith Lithtech game engine is vulnerable to a remote denial of service issue due to a failure to handle exceptional conditions when receiving some specially crafted UDP packets. All games using this engine are vulnerable.
  • Ref: http://aluigi.altervista.org/adv/lithsock-adv.txt
  • 04.50.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citadel/UX Network Data Logging Remote Format String
  • Description: Citadel/UX is a BBS package. It is reported to be vulnerable to a remote format string issue due to improper implementation of the "syslog()" function. Citadel/UX versions 6.0.7, 6.0.8, 6.23, 6.24, 6.26 and 6.27 are reported to be vulnerable.
  • Ref: http://www.nosystem.com.ar/advisories/advisory-09.txt
  • 04.50.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: wget Multiple Remote Vulnerabilities
  • Description: GNU wget is a web crawler/network file transfer utility. wget is vulnerable to multiple vulnerabilities such as directory traversal, arbitrary file overwriting and injection of malicious characters into filenames. wget versions 1.9 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/383998
  • 04.50.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GameSpy SDK Buffer Overflow Vulnerability
  • Description: The GameSpy Software Development Kit (SDK) provides CD-key validation functionality to network video game applications. It is vulnerable to a buffer overflow condition while handling certain network data. This could be used by remote attackers to execute arbitrary code on a vulnerable system. All current versions are considered vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/384009
  • 04.50.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Download Dialogue Box File Name Spoofing
  • Description: Opera is a web browser available for multiple platforms. It is reported to be affected by a download dialogue box file name spoofing vulnerability due to a design error that facilitates the spoofing of file names. Opera Web Browser version 7.54 has been released to fix this issue.
  • Ref: http://www.opera.com/support/search/supsearch.dml?index=782
  • 04.50.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Acrobat Reader ETD File Parser Format String Vulnerability
  • Description: Adobe Acrobat Reader is an application designed for reading Portable Document Format (PDF) files. It is reported to be vulnerable to a remote format string issue. A remote attacker may exploit this vulnerability to execute arbitrary instructions in the context of a user running the vulnerable application.
  • Ref: http://www.securityfocus.com/archive/1/384426
  • 04.50.39 - CVE: CAN-2004-1139,CAN-2004-1140,CAN-2004-1141,CAN-2004-1142
  • Platform: Cross Platform
  • Title: Ethereal Multiple Denial of Service Vulnerabilities
  • Description: Ethereal is vulnerable to multiple denial of service issues and some of them may allow arbitrary code execution. Ethereal versions 0.9.0 to 0.10.7 are known to be vulnerable. Ethereal version 0.10.8 has been released to fix these issues.
  • Ref: http://www.ethereal.com/appnotes/enpa-sa-00016.html
  • 04.50.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MPlayer Multiple Vulnerabilities
  • Description: MPlayer is a multimedia video and audio player. MPlayer is vulnerable to multiple security issues such as integer overflow, stack-based buffer overflows and heap-based buffer overflow. MPlayer version 1.0pre5try2 has been released to fix these issues.
  • Ref: http://mplayerhq.hu/pipermail/mplayer-announce/2004-December/000055.html
  • 04.50.41 - CVE: CAN-2004-1172
  • Platform: Cross Platform
  • Title: VERITAS Backup Exec Agent Browser Remote Buffer Overflow
  • Description: VERITAS Backup Exec is a network enabled backup solution. It is reported to be vulnerable to a buffer overflow condition while handling malformed registration requests in the Agent Browser service. An attacker could leverage this to execute arbitrary code on the vulnerable target. Versions 8.x and 9.x of the software are reported to be vulnerable.
  • Ref: http://seer.support.veritas.com/docs/273419.htm
  • 04.50.42 - CVE: CAN-2004-1154
  • Platform: Cross Platform
  • Title: Samba Directory Access Control List Remote Integer Overflow
  • Description: Samba is a file and printer sharing application. Insufficient boundary checks expose a remotely exploitable integer overflow vulnerability that affects the directory access control list (DACL). Samba versions 2.x and 3.x are affected.
  • Ref: http://us1.samba.org/samba/security/CAN-2004-1154.html
  • 04.50.43 - CVE: CAN-2004-1019,CAN-2004-1065, CAN-2004-1018,CAN-2004-1019, CAN-2004-1063, CAN-2004-1064
  • Platform: Cross Platform
  • Title: PHP Multiple Local and Remote Vulnerabilities
  • Description: PHP4 and PHP5 are vulnerable to multiple security issues including directory traversal, integer overflow, and safe_mode bypass. PHP4 versions 4.3.9 and earlier and PHP5 versions 5.0.2 and earlier are known to be vulnerable.
  • Ref: http://www.hardened-php.net/advisories/012004.txt
  • 04.50.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NASM Error Preprocessor Directive Buffer Overflow
  • Description: NASM (The Netwide Assembler) is an x86 assembler. It is reported to be vulnerable to a buffer overflow condition that is exposed while processing a maliciously crafted source file. An attacker could leverage this by having an unsuspecting user compile such a source file thereby possibly executing arbitrary code on the vulnerable system. NASM version 0.98.38 is reported to be vulnerable.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/nasm.txt
  • 04.50.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gadu-Gadu Multiple Remote Vulnerabilities
  • Description: Gadu-Gadu is an instant messenger. Insufficient sanitization of user-supplied input exposes the application to various HTML injection and denial of service issues. Gadu-Gadu version 7.x is affected.
  • Ref: http://www.man.poznan.pl/~security/gg-adv.txt
  • 04.50.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Brightmail Multiple Remote Denial of Service Vulnerabilities
  • Description: Symantec Brightmail is an Anti-spam product that runs at the gateway. It is reported to be vulnerable to multiple remote denial of service issues that may allow an attacker to crash the application with malicious email messages. Brightmail version 6.0.1 is reported to be affected.
  • Ref: ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/p134_notes.htm
  • 04.50.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: html2hdml File Conversion Buffer Overflow
  • Description: html2hdml is an HTML to HDML conversion utility. Insufficient sanitization of HTML data in the "remove_quote()" function of the "convert.c" exposes the application to a buffer overflow issue. html2hdml version 1.x is affected.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/html2hdml.txt
  • 04.50.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: asp2php Preparse Token Variable Buffer Overflow
  • Description: asp2php is an application for converting ASP scripts into PHP. Insufficient sanitization of ASP input data in the "preparse()" function of the "asp2php.c" source file exposes the application to a buffer overflow issue. asp2php version 0.x is affected.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/asp2php.txt
  • 04.50.49 - CVE: CAN-2004-1227,CAN-2004-1228
  • Platform: Web Application
  • Title: SugarSales Multiple Remote Vulnerabilities
  • Description: SugarSales is a customer relationship management suite. SugarSales is vulnerable to multiple security issues such as SQL injection and directory traversal. SugarCRM versions 2.0.1c and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/384195
  • 04.50.50 - CVE: Not Available
  • Platform: Web Application
  • Title: UBB.threads Cross-Site Scripting
  • Description: UBB.threads is a web-based message board application. UBB.threads is susceptible to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied data. UBB.threads versions 6.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/11900
  • 04.50.51 - CVE: Not Available
  • Platform: Web Application
  • Title: MediaWiki Arbitrary Script Upload and Execution
  • Description: MediaWiki is editing software designed to run Wikipedia. An access validation error in the software allows unauthorized users to upload arbitrary files to the "images" directory and execute them. MediaWiki versions 1.3.8 and earlier are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=28946
    8
  • 04.50.52 - CVE: CAN-2004-1147, CAN-2004-1148
  • Platform: Web Application
  • Title: phpMyAdmin Multiple Remote Vulnerabilities
  • Description: phpMyAdmin provides a web interface for handling MySQL administrative tasks. Insufficient sanitization of user-supplied input exposes command execution and arbitrary file disclosure issues. The command execution issue has been present since phpMyAdmin version 2.6.0-pl2. The file disclosure issue has been present since phpMyAdmin version 2.4.0.
  • Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4
  • 04.50.53 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenText FirstClass HTTP Daemon Search Function Remote Denial of Service
  • Description: OpenText FirstClass is a web-based unified messaging system. It is reported to be vulnerable to a remote unspecified denial of service issue. This issue exists inside its HTTP daemon's "search" functionality. The issue is known to exist in OpenText FirstClass version 8.0.
  • Ref: http://www.securityfocus.com/bid/11877/
  • 04.50.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Opentools Attachment Mod Multiple Remote Vulnerabilities
  • Description: Opentools Attachment Mod is an add-on module for phpBB installations. It provides functionality that enables users to upload and attach files to phpBB forum posts. It is reported to be vulnerable to multiple remote vulnerabilities, which can be exploited to upload and execute arbitrary script code. Opentools Attachment Mod version 2.3.11 has been released to address these issues.
  • Ref: http://www.securityfocus.com/archive/1/384333 http://www.securityfocus.com/archive/1/384646
  • 04.50.55 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpDig Unspecified Remote Vulnerability
  • Description: PhpDig is a web spider and search engine running in a PHP/MySQL environment on Linux and Unix platforms. PhpDig is reportedly susceptible to an unspecified vulnerability. This vulnerability allows a remote attacker to compromise computers that run PhpDig. PhpDig versions prior to version 1.8.5 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/11889/info/
  • 04.50.56 - CVE: CAN-2004-0067,CAN-2004-0065,CAN-2004-0030
  • Platform: Web Application
  • Title: PhpGedView Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: PhpGedView parses GEDCOM 5.5 genealogy files and displays them on the Web in easy to read formats and charts. Insufficient sanitization of user-supplied URL parameters exposes multiple cross-site scripting and SQL injection issues in the application. PhpGedView version 2.65 was released to fix these issues.
  • Ref: http://www.securityfocus.com/archive/1/349698
  • 04.50.57 - CVE: Not Available
  • Platform: Web Application
  • Title: UseModWiki Cross-Site Scripting
  • Description: UseModWiki is a Perl implementation of Wiki. UseModWiki is vulnerale to a cross-site scripting issue in the "wiki.pl" script. UseModWiki version 1.0 is known to be vulnerable.
  • Ref: http://secunia.com/advisories/13441/
  • 04.50.58 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Live! File Include Vulnerability
  • Description: PHP Live! is a live support system for web sites. An unspecified vulnerability exists in the software that may allow remote attackers to include arbitrary files remotely. PHP Live! version 2.x is affected.
  • Ref: http://secunia.com/advisories/13420/
  • 04.50.59 - CVE: CAN-2004-1059
  • Platform: Web Application
  • Title: mnoGoSearch Multiple Cross-Site Scripting Vulnerabilities
  • Description: mnoGoSearch is multi-platform web search engine software for Intranet and Internet servers. It is reported to be vulnerable to multiple cross-site scripting issues due to improper sanitization of user-supplied input. mnoGoSearch versions 3.2.26 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11895
  • 04.50.60 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP Calendar Administrative Access Vulnerability
  • Description: Active Server Corner ASP Calendar is a web-based application. The administrative script "admin/main.asp" does not require any sort of authentication credentials, resulting in unauthorized administrative access to the application. ASP Calendar version 1.x is affected.
  • Ref: http://www.securityfocus.com/archive/1/384364
  • 04.50.61 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP-Rider Remote SQL Injection
  • Description: ASP-Rider is a web blog application. ASP-Rider is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data in the "username" parameter of the "verify.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/384421
  • 04.50.62 - CVE: Not Available
  • Platform: Web Application
  • Title: iWebNegar Multiple SQL Injection Vulnerabilities
  • Description: iWebNegar is a web log and content management system. Insufficient sanitization of user-supplied input in "comments.php" and "index.php" scripts exposes various SQL injection issues. iWebNegar version 1.x is affected.
  • Ref: http://secunia.com/advisories/13485/
  • 04.50.63 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPGroupWare Multiple Vulnerabilities
  • Description: PHPGroupWare is reportedly vulnerable to multiple web-based security attacks including cross-site scripting and SQL injection. These are due to insufficient sanitization of user-supplied input. PHPGroupWare version 0.9.16.003 is reported to be vulnerable.
  • Ref: http://www.gulftech.org/?node=research&article_id=00054-12142004
  • 04.50.64 - CVE: Not Available
  • Platform: Web Application
  • Title: WackoWiki Double Quoted Input HTML Injection
  • Description: WackoWiki is a lightweight Wiki-clone implemented in PHP. It is reported by the vendor that WackoWiki is vulnerable to an HTML injection issue due to a failure in the application to properly sanitize user-supplied input. The issue is fixed in WackoWiki version R3.
  • Ref: http://www.securityfocus.com/bid/11953
  • 04.50.65 - CVE: Not Available
  • Platform: Web Application
  • Title: SIR GNUBoard Remote File Include Vulnerability
  • Description: SIR GNUBoard is a bulletin board system. It is reported to be vulnerable to a remote file include issue, due to improper sanitization of user-supplied input to the "doc" parameter in the "include()" function. SIR GNUBoard versions 3.39 and earlier are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13479/
  • 04.50.66 - CVE: Not Available
  • Platform: Web Application
  • Title: WackoWiki Unspecified Information Disclosure
  • Description: WackoWiki is a lightweight Wiki-clone implemented in PHP. It has been reported by the vendor that WackoWiki is vulnerable to an unspecified information disclosure issue. This vulnerability may result in loss of confidentiality or access to potentially sensitive information. The issue is fixed in WackoWiki version R3.5.
  • Ref: http://www.securityfocus.com/bid/11955/
  • 04.50.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Ikonboard Remote SQL Injection
  • Description: Ikonboard is a Web Bulletin Board System. Ikonboard is susceptible to multiple remote SQL injection vulnerabilities, due to insufficient sanitization of user-supplied data. Ikonboard version 3.x is affected.
  • Ref: http://secunia.com/advisories/13513/
  • 04.50.68 - CVE: Not Available
  • Platform: Web Application
  • Title: JSBoard Remote Arbitrary Script Upload Vulnerability
  • Description: JSBoard is a web-based bulletin board system. Insufficient sanitization of filename extensions can allow attackers to upload arbitrary scripts. JSBoard versions 2.0.8 and earlier and JSBoard-win32 versions 1.3.11a and earlier are affected.
  • Ref: http://secunia.com/advisories/13472/
  • 04.50.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Slashcode Slash CVS Unspecified Security Vulnerability
  • Description: Slashcode Slash CVS is reported to be vulnerable to an unspecified security issue due to an undisclosed error in the CVS versions. This issue has been fixed in Slash CVS version R_2_5_0_41 and release version 2.2.6.
  • Ref: http://www.slashcode.com/slash/04/12/15/1540200.shtml?tid=11&tid=5&tid=4
  • 04.50.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Singapore Image Gallery Multiple Remote Vulnerabilities
  • Description: Singapore is a web-based image gallery implemented in PHP. It is reported to be vulnerable to directory traversal, file upload and cross-site scripting issues. These issues are due to improper sanitization of user-supplied input. Singapore versions 0.9.10 and earlier are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-12/0211.html
  • 04.50.71 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP2PHP Preparse Temp Variable Buffer Overflow Vulnerability
  • Description: asp2php is an application for converting ASP scripts into PHP. It is reported to be vulnerable to a buffer overflow issue due to improper sanitization of asp files. asp2php versions 0.76.23 and earlier are reported to be vulnerable.
  • Ref: http://tigger.uic.edu/~jlongs2/holes/asp2php.txt
  • 04.50.72 - CVE: Not Available
  • Platform: Network Device
  • Title: Asante FM2008 Managed Ethernet Switch Default Backdoor Account
  • Description: The Asante FM2008 managed Ethernet switch reportedly contains a default backdoor account. Attackers with network access to the telnet port of affected devices may gain administrative access by using these default credentials. Version 01.06 of Asante FM2008 switches are reported to be vulnerable to this condition.
  • Ref: http://secunia.com/advisories/13494/
  • 04.50.73 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Guard Default Backdoor Account
  • Description: Cisco Guard and Anomaly Detector appliances are reported to have a default backdoor administrative account of "root" with an unspecified default password. By leveraging this issue, attackers with SSH or HTTPS access to affected devices may gain administrative access. Cisco Guard versions prior to 3.1 and Anomaly Detector versions prior to 3.1 are reported to be vulnerable.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a008037d0c5.s
    html
  • 04.50.74 - CVE: Not Available
  • Platform: Hardware
  • Title: Ricoh Aficio PCL Printer Remote ICMP Denial of Service
  • Description: Ricoh Aficio is a large, network-attached printer and photocopier. It is reported to be vulnerable to a remote denial of service issue due to a failure of the device to properly handle exceptional ICMP packets. Ricoh Afficio 450/455 printers are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/11932

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner. ==end== Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters. To change your subscription, address, or other information, visit http://portal.sans.org Copyright 2004. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

SANS never fails to provide top level training that is worth every penny.
-Tyler Hudak, Yellow Roadway Tech

NetWars - Cyber Range

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage