Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 12
March 24, 2005

SANS Newsletters Home

Mozilla, Firefox, and Thunderbird users should install updated software to protect their computers. See (3) below.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Third Party Windows Apps
    • 6 (#1)
    • Mac Os
    • 1 (#4)
    • Linux
    • 1
    • Unix
    • 2
    • Novell
    • 2
    • Cross Platform
    • 14 (#2, #3)
    • Web Application
    • 18
    • Network Device
    • 1
********************* Sponsored By Shavlik ******************************

Now Available! Shavlik HFNetChkPro(tm) version 5 is here! Introducing Shavlik HFNetChkPro(tm) 5, the next generation of security patch management. With over 50 awesome new features including detailed reporting, advanced reboot options, and distribution servers staying up to date on patches has never been easier and your network has never been more secure. Keep your world in Chk with Shavlik. Download the trial version today at http://www.shavlik.com

*************************************************************************
Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
Unix
Novell
Cross Platform
Web Application
Network Device

************************* SPONSORED LINKS *******************************

These links point to sites outside of SANS:

1) 21st Century Cyber Forensics-is your system obsolete? Find out at our webinar on March 30th.
http://www.sans.org/info.php?id=738

2) Free Download! - Intrusion Detection/Prevention, File Integrity and Service Monitoring software
http://www.sans.org/info.php?id=739

*************************************************************************

Highlighted Training Program of the Week
SANSFIRE 2005, in Atlanta in June is SANS first training program co-sponsored with the Internet Storm Center. Attend any of thirteen immersion tracks and also learn about the Internet's early warning system and how it can tell you which of your employers' computers may have been compromised. Wonderful teachers give you material you can put to work immediately upon returning to the office and present the most current tools and techniques. Details at
http://www.sans.org/sansfire2005

What attendees say:
"SANS is the gold standard in network security training, in terms of relevance of material, knowledgeable instructors, and sheer usefulness."
- Steve Keifling, SGI

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: McAfee Multiple Products LHa Processing Overflow
  • Affected:
    • McAfee Scan Engine prior to version 4400
    • McAfee DAT version prior to version 4436
    • All McAfee products (consumer/enterprise) using the vulnerable scan
    • engine or the DAT file

  • Description: LHa is a file compression format that was available prior to zip but is not widely used now. McAfee products support scanning LHa archives for malware detection. ISS X-Force has discovered a stack-based buffer overflow in the McAfee scan engine that can be triggered by a specially crafted LHa archive. The problem occurs due to insufficient buffer allocation for an LHa archive's "type 2" header during the archive decompression. The flaw can be exploited to execute arbitrary code with "SYSTEM" privileges on any system running a vulnerable version of the affected products. In order to exploit the flaw, an attacker has to deliver a specially crafted LHa archive to the target system. This can be accomplished via email, web, FTP or peer-to-peer file sharing. McAfee's advisory also confirms that the scan engine version 4320 (running DAT file prior to version 4357) is vulnerable to another publicly announced LHa decoding buffer overflow in May 2004.

  • Status: McAfee's Scan Engine version 4400 (released November 1, 2004) or higher, and DAT file version 4436 (released March 1, 2005) or higher are not affected. The McAfee products are typically configured to download updates to scan engine or DAT files. Hence, this issue is likely to be fixed by now on most systems.

  • Council Site Actions: Most of the reporting council sites are using the affected software. Everyone commented that they are using the auto-update feature and as such, the affected systems have already been updated. No further action is needed at this time.

  • References:
  • (2) HIGH: Java Web start JNLP File Command Injection
  • Affected:
    • Java Web Start in J2SE versions 1.4.2_x prior to 1.4.2_07

  • Description: Java Web Start Technology is designed for easy deployment of Java-based applications to client desktops. The technology is based on Java Network Launching Protocol and API (JNLP). The JNLP file on a client describes how to download and launch an application. The handling of JNLP file contains a vulnerability that may be used to execute arbitrary commands on the client. Specifically, specially crafted "property" tag parameters in a JNLP file can be used as command arguments to the java executable. In order to exploit this flaw, an attacker would need to deliver the malicious JNLP file to the client system via web or email. Further, the attacker can turn-off the "sandbox" restrictions for java applets, which may be used to launch malicious applets that download malware to the client system. The discoverer claims to have developed a proof-of-concept webpage (not publicly posted) that launches an executable present on the client system. Note that Internet Explorer and other browsers may automatically open JNLP files. Hence, browsing a malicious webpage is sufficient for the client compromise.

  • Status: Sun confirmed patches available.

  • Council Site Actions: Most of the reporting council sites are responding to this issue and plan to deploy the patch during their next regularly scheduled system update process. One site is still evaluating whether the workaround can be used until the patch is applied. Another site commented they already keep Java up to date.

  • References:
  • (3) HIGH: Mozilla Suite GIF Processing Overflow
  • Affected:
    • Mozilla browser version prior to 1.7.6
    • Firefox browser version prior to 1.0.2
    • Thunderbird mail client version prior to 1.0.2

  • Description: Mozilla and Firefox browsers, and Thunderbird email client use a common library to render GIF images. This library contains a heap-based overflow that can be triggered by a malformed "netscape specific" extension block in a GIF image. A GIF image on a webpage or in an email can leverage this flaw to execute arbitrary code on a client system with the privileges of the logged-on user.

  • Status: Mozilla has fixed this flaw. Upgrade to Firefox 1.0.2, Mozilla 1.7.6 and Thunderbird 1.0.2. These versions also fix other security vulnerabilities - access to local XUL files, and another remote code execution vulnerability than can be leveraged if a malicious website has been added to the sidebar panel.

  • Council Site Actions: Due to the late breaking nature of this vulnerability, we could not solicit the council site input for this item.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 12, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4164 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.12.1 - CVE: CAN-2005-0803
  • Platform: Windows
  • Title: Windows GDI Library Denial of Service Vulnerability
  • Description: Windows Graphical Device Interface (GDI) library is vulnerable to a denial of service issue due to a failure of the application to securely copy data from malformed EMF image files. An attacker can exploit this to trigger a denial of service condition to an application using this library. All current versions of Windows 2000 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/393571
  • 05.12.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FileZilla FTP Server Multiple Remote Denial of Service Vulnerabilities
  • Description: FileZilla is an FTP client and server suite. It is vulnerable to multiple denial of service issues due to failure to handle MS-DOS device names and zlib compression. FileZilla version 0.9.6 has been released to fix this issue.
  • Ref: http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=31447
    3
  • 05.12.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ocean FTP Server Remote Denial of Service
  • Description: Ocean FTP Server is affected by a remote denial of service issue. The condition exposes itself when a large number of connections are made simultaneously to the server. Ocean FTP Server version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/12859/info/
  • 05.12.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PVDasm Long File Name Handling Denial of Service
  • Description: Proview Disassembler (PVDasm) is an x86/Chip8 disassembler. It is reported to be vulnerable to a remote denial of service issue, due to improper handling of a file name with more than 100 characters. PVDasm versions 1.6b beta and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12848
  • 05.12.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: OllyDbg Library Module Name Denial of Service
  • Description: OllyDbg is a graphical debugging application. It is affected by a denial of service issue while loading files with large filenames. OllyDbg versions 1.10 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/393747
  • 05.12.6 - CVE: CAN-2005-0804
  • Platform: Third Party Windows Apps
  • Title: MailEnable Remote Format String Vulnerability
  • Description: MailEnable is reported to be vulnerable to a remote format string issue in the print mechanism. A successful attack may result in crashing the server or lead to arbitrary code execution. MailEnable version 1.8 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/393566
  • 05.12.7 - CVE: CAN-2005-0643,CAN-2005-0644
  • Platform: Third Party Windows Apps
  • Title: McAfee Antivirus LHA Library Buffer Overflow
  • Description: McAfee Antivirus LHA library is used by McAfee Antivirus software to process various file formats in order to detect if the file contains malicious code. McAfee Antivirus LHA library is affected by a buffer overflow vulnerability. McAfee recommends applying the latest. DAT files and updating the AV scanning engine to version 4400.
  • Ref: http://us.mcafee.com/root/support.asp?id=4320_faqs
  • 05.12.8 - CVE: CAN-2005-0712, CAN-2005-0716, CAN-2005-0713,CAN-2005-0715
  • Platform: Mac Os
  • Title: Apple Mac OS X Multiple Vulnerabilities
  • Description: Apple Mac OS X is affected by multiple security vulnerabilities. Apple Mac OS X and OS X Server versions 10.3.8 and earlier are known to be vulnerable.
  • Ref: http://docs.info.apple.com/article.html?artnum=301061
  • 05.12.9 - CVE: CAN-2005-0237
  • Platform: Linux
  • Title: KDE Konqueror Source URI Spoofing Vulnerability
  • Description: KDE Konqueror is a web browser. Long sub-domains and file paths are improperly rendered, allowing an attacker to manipulate the source URI presented to unsuspecting users. KDE Konqueror versions 3.3.2 and earlier are affected.
  • Ref: http://bugs.kde.org/show_bug.cgi?id=96297
  • 05.12.10 - CVE: Not Available
  • Platform: Unix
  • Title: Xzabite dyndns Update Multiple Buffer Overflow Vulnerabilities
  • Description: Xzabite dyndns update is a utility designed to monitor a computer's current DHCP IP address and report any changes to the domain name service "dyndns.org". dyndns update is affected by multiple remote buffer overflow vulnerabilities. dyndns update versions 0.6.15 and earlier are known to be vulnerable.
  • Ref: http://security.gentoo.org/glsa/glsa-200503-27.xml
  • 05.12.11 - CVE: CAN-2005-0813
  • Platform: Unix
  • Title: Initial Redirect Remote Buffer Overflow
  • Description: Initial Redirect is a plug-in for the Squid Proxy Cache server. It is vulnerable to a remote buffer overflow issue due to a failure of the application to securely copy user-supplied data into process buffers. Initial Redirect versions 0.2 and earlier are vulnerable.
  • Ref: http://www.vanheusden.com/ir/
  • 05.12.12 - CVE: CAN-2005-0819
  • Platform: Novell
  • Title: Netware Xsession Server Console Access
  • Description: Novell Netware allows Xwindow sessions. The Xvesa code is vulnerable to remote attackers redirecting the Xsession without authentication. Novell Netware version 6.5 SP2 and SP3 are vulnerable.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971038.htm
  • 05.12.13 - CVE: CAN-2005-0806
  • Platform: Novell
  • Title: Novell Evolution Denial of Service
  • Description: Evolution is personal and workgroup information management software. It is affected by a denial of service condition when processing messages with malformed unicode specifications. Evolution version 2.0.3 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/advisories/8245
  • 05.12.14 - CVE: CAN-2005-0399
  • Platform: Cross Platform
  • Title: Mozilla GIF Image Processing Library Remote Heap Overflow
  • Description: Multiple Mozilla products are vulnerable to a remote heap overflow issue when processing specially crafted GIF image. Mozilla has released a fix for all its affected products.
  • Ref: http://www.securityfocus.com/bid/12881
  • 05.12.15 - CVE: CAN-2005-0402
  • Platform: Cross Platform
  • Title: Firefox Sidebar Panel Script Injection Vulnerability
  • Description: Mozilla Firefox is vulnerable to a script injection when a malicious page is bookmarked as a sidebar panel. Firefox version 1.0.2 has been released to fix this issue.
  • Ref: http://www.mozilla.org/security/announce/mfsa2005-31.html
  • 05.12.16 - CVE: CAN-2005-0401
  • Platform: Cross Platform
  • Title: Mozilla Drag and Drop Vulnerability
  • Description: Mozilla Firefox browser is affected by a drag and drop issue that allows restriction bypass on opening privileged XUL. Firefox version 1.0.2 and Mozilla Suite version 1.7.6 have been released to fix this issue.
  • Ref: http://www.mozilla.org/security/announce/mfsa2005-32.html
  • 05.12.17 - CVE: CAN-2005-0762
  • Platform: Cross Platform
  • Title: ImageMagick SGI Parser Heap Overflow Vulnerability
  • Description: ImageMagick is an image editing application that supports numerous image formats. It is reported vulnerable to a remote heap-based buffer overflow. Attackers could leverage this to execute code on a vulnerable system by distributing malicious image files.
  • Ref: http://www.securityfocus.com/advisories/8274
  • 05.12.18 - CVE: CAN-2005-0759, CAN-2005-0760, CAN-2005-0761
  • Platform: Cross Platform
  • Title: ImageMagick TIFF Image Tag Denial of Service
  • Description: ImageMagick is an image editing application that supports numerous image formats. ImageMagick is affected by a denial of service vulnerability. ImageMagick versions 5.5.7 and earlier are known to be vulnerable.
  • Ref: http://rhn.redhat.com/errata/RHSA-2005-070.html
  • 05.12.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DeleGate Multiple Unspecified Buffer Overflows
  • Description: DeleGate is a multi-purpose application level gateway. It is reported vulnerable to multiple buffer overflow conditions. These can be leveraged to cause a denial of service or execute code on a vulnerable system. DeleGate versions 8.10.2 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12867/
  • 05.12.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FUN labs Game Engine Multiple Denial of Service Vulnerabilities
  • Description: Multiple FUN labs games are affected by remote denial of service issues due to improper handling of exception conditions.
  • Ref: http://www.securityfocus.com/bid/12862
  • 05.12.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: php-fusion setuser.php HTML Injection
  • Description: php-fusion is a web content management system. php-fusion is affected by an HTML injection vulnerability. php-fusion versions 5.0 and earlier are known to be vulnerable.
  • Ref: http://www.php-fusion.co.uk/news.php?readmore=190
  • 05.12.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Icecast XSL Multiple Vulnerabilities
  • Description: Icecast is an open source streaming audio server. It is vulnerable to multiple issues such as a buffer overflow within the XSL parser and sensitve information disclosure. Icecast versions 2.20 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/393705
  • 05.12.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Web Start System Remote Unauthorized Access
  • Description: Java Web Start is affected by a remote unauthorized access issue. An attacker may craft specifically defined properties that will cause the Java sandbox protection to be deactivated. This will allow remote, untrusted applets to gain read, write, and execute access. Java Web Start in J2SE version 1.4.2 releases prior to version 1.4.2_07 is affected.
  • Ref: http://www.securityfocus.com/archive/1/393696
  • 05.12.24 - CVE:CAN-2005-0809, CAN-2005-0810, CAN-2005-0811, CAN-2005-0812
  • Platform: Cross Platform
  • Title: NotifyLink Enterprise Server Multiple Vulnerabilities
  • Description: NotifyLink Enterprise Server is used to synchronize email between a PDA and a mail server. It is affected by multiple issues including information disclosure, unauthorized access and SQL injection. NotifyLink Enterprise Server versions 3.0 and earlier are known to be vulnerable.
  • Ref: http://www.kb.cert.org/vul s/id/770532"> http://www.kb.cert.org/vul s/id/770532 http://www.kb.cert.org/vul s/id/131828 http://www.kb.cert.org/vul s/id/264097 http://www.kb.cert.org/vul s/id/581068
  • 05.12.25 - CVE: CAN-2005-0805
  • Platform: Cross Platform
  • Title: Subdreamer SQL Injection
  • Description: Subdreamer is a content management system. It is vulnerable to an SQL injection issue in the "index.php" script when "magic_quotes_gpc" is enabled. All versions of Subdreamer Light are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/393651
  • 05.12.26 - CVE: CAN-2005-0770
  • Platform: Cross Platform
  • Title: IDA Pro Dynamically Linked Library Format String Vulnerability
  • Description: DataRescue IDA Pro is a disassembler and debugger utility. It is reported to be vulnerable to a client-side format string issue due to a failure of the application to securely implement a formatted printing function. IDA Pro version 4.7.0.830 is reported to be vulnerable.
  • Ref: http://secunia.com/advisories/14610/
  • 05.12.28 - CVE: Not Available
  • Platform: Web Application
  • Title: Interspire ArticleLive Cross-Site Scripting Vulnerability
  • Description: Interspire ArticleLive is a web content management application. It is vulnerable to a cross-site scripting issue due to a failure of the application to properly sanitize user-supplied input to the "newcomment.php" file. An attacker can leverage this issue to run arbitrary script code in the browser of a user. Interspire ArticleLive 2005 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/394069
  • 05.12.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Vortex Portal Remote PHP File Include Vulnerability
  • Description: Vortex Portal is content management software for gaming. It is vulnerable to a remote file include issue due to improper sanitization of user-supplied input of the "act" variable in the "content.php" and "index.php" scripts. Vortex Portal version 2.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12878
  • 05.12.30 - CVE: Not Available
  • Platform: Web Application
  • Title: BirdBlog SQL Injection Vulnerability
  • Description: BirdBlog is a web blog application. It is vulnerable to a remote SQL injection issue do to insufficient sanitization of user-supplied data in the "userid" and "userpw" parameters of the "admincore.php" script. BirdBlog version 1.2.0 has been released to fix this issue.
  • Ref: http://www.securityfocus.com/bid/12880
  • 05.12.31 - CVE: Not Available
  • Platform: Web Application
  • Title: NetWin SurgeMail Multiple Remote Unspecified Vulnerabilities
  • Description: NetWin SurgeMail is an email server application. It is reported to be vulnerable to multiple remote unspecified issues due to improper sanitization in the "user.cgi" script. NetWin SurgeMail versions 3.0a and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12866
  • 05.12.32 - CVE: CAN-2005-0662
  • Platform: Web Application
  • Title: MercuryBoard HTML Injection
  • Description: MercuryBoard is a web-based message board application. It is vulnerable to an HTML injection vulnerability due to insufficient sanitization of user-supplied data in the "title" field. MercuryBoard version 1.1.2 is known to be vulnerable.
  • Ref: http://secunia.com/advisories/14679/
  • 05.12.33 - CVE: Not Available
  • Platform: Web Application
  • Title: Phorum HTTP Response Splitting Vulnerability
  • Description: Phorum is a web based content management system. Insufficient sanitization of the "Location" parameter exposes the application to an HTTP response splitting issue. Phorum versions 5.0.14a and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/393953
  • 05.12.34 - CVE: Not Available
  • Platform: Web Application
  • Title: Kayako ESupport index.php Cross-Site Scripting
  • Description: Kayako ESupport is a web-based support and help desk application. It is vulnerable to a cross-site scripting issue due to a failure of the application to properly sanitize parameters to the "index.php" script. This can be exploited by an attacker to run arbitrary script in a user's browser. ESupport versions 2.3 and earlier are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/393946
  • 05.12.35 - CVE: Not Available
  • Platform: Web Application
  • Title: phpmyfamily Multiple SQL Injection Vulnerabilities
  • Description: phpmyfamily is a web-based genealogy application. It is affected by multiple SQL injection vulnerabilities. Attackers can leverage these to compromise the remote backend database.
  • Ref: http://www.securityfocus.com/archive/1/393826
  • 05.12.36 - CVE: Not Available
  • Platform: Web Application
  • Title: Betaparticle Blog Multiple Remote Vulnerabilities
  • Description: Betaparticle is a blog and content management application. It is vulnerable to multiple remote vulnerabilities which can be exploited by an attacker to gain unauthorized access. Betaparticle versions 3.0 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/393803
  • 05.12.37 - CVE: Not Available
  • Platform: Web Application
  • Title: CzarNews Remote File Include Vulnerability
  • Description: CzarNews is a news manager written in PHP. CzarNews is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied data in the "tpath" parameter of the "headlines.php" script. CzarNews version 1.13b is known to be affected.
  • Ref: http://secunia.com/advisories/14670/
  • 05.12.38 - CVE: Not Available
  • Platform: Web Application
  • Title: CoolForum Cross-Site Scripting and SQL Injection
  • Description: CoolForum is a bulletin board system. It is reported to be vulnerable to multiple issues including cross-site scripting and SQL injection. An attacker may leverage these issues towards theft of authentication credentials from legitimate clients or compromise the remote backend database.
  • Ref: http://www.securityfocus.com/bid/12852/
  • 05.12.39 - CVE: Not Available
  • Platform: Web Application
  • Title: Ciamos Information Disclosure
  • Description: Ciamos is a web-based content management system. A remote attacker aware of the installation path of the affected software may disclose the source of the "mainfile.php" file which contains Ciamos database credentials. Ciamos versions 0.9.2 RC1 and earlier are affected.
  • Ref: http://www.ihsteam.com/download/advisory/Ciamos%20highlight%20hole.txt
  • 05.12.40 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPOpenChat Multiple HTML Injection Vulnerabilities
  • Description: PHPOpenChat is a chat server. It is vulnerable to multiple HTML injection issues due to a failure in the application to properly sanitize user-supplied input in the "regulars.php" script. This issue can be exploited to steal cookie-based authentication credentials. PHPOpenChat version 3.0.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/393649
  • 05.12.41 - CVE: Not Available
  • Platform: Web Application
  • Title: RunCMS Database Configuration Information Disclosure
  • Description: RunCMS is a web-based messaging system. It is reported to be vulnerable to an information disclosure issue due to improper sanitization of the "file" parameter in the "highlight.php" script. RunCMS version 1.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12848
  • 05.12.42 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Post Multiple Remote Input Validation Vulnerabilities
  • Description: PHP-Post is a web-based forum application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied data. PHP-Post version 0.22 has been released to fix these issues.
  • Ref: http://www.php-post.co.uk/index.php?s=content&p=download
  • 05.12.43 - CVE: CAN-2005-0802
  • Platform: Web Application
  • Title: ACS Blog Cross-Site Scripting Vulnerability
  • Description: ACS Blog is a web blog application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of the "search" parameter in the "search.asp" script. ACS Blog versions 0.8 to 1.1b are known to be vulnerable.
  • Ref: http://secunia.com/advisories/14625/
  • 05.12.44 - CVE: CAN-2005-0800
  • Platform: Web Application
  • Title: mcNews install.php Arbitrary File Include Vulnerability
  • Description: mcNews is a news management script. Insufficient sanitization of the "l" parameter in the "install.php" script exposes a remote file include issue. mcNews versions 1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/12835/info/
  • 05.12.45 - CVE: CAN-2005-0818
  • Platform: Web Application
  • Title: PunBB Multiple HTML Injection Vulnerabilities
  • Description: PunBB is a bulletin board application. It is reported to be vulnerable to an html injection issue due to improper sanitization of user-supplied input in the "email" and "Jabber" variables. PunBB version 1.2.3 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12828
  • 05.12.46 - CVE: Not Available
  • Platform: Network Device
  • Title: Belkin 54G Wireless Router Multiple Vulnerabilities
  • Description: Belkin 54G model F5D7130 is a 4-Port wireless access point/router. The router is affected by various information disclosure issues using UPNP datagram and SNMP packets. It is also affected by an SNMP denial of service condition. Belkin 54G model F5D7130 is affected.
  • Ref: http://www.securityfocus.com/bid/12846/info/

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end== Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org Copyright 2005. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

SANS is the fastest way to go from an Information Security beginner to an Information Security guru.
-Dave Howard, Emerson

Forensics 585

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage