Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 10
March 10, 2005

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 0 (#1)
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 5 (#2)
    • Mac Os
    • 1
    • Linux
    • 2
    • Solaris
    • 1
    • Unix
    • 6 (#4)
    • Cross Platform
    • 12 (#3, #5, #6)
    • Web Application
    • 16
    • Hardware
    • 1

**************** This Issue Sponsored By SANS 2005 *********************

Please join us in San Diego in early April for SANS largest training program: 16 immersion tracks for security professionals, auditors, security managers and even for people new to security. Right on the ocean in one of the best months to visit San Diego. Here are two reasons more people attend SANS training than any other courses: "SANS never fails to provide top level training that is worth every penny." (Tyler Hudak, Yellow Roadway Technology) "This is the only conference/training I've ever attended at which I learned techniques and found tools I could apply immediately." (Dwight Leo, Defense Logistics Agency) If you cannot come to San Diego, there are SANS training programs in more than 40 cities this year. See schedule and details at: http://www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Unix
Cross Platform
Web Application
Hardware

********************** SPONSORED LINK ***********************************

This link goes outside the SANS web site: Top Layer - 2005 NSS Group "Double Approval" for Rate & Content-based Intrusion Prevention. Report http://www.sans.org/info.php?id=735

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) LOW: Windows 2003/XP Land Attack Vulnerability
  • Affected:
    • Windows XP, 2003 Server

  • Description: Land attack, a denial-of service attack known since 1997, can be launched by directing IP packets with same source and destination IP addresses at the target machine. Windows XP (specifically SP2) and Windows 2003 server are reportedly vulnerable to this attack. By continuously sending a stream of malformed TCP "SYN" packets to the open ports on a Windows XP/2003 system, it is possible to cause a significant performance degradation (in some configurations 100% CPU utilization); there by, rendering the system unusable. The attack can be launched via packet crafting tools like hping. SANS Handler's diary shows the command line options that can be used with hping tool to launch this attack.

  • Status: Microsoft has not confirmed. A workaround for Windows 2003, which reportedly works, is to harden TCP/IP stack as described in the Microsoft KB324270. Appropriate ingress/egress filtering would also defend against this attack. Another alternative is to use firewalls, router ACLs and/or intrusion prevention systems to block such attacks.

  • Council Site Actions: Most of the council sites responded that they have mitigating controls in place such as firewall ACLs that block the malicious traffic from reaching their internal systems. They are all waiting on response from the vendor. Several mentioned they would install any future patches during a regular system update process.

  • References:
Other Software
  • (2) CRITICAL: Safenet Sentinel License Manager Buffer Overflow
  • Affected:
    • Sentinel License Manager version 7.2.0.2 on Windows

  • Description: Sentinel LM is a software based license management application that supports multiple pre-built licensing models such as evaluation, pay-per-use, site license etc. The license manager, when installed on Windows, runs a service "LservNT" that listens on port 5093/udp. This service is vulnerable to a buffer overflow that can be triggered by 3000 bytes of data. The flaw can be exploited to execute arbitrary code with "SYSTEM" privileges. The License Manager also runs on other platforms like Mac OS, Solaris and Linux. It is not clear if these platforms are vulnerable as well.

  • Status: Vendor confirmed, upgrade to version 8.0 for any products using Sentinel LM. A workaround is to block port 5093/udp at the network perimeter.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (3) HIGH: Ethereal RADIUS Authentication Decoding Overflow
  • Affected:
    • Ethereal version 0.10.9 and prior

  • Description: Ethereal is a popular open source network sniffer and protocol analyzer for UNIX and Windows platforms. The software contains a stack-based buffer overflow in parsing the RADIUS authentication packet used in CDMA2000 protocol. The buffer overflow can be exploited to execute arbitrary code with the privileges of the ethereal process (typically "root" when ethereal is being used as a sniffer). To exploit the flaw, an attacker has to either inject the malicious packets into the network traffic being sniffed by ethereal, or entice a client to open a specially crafted packet capture file. A proof-of-concept exploit has been posted. Note that any network applications based on ethereal protocol decoder modules may also be affected.

  • Status: Vendor confirmed, fix available via CVS. Version 0.10.10 will be released in a day according to the vendor.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. However, two sites said they would patch known installations and a third site notified their affected user base.

  • References:
Exploit Code
  • (6) RealPlayer SMIL Processing Overflow

  • Description: Exploit code has been posted for the overflow in RealPlayer's SMIL processing discussed in the last week's @RISK newsletter. The exploit code can reportedly work on any Windows platform and binds a shell the port 13579/tcp.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. However, one site is in the process of deploying the patches and another site plans to patch computers of users who have a legitimate business need to run the affected software.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 10, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4095 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.10.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Exchange Mail Box Sub Folder Denial of Service
  • Description: Microsoft Exchange Server is vulnerable to a denial of service issue due to a failure of the application to handle specially crafted folders. Microsoft Exchange 2003 including Service Pack 1 is vulnerable to this issue.
  • Ref: http://support.microsoft.com/?kbid=891504
  • 05.10.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ArGoSoft FTP Server Buffer Overrun
  • Description: ArGoSoft FTP Server is vulnerable to a buffer overrun when receiving data in excess of 2000 bytes through the DELE command. ArGoSoft FTP Server versions 1.4.2.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/392653
  • 05.10.3 - CVE: CAN-2005-0690
  • Platform: Third Party Windows Apps
  • Title: Gene6 FTP Server Remote Code Execution
  • Description: Gene6 FTP Server is an FTP server application for the Microsoft Windows platform. Gene6 FTP Server is affected by a remote code execution vulnerability. Gene6 FTP Server versions 3.4 and earlier are known to be vulnerable.
  • Ref: http://secway.org/Advisory/ad20050303.txt
  • 05.10.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Hosting Controller Multiple Information Disclosure Vulnerabilities
  • Description: Hosting Controller is an application that consolidates all hosting tasks into one interface. It is reported to be vulnerable to multiple information disclosure issues. These issues can allow an attacker to disclose sensitive information, which may be used to carry out further attacks against a computer. Hosting Controller version 6.1 hotfix 1.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/392557
  • 05.10.5 - CVE: CAN-2005-0657
  • Platform: Third Party Windows Apps
  • Title: Computalynx CProxy Directory Traversal
  • Description: CProxy is a web proxy server offered by Computalynx. It is vulnerable to a remote directory traversal condition that allows attackers to browse files outside the server root directory. CProxy Server versions 3.4.4 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12722/
  • 05.10.6 - CVE: CAN-2005-0635, CAN-2005-0636
  • Platform: Third Party Windows Apps
  • Title: Foxmail USER Command Multiple Remote Vulnerabilities
  • Description: Foxmail is an email server. It is reported to be vulnerable to a buffer overflow and a format string issue. These issues present themselves when the application receives excessive data through the "USER" command. Foxmail Server version 2.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/391960
  • 05.10.7 - CVE: CAN-2005-0697
  • Platform: Mac Os
  • Title: CopperExport SQL Injection Vulnerability
  • Description: CopperExport is a plug-in for Apple iPhoto. It is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input to the "xp_publish.php" script. This could allow remote attackers to modify database tables or get access to sensitive information. CopperExport versions 0.1 and 0.2 are vulnerable.
  • Ref: http://www.zzamboni.org/copperexport/
  • 05.10.8 - CVE: CAN-2005-0086
  • Platform: Linux
  • Title: RedHat Linux less Remote Buffer Overflow
  • Description: less is a utility for viewing files in terminal windows. It is vulnerable to a remote client-side buffer overflow issue that may be leveraged by an attacker to execute arbitrary code with the privileges of the user running the application. RedHat Linux 9.0 i386 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/advisories/8209
  • 05.10.9 - CVE: CAN-2005-0666
  • Platform: Linux
  • Title: PaX Privilege Escalation Vulnerability
  • Description: PaX is an anti-intrusion kernel patch for Linux. PaX is vulnerable to an undisclosed privilege escalation issue. All versions between 09/01/2003 and 03/07/2005 are vulnerable.
  • Ref: http://pax.grsecurity.net/
  • 05.10.11 - CVE: CAN-2005-0664
  • Platform: Unix
  • Title: EXIF libexif Library Buffer Overflow
  • Description: libexif is a library which provides support for Exchangeable Image File (EXIF) images. The EXIF library fails to validate input in several places. JPEG images with invalid EXIF data may crash user applications. libexif versions 0.6.11 and earlier are known to be vulnerable.
  • Ref: http://www.ubuntulinux.org/support/documentation/usn/usn-91-1
  • 05.10.12 - CVE: CAN-2005-0686
  • Platform: Unix
  • Title: mlterm Background Image Integer Overflow
  • Description: mlterm is a multi-lingual terminal emulator. mlterm is vulnerable to an integer overflow issue due to a lack of sanitization on image files. mlterm versions 2.5.0 through 2.9.1 are known to be vulnerable.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200503-13.xml
  • 05.10.13 - CVE: CAN-2005-0667
  • Platform: Unix
  • Title: Sylpheed Mail Client Buffer Overflow Vulnerability
  • Description: Sylpheed is a GTK+ based mail client. It is reported to be vulnerable to a buffer overflow condition. Sylpheed versions earlier than 1.0.3 are reported to be vulnerable.
  • Ref: http://www.tmtm.org/cgi-bin/w3ml/sylpheed/msg/24250
  • 05.10.14 - CVE: CAN-2005-0665
  • Platform: Unix
  • Title: xv Remote Format String Vulnerability
  • Description: xv is an image manipulation utility for the X Window System. It is vulnerable to a remote format string vulnerability due to improper sanitization of user input and can be exploited by an attacker to execute arbitrary code. xv versions 3.10a and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/advisories/8184
  • 05.10.15 - CVE: CAN-2005-0605
  • Platform: Unix
  • Title: libXpm Bitmap_unit Integer Overflow
  • Description: libXpm is a graphics library that is shipped with the XOrg and XFree86 projects. libXpm is affected by an integer overflow vulnerability. There is no known workaround at this time.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200503-08.xml
  • 05.10.16 - CVE: CAN-2005-0639
  • Platform: Unix
  • Title: xli and xloadimage Multiple Vulnerabilities
  • Description: xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats. xli and xloadimage are vulnerable to multiple security issues such as buffer overflows and input validation errors, potentially leading to the execution of arbitrary code. The fixes for these issues have been released in their cvs tree.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200503-05.xml
  • 05.10.17 - CVE: CAN-2005-0685
  • Platform: Cross Platform
  • Title: OutStart Participate Enterprise Multiple Access Validation Vulnerabilities
  • Description: OutStart Participate Enterprise is an enterprise management application. Participate Enterprise is reported to be vulnerable to multiple access validation issues. These issues may allow remote attackers to disclose sensitive information and corrupt and delete data that can ultimately lead to a denial of service condition. All versions of Participate Enterprise are considered vulnerable at the moment.
  • Ref: http://www.securityfocus.com/archive/1/392623
  • 05.10.18 - CVE: CAN-2005-0699
  • Platform: Cross Platform
  • Title: Ethereal RADIUS Authentication Dissection Buffer Overflow
  • Description: Ethereal is a popular network protocol analyzer. Ethereal is affected by a remote buffer overflow vulnerability. Ethereal versions 0.10.8 and earlier are known to be vulnerable.
  • Ref: http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04
  • 05.10.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Yahoo! Messenger Offline Mode Status Remote Buffer Overflow
  • Description: Yahoo! Messenger is reported to be vulnerable to a remote buffer overflow issue, due to improper boundary checks of user-supplied input. Yahoo! Messenger versions 6.0 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12750/info/
  • 05.10.20 - CVE: CAN-2005-0692
  • Platform: Cross Platform
  • Title: PHP-Fusion BBCode IMG Tag Script Injection
  • Description: PHP-Fusion is a web content management system written in PHP. PHP-Fusion is affected by a script injection vulnerability. PHP-Fusion version 5.00 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/392482
  • 05.10.21 - CVE: CAN-2005-0701
  • Platform: Cross Platform
  • Title: Oracle Database 8i/9i Multiple Remote Directory Traversal Vulnerabilities
  • Description: Oracle Database server is affected by multiple directory traversal issues that may allow a remote attacker to read, write, or rename arbitrary files with the privileges of the Oracle Database server. Insufficient sanitization of filenames and paths in the "fopen()" and "frename()" functions of the "UTL_FILE" package exposes this issue. All current versions of Oracle 8i and 9i are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005 _advisory.pdf http://www.argeniss.com/research/ARGENISS-ADV-030501.txt
  • 05.10.22 - CVE: CAN-2005-0353
  • Platform: Cross Platform
  • Title: SafeNet Sentinel License Manager Remote Buffer Overflow
  • Description: SafeNet Sentinel License Manager is a framework that attempts to facilitate license management for third party software developers. A remote buffer overflow exposes itself due to failure to securely copy network-derived data into finite process buffers. Sentinel License Manager version 7.2.0.2 is affecetd.
  • Ref: http://www.securityfocus.com/bid/12742
  • 05.10.23 - CVE: CAN-2005-0702
  • Platform: Cross Platform
  • Title: phpMyFAQ Username SQL Injection
  • Description: phpMyFAQ is an FAQ manager web-application. phpMyFAQ is affected by an SQL injection vulnerability. phpMyFAQ versions 1.5 and earlier are known to be vulnerable.
  • Ref: http://www.phpmyfaq.de/advisory_2005-03-06.php
  • 05.10.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hashcash Email Reply Header Format String
  • Description: Hashcash is an anti-spam countermeasure. A format string vulnerability exists in the generic C implementation of Hashcash when format specifiers are used in the recipient field of a reply. Successful exploitation may allow execution of arbitrary code in the context of the software.
  • Ref: http://www.securityfocus.com/advisories/8192
  • 05.10.25 - CVE: CAN-2005-0584
  • Platform: Cross Platform
  • Title: Mozilla Suite/Firefox HTTP Authentication Dialogs Tab Focus
  • Description: Mozilla Suite and Mozilla Firefox are affected by a vulnerability that may result in the loss of authentication credentials. Firefox versions 1.0.1 and earlier and Mozilla Suite versions 1.7.6 and earlier are known to be vulnerable.
  • Ref: http://www.mozilla.org/security/announce/mfsa2005-24.html
  • 05.10.26 - CVE: CAN-2005-0672
  • Platform: Cross Platform
  • Title: Ca3DE Multiple Remote Vulnerabilities
  • Description: Carsten's 3D Engine (Ca3De)is a 3D game engine. It is reported to be vulnerable to denial of service and a format string issue. These vulnerabilities exist due to improper sanitization of user-supplied input. Ca3DE versions before March 2004 are vulnerable.
  • Ref: http://aluigi.altervista.org/adv/ca3dex-adv.txt
  • 05.10.27 - CVE: CAN-2005-0397
  • Platform: Cross Platform
  • Title: ImageMagick File Name Handling Remote Format String
  • Description: ImageMagick is an image manipulation program. It is reported to be vulnerable to a remote format string issue due to an improper format specifier. ImageMagick versions 6.2 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12717
  • 05.10.28 - CVE: CAN-2005-0626
  • Platform: Cross Platform
  • Title: Squid Proxy Set-Cookie Information Disclosure
  • Description: Squid is web proxy software. It is affected by a remote information disclosure problem. The issue presents itself when the requested server employs the Netscape "Set-Cookie" specifications. Squid Proxy versions 2.5 STABLE7 through version 2.5 STABLE9 are affected.
  • Ref: http://www.securityfocus.com/advisories/8208
  • 05.10.29 - CVE: Not Available
  • Platform: Web Application
  • Title: WF-Section SQL Injection
  • Description: WF-Section is a web-based application. It is reported to be vulnerable to an SQL injection issue due to improper sanitization of user-supplied input to the "articleid" parameter of the "article.php" script. WF-Section version 1.0.7 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12760
  • 05.10.30 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Arena Multiple Remote Cross-Site Scripting Vulnerabilities
  • Description: PHP Arena PaFileDB is a web-based file management utility. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied data in the "pafiledb.php" script.
  • Ref: http://www.securityfocus.com/archive/1/392652
  • 05.10.31 - CVE: Not Available
  • Platform: Web Application
  • Title: NewsScript Access Validation Vulnerability
  • Description: NewsScript is a content management system. It is reported to be vulnerable to an access validation issue. This issue may allow an unauthorized attacker to add, modify and delete messages.
  • Ref: http://www.securityfocus.com/bid/12761/
  • 05.10.32 - CVE: CAN-2005-0682
  • Platform: Web Application
  • Title: Drupal Unspecified Cross-Site Scripting
  • Description: Drupal is a content management system. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input. Drupal versions 4.2 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12757
  • 05.10.33 - CVE: Not Available
  • Platform: Web Application
  • Title: Xoops Custom Avatar Arbitrary PHP File Upload
  • Description: Xoops web portal is affected by an arbitrary file upload issue. The issue is exposed due to insufficient sanitization of image files that are uploaded using custom avatar upload functionality. Xoops versions 2.0.9.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/392626
  • 05.10.34 - CVE: Not Available
  • Platform: Web Application
  • Title: YaBB Cross-Site Scripting
  • Description: YaBB (Yet Another Bulletin Board) is web forum software. The software is vulnerable to a cross-site scripting issue due to its failure to sanitize user-supplied input in the "username" parameter. YaBB version 2.0 RC1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/12756/info/
  • 05.10.35 - CVE: CAN-2005-0700
  • Platform: Web Application
  • Title: Aztek Forum Unauthorized Access
  • Description: Aztek Forum is a web-based forum application. It is reported to be vulnerable to an unauthorized access issue due to an access validation error. Aztek Forum version 4.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12745
  • 05.10.36 - CVE: Not Available
  • Platform: Web Application
  • Title: phpWebLog File Include Vulnerability
  • Description: phpWebLog is a web-based content management application. It is vulnerable to a remote file include vulnerablity due to failing to sanitize user-supplied "PATH" parameter of the "/include/init.inc.php" and " /backend/addons/links/index.php" scripts. Jason Hines phpWebLog versions 0.5.3 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/392552
  • 05.10.37 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Session.PHP Autologin User_Level Privilege Escalation
  • Description: phpBB is reported vulnerable to a privilege escalation issue. A remote attacker may potentially exploit this vulnerability to gain access to parts of the affected web site that should only be visible to a web site administrator. phpBB versions 2.0.13 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/12736/
  • 05.10.38 - CVE: Not Available
  • Platform: Web Application
  • Title: Stadtaus.Com Mail Script Remote File Include
  • Description: Stadtaus.Com PHP Form Mail Script is a web-based application that allows users to send information from forms to recipients through email. It is vulnerable to a remote file include issue that can be exploited by an attacker to execute arbitrary server-side script. PHP Form Mail Script versions 2.3 and earlier are affected.
  • Ref: http://www.stadtaus.com/en/php_scripts/formmail_script/
  • 05.10.39 - CVE: CAN-2005-0689
  • Platform: Web Application
  • Title: The Includer Remote Command Execution Vulnerability
  • Description: The Includer provides server side includes functionality for web sites. It is reported to be vulnerable to a remote arbitrary command execution due to improper sanitization of user-supplied data. Includer versions 1.1 and 1.0 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12726
  • 05.10.40 - CVE: CAN-2005-0680
  • Platform: Web Application
  • Title: Download Center Lite Arbitrary Remote PHP File Include
  • Description: Download Center Lite is a PHP script. It is reported to be vulnerable to a remote file include issue due to improper sanitization of user-supplied input to the "script_root" variable of "download_center_lite.inc.php" script. Download Center Lite version 1.5 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12726
  • 05.10.41 - CVE: CAN-2005-0658
  • Platform: Web Application
  • Title: Typo3 SQL Injection
  • Description: Typo3 is a web-based content management system. Typo3 is vulnerable to an SQL injection issue due to insufficient sanitization of the "category_uid" parameter. Typo3 versions 3.7 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/392112
  • 05.10.42 - CVE: CAN-2005-0661
  • Platform: Web Application
  • Title: WoltLab Burning Board Multiple SQL Injection Vulnerabilities
  • Description: WoltLab Burning Board/Burning Board Lite are web-based bulletin board applications. They are vulnerable to multiple SQL injection vulnerabilities due to improper sanitization of user data in the "session.php" script. Woltlab Burning Board versions 2.3.0 and earlier are vulnerable.
  • Ref: http://www.woltlab.de/news/355_en.php
  • 05.10.43 - CVE: CAN-2005-0674
  • Platform: Web Application
  • Title: PaBox Cross Site Scripting
  • Description: PaBox is a web-based guestbook application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input in the "date" and "time" parameters of the "thebox.php" script. PaBox version 1.6 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/392082
  • 05.10.44 - CVE: CAN-2005-0662
  • Platform: Web Application
  • Title: MercuryBoard Avatar Cross-Site Scripting
  • Description: MercuryBoard is a web-based message board application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of the user-supplied URL for the avatar. MercuryBoard versions 1.1.2 and earlier are known to be vulnerable.
  • Ref: http://secunia.com/advisories/14414
  • 05.10.45 - CVE: CAN-2005-0703
  • Platform: Hardware
  • Title: Xerox Microserver Web Server Remote Authorization Bypass
  • Description: Xerox Microserver is a web server which is enabled by default on Xerox WorkCentre devices. A remote authorization bypass issue affects Xerox Microserver web server. This issue could be leveraged to alter configuration settings. All current versions of Xerox Microserver are affected.
  • Ref: http://www.xerox.com/downloads/usa/en/c/cert_XRX05_005.pdf

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2005. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

SANS is a great place to enhance your technical and hands on skills and tools. I thoroughly recommend it.
-Aaron Waugh, Datacom NZ Ltd.

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc