3 Days Left to Save $400 on SANS Albuquerque 2014

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 28
July 15, 2005

Another week of skyrocketing numbers of new vulnerabilities discovered. We'll be publishing exact numbers in ten days, but to give you a preview we are seeing more than 50% increases in the numbers of vulnerabilities from last year. And a lot of them are critical.

This week, users of Microsoft, Cisco Oracle, Apple, Firefox, and even Kerberos software all have work to do.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 3 (#2)
    • Microsoft Office
    • 1 (#3)
    • Other Microsoft Products
    • 2 (#1)
    • Third Party Windows Apps
    • 4 (#5, #10)
    • Mac Os
    • 1 (#7)
    • Linux
    • 3
    • Aix
    • 1
    • Unix
    • 2
    • Cross Platform
    • 9 (#4, #6, #8, #9)
    • Web Application
    • 47
    • Network Device
    • 6

******************** Security Training News******************************

1) SANS@HOME: Live courses with SANS best teachers - without leaving your home or office - amazingly effective and satisfying. Hacker Techniques, Auditing, SANS Security Essentials, Firewalls, all start within the next two weeks. Sign up today at www.sans.org

2) SANS Network Security 2005 in New Orleans (October) just opened for registration http://www.sans.org/ns2005

Why Attend SANS Training Instead of Less Effective Courses? "SANS reminds me of 'The Matrix'. You can take the blue pill and go on happily thinking your network is safe, or you can take the red pill and find out what the computer world is really like. This class is the red pill, and if it doesn't drive you insane in the process, you will leave better prepared to handle the real world of security." (Shawn Wenzel, Par Pharmaceutical)

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Aix
Unix
Cross Platform
Web Application
Network Device

********************** Sponsored Links: *********************************

1) Twelve Intrusion Prevention Systems (IPS) are tested and evaluated. Find out which one is selected as the SC Magazine "Best Buy." http://www.sans.org/info.php?id=817

2) Stop Phishers from Hijacking your Website! How businesses can protect their websites from phishing attacks. Download free whitepaper. http://www.sans.org/info.php?id=818

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Microsoft Color Management Module Overflow (MS05-036)
  • Affected:
    • Windows 2000/XP/2003
  • Description: The International Color Consortium (ICC) has designed an open, vendor-neutral cross-platform color management system that ensures color fidelity when an image is moved across different systems. Microsoft implements the ICC specification in its color management modules (icm32.dll and mscms.dll). A stack-based buffer overflow can be triggered when these DLLs decode certain ICC color tags. Hence, any image with malformed ICC color tags can trigger the buffer overflow that may be exploited to execute arbitrary code. The malicious image can be hosted on a website or a shared folder, or sent via email or instant messenger. Note that although no further technical details have been posted, Microsoft reports that the flaw is being exploited in the wild.

  • Status: Apply the patch referenced in the Microsoft Bulletin MS05-036.

  • Council Site Actions: All reporting council sites are responding to this item. They are either treating this as a critical issue and are remediating right away, or are scheduling it for their next regularly scheduled system update process. One site does not yet have a site-wide strategy for updating Office on desktop machines. Therefore, they rely on automatic update or the users manually visiting the Office Update site.

  • References:
  • (3) HIGH: Microsoft Word Font Parsing Buffer Overflow (MS05-035)
  • Affected:
    • Microsoft Word 2000/2002
    • Microsoft Works Suite 2000-2004
  • Description: Microsoft Word contains a stack-based buffer overflow that can be triggered by a Word document containing overlong font names. This can be exploited to execute arbitrary code. The code execution is reportedly challenging due to the fact that the user-supplied data is written in the process memory as Unicode. In order to exploit the flaw, an attacker needs to convince a victim to open a crafted Word file. The technical details about the flaw have been publicly posted. Note that an e-mail virus can likely exploit this flaw to spread itself.

  • Status: Apply the patch referenced in the Microsoft Bulletin MS05-035. Users should be advised not to open Word documents from unknown parties.

  • Council Site Actions: All reporting council sites are responding to this item. They are either treating this as a critical issue and are remediating right away, or are scheduling it for their next regularly scheduled system update process. One site does not yet have a site-wide strategy for updating Office on desktop machines. Therefore, they rely on automatic update or the users manually visiting the Office Update site. One site is also evaluating whether to speed up their migration (already underway) to Office 2003 or go to Office XP SP3 and then install patch.

  • References:
  • (5) HIGH: Cisco Call Manager Remote Compromise
  • Affected:
    • Cisco CallManager 3.2 and earlier
    • Cisco CallManager 3.3, versions earlier than 3.3(5)
    • Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2b
    • Cisco CallManager 4.1, versions earlier than 4.1(3)SR1
  • Description: Cisco Call Manager, which runs on Windows platform, is the main server in a Cisco enterprise VoIP deployment. The Call Manager is responsible for the call processing and routing functions. The Cisco Call Manager runs a process aupair.exe for database related functions. This process contains a DoS vulnerability as well as a heap-based overflow that can be exploited by an unauthenticated attacker to execute arbitrary code. Note that causing a denial-of-service to Call Manager may result in loss of phone service in an enterprise. Compromising a Call Manager can lead to further compromise of the VoIP infrastructure such as the media gateways, toll fraud, eavesdropping etc. Limited technical details regarding how to trigger the overflow have been posted in the advisories.

  • Status: Cisco has released updates that also address other DoS vulnerabilities in Call Manager.

  • Council Site Actions: Only one council site responded to this item. They will patch their systems in Development ahead of the normal patch cycle and then push into production after QA process.

  • References:
  • (6) HIGH: zlib Compression Library Buffer Overflow
  • Affected:
    • zlib version 1.2.1 and 1.2.2
  • Description: zlib is a popular compression library that is widely used by programs across all OSs including Linux, Mac OS and Windows. This library contains a buffer overflow that can be triggered by a specially crafted compressed file. An attacker, who can deliver such a crafted file to a program using zlib, may exploit the overflow to execute arbitrary code. For example, a webserver can set "Content-Encoding" HTTP header to gzip, which may lead to an overflow in the browser using the zlib library. The technical details required to craft a malicious file may be obtained by examining the patch.

  • Status: The vendor will release an official update soon. Many Linux vendors have already provided updates. A list of applications that use zlib can be found at: http://www.gzip.org/zlib/apps.gz.html. Many of these applications may require an update from the corresponding vendor.

  • Council Site Actions: Only a few of the council sites are responding to this item. One site said their Linux systems will obtain updated packages from the Linux vendor, as the packages become available. Another site will patch their externally accessible servers immediately, and then roll out to internal servers as part of their standard patch cycle. The other sites are still evaluating their risk/exposure level and formulating a remediation response.

  • References:
  • (7) HIGH: Apple Mac OS Arbitrary Widget Download
  • Affected:
    • Mac OS X version 10.4
    • Mac OS X Server version 10.4
  • Description: Mac OS X Tiger introduced a new feature called "Dashboard" with support for "Widgets". Widgets can be written in HTML/Javascript and their function is to enhance existing applications. The Dashboard widgets can also make system calls. A problem arises because a user can craft a malicious widget that can replace a Dashboard widget. Further, Safari browser can download widgets silently. Hence, a malicious webpage can install arbitrary Widgets on a user's system that can result in execution of arbitrary code. A proof-of-concept exploit has been posted.

  • Status: Apple has released an update 10.4.2 to correct this issue. The update alerts users if an attempt is made to replace system widgets with a new widget.

  • Council Site Actions: Only one council site is responding to this item. They have approximately five hundred Mac OS X 10.4 machines, and the great majority has already been updated through the Software Update facility.

  • References:
  • (9) MODERATE: MIT Kerberos Multiple Vulnerabilities
  • Affected:
    • MIT Kerberos releases krb5-1.4.1 and prior
    • kpropd daemon in releases krb5-1.4.1 and prior
    • klogind and krshd daemons in releases krb5-1.4.1 and prior
    • Any programs that invoke the krb5_recvauth function
  • Description: Kerberos, a network protocol created at MIT, is used to provide strong authentication for client/server applications. The MIT Kerberos implementation is widely used by many network vendors and Linux/Unix flavors. (a) The krb5_recvauth function, which processes an authentication message stream, contains a double-free vulnerability i.e. under certain conditions, the function frees the same memory twice. This can be potentially exploited by an unauthenticated attacker to execute arbitrary code with the privileges of the program invoking the krb5_recvauth function. The main program that uses the vulnerable function is kpropd (Kerberos Propagation Daemon). This program runs on the slave Kerberos Key Distribution Centers (KDC) and receives updates from the Master KDC. Compromising kpropd may result in compromising the entire organization ("Kerberos realm"). Other programs that are known to use the vulnerable function are: klogind and krshd, the kerberized versions of rlogin and rsh. Note that the double free memory bugs are generally harder to leverage to execute arbitrary code, and the exploit code tends to be platform dependent (as opposed to be universal). Hence, a widespread exploitation of this flaw is less probable. (b) The KDC authenticates a client, and provides the client with "tickets" that can be used to access other kerberized services. The KDC contains heap corruption and single byte heap overflow vulnerabilities that may be exploited by an unauthenticated attacker to possibly execute arbitrary code on the KDC server or to cause a denial-of service to the KDC server. The KDC server compromise can also result in compromising the entire organization ("Kerberos realm"). An attacker controlled KDC server can be further used to compromise the Kerberos clients. Exploit code is not currently available. The technical details required to leverage these flaws can be obtained by examining the patch files.

  • Status: MIT Kerberos krb5-1.4.2 will fix these vulnerabilities. Third party programs can be re-compiled with the patches provided in the advisories. A workaround for the krb5_recvauth overflow is to block the ports used by kpropd, klogind and krshd at the network perimeter which are 754/tcp, 543/tcp and 544/tcp respectively.

  • Council Site Actions: Three of the reporting council sites responded to this item. Two of these sites have already patched their systems. One site is still evaluating their risk/exposure level and will patch if necessary. They said they block kpropd, klogind and krshd at their security perimeters.

  • References:
Other Software
  • (10) MODERATE: MailEnable IMAP STATUS Overflow
  • Affected:
    • MailEnable Professional version 1.5 through 1.54
    • MailEnable Enterprise versions 1.0 through 1.04
  • Description: MailEnable, a Windows-based mail server, contains a stack-based buffer overflow in its IMAP server. An authenticated attacker can trigger the flaw by sending an overlong argument to the STATUS command. The flaw can be exploited to execute arbitrary code with SYSTEM privileges. Note that the ISPs who are using this mail server should apply the update immediately to prevent their user base from compromising the mail system.

  • Status: Vendor has supplied hotfixes.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 28, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4405 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.


  • 05.28.1 - CVE: CAN-2005-1219
  • Platform: Windows
  • Title: Windows Color Management Module ICC Profile Buffer Overflow
  • Description: Microsoft Windows provides an implementation for the ICC (International Color Management) standard through the Color Management Module. Microsoft Windows is susceptible to a buffer overflow vulnerability in the Color Management Module. Successful exploitation may result in execution of arbitrary code in the context of the currently logged in user.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS05-036.mspx

  • 05.28.2 - CVE: CAN-2005-2150
  • Platform: Windows
  • Title: Windows MSRPC SVCCTL Service Enumeration
  • Description: Microsoft Windows is vulnerable to an issue that can allow anonymous remote attackers to enumerate installed or running services due to hardcoded named pipes allowing for NULL sessions. See Microsoft Security Advisory 891861 for list of vulnerable hosts.
  • Ref: http://www.microsoft.com/technet/security/advisory/891861.mspx

  • 05.28.3 - CVE: CAN-2005-2150
  • Platform: Windows
  • Title: Windows MSRPC Eventlog Information Disclosure
  • Description: Microsoft Windows allows remote attackers to disclose the application or system eventlog of an affected computer. This issue may be exploited using hardcoded named pipes allowed for NULL sessions. Microsoft Windows NT and 2000 systems are affected.
  • Ref: http://support.microsoft.com/default.aspx/kb/891861?#XSLTH3120121123120121120120

  • 05.28.4 - CVE: CAN-2005-0564
  • Platform: Microsoft Office
  • Title: Word Malformed Document Font Processing Buffer Overflow
  • Description: Microsoft Word is affected by a remote buffer overflow vulnerability. This vulnerability results from insufficient boundary checks performed by the application before copying user-supplied data into sensitive process buffers. An attacker may exploit this issue to gain unauthorized access to a vulnerable computer in the context of the user running the application. Please refer to the advisory link below for details on the versions of Microsoft Word that are affected.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS05-035.mspx

  • 05.28.5 - CVE: CAN-2005-2224
  • Platform: Other Microsoft Products
  • Title: ASP.NET RPC/Encoded Remote Denial of Service
  • Description: Microsoft ASP.NET is a collection of technologies that supports a range of common HTTP tasks. ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests. Remote attackers may exploit this vulnerability to consume excessive CPU resources, potentially denying service to legitimate users.
  • Ref: http://www.spidynamics.com/spilabs/advisories/aspRCP.html

  • 05.28.6 - CVE: CAN-2005-2226
  • Platform: Other Microsoft Products
  • Title: Outlook Express Multiple Vulnerabilities
  • Description: Microsoft Outlook Express is vulnerable to various issues such as allowing remote attackers to cause the client to crash or disclose sensitive information. Microsoft Outlook Express 6.0 running Windows XP is vulnerable.
  • Ref: http://support.microsoft.com/kb/900930/EN-US/

  • 05.28.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cisco Security Agent Crafted IP Packet Denial of Service
  • Description: Cisco Security Agent is a network security application with "threat protection" capabilities. It is reported to be vulnerable to a denial of service issue due to improper handling of specially crafted IP packets. Cisco Security Agent version 4.5 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14247

  • 05.28.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Clearswift MIMEsweeper For Web ActiveX Bypass
  • Description: Clearswift MIMEsweeper For Web is a security product that filters content. It is vulnerable to a bypass security restriction issue when the application does not sanitize ActiveX code. MIMEsweeper For Web versions 5.0.5 and earlier are vulnerable.
  • Ref: http://secunia.com/advisories/16048/

  • 05.28.9 - CVE: CAN-2005-1015
  • Platform: Third Party Windows Apps
  • Title: MailEnable IMAP SELECT Request Buffer Overflow
  • Description: MailEnable's IMAP server has a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the affected application.
  • Ref: http://www.coresecurity.com/common/showdoc.php?idx=467&idxseccion=10

  • 05.28.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SoftiaCom WMailserver Remote Denial of Service
  • Description: SoftiaCom WMailserver is email server software. It is vulnerable to a denial of service issue in its connection handling code. A remote attacker could exploit this issue to terminate the application, denying service to legitimate users. SoftiaCom WMailserver version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14213/info

  • 10.4 - CVE: CAN-2005-219410.4.1 and are vulnerable.
  • Platform: Mac Os
  • Title: Mac OSX Unspecified TCP/IP Remote Denial of Service
  • Description: Apple Mac OS X is vunerable to a remote denial of service issue due to a NULL pointer dereference that manifests in the kernel when crafted TCP/IP packets are processed. Apple Mac OS X versions
  • Ref: http://docs.info.apple.com/article.html?artnum=301948

  • 05.28.12 - CVE: Not Available
  • Platform: Linux
  • Title: Nokia Affix BTFTP Client Filename Remote Buffer Overflow
  • Description: Nokia Affix is a Bluetooth protocol stack. The btftp client software included with it is vulnerable to a remote client-side buffer overflow issue due to a lack of sufficient boundary checks that are performed on filename data before this data is copied into a finite memory buffer. An attacker might exploit this issue to get hold of directory listings or other attacks. Nokia Affix versions 3.2 and earlier are vulnerable.
  • Ref: http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txt

  • 05.28.13 - CVE: CAN-2005-2250
  • Platform: Linux
  • Title: Nokia Affix BTSRV/BTOBEX Remote Command Execution
  • Description: Nokia Affix is a Bluetooth protocol stack. The software ships with OBEX (Object Exchange) File Transfer services named "btsrv/btobex". These services are reported prone to a remote command execution vulnerability. A remote attacker who access the affected services may execute arbitrary commands by enclosing them in backtick (`) characters. Because the affected services run with superuser privileges, this issue may be exploited to fully compromise a target computer that is running the affected software.
  • Ref: http://www.digitalmunition.com/DMA%5B2005-0712b%5D.txt

  • 05.28.14 - CVE: CAN-2005-2177
  • Platform: Linux
  • Title: Net-SNMP Unspecified Remote Stream-Based Protocol Denial of Service
  • Description: Net-SNMP is an SNMP (Simple Network Management Protocol) package that supplies users with a server as well as client utilities to support SNMP. A remote denial of service vulnerability exists in Net-SNMP. The issue is exposed when Net-SNMP is configured to have an open stream-based protocol port, for example TCP. A remote attacker may exploit this issue to deny SNMP service for legitimate users.
  • Ref: http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=1245
    5

  • 05.28.15 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX FTP Ephemeral Port Exhaustion Denial of Service
  • Description: IBM AIX FTP server is reported to be vulnerable to a remote denial service issue. A remote authenticated FTP user may exhaust all available ephemeral network ports on the computer. IBM AIX version 5.3 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14193

  • 05.28.16 - CVE: CAN-2005-1859
  • Platform: Unix
  • Title: SGI ArrayD ARShell Remote Privilege Escalation
  • Description: SGI Array ARShell is used to execute remote commands on computers in arrays. It is susceptible to a remote privilege escalation vulnerability allowing users to execute ARShell commands on remote array computers with superuser privileges. SGI ProPack versions 4.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/advisories/8851

  • 05.28.17 - CVE: CAN-2005-2259
  • Platform: Unix
  • Title: Multiple USANet Creations Products Remote Command Execution
  • Description: Multiple USANet Creations products are affected by a remote command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. This issue may facilitate unauthorized remote access to an attacker in the context of the Web server to the affected computer.
  • Ref: http://www.securityfocus.com/bid/14179

  • 05.28.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Suite, Firefox and Thunderbird Multiple Vulnerabilities
  • Description: The Mozilla Foundation has released 12 security advisories specifying security vulnerabilities in Mozilla Suite, Firefox, and Thunderbird. Please refer to the advisory for further details. These vulnerabilities have been addressed in Firefox version 1.0.5 and Mozilla Suite 1.7.9. Mozilla Thunderbird has not been fixed at this time.
  • Ref: http://www.securityfocus.com/bid/14242/references

  • 05.28.19 - CVE: CAN-2005-1689
  • Platform: Cross Platform
  • Title: Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free
  • Description: MIT Kerberos is a network authentication protocol. It is prone to a remote double-free issue that exists in the "revcauth_common()" helper function. The issue manifests when the "sendauth" version and "application" version strings that are received from a remote source are checked. MIT Kerberos versions 5.0 -1.4.1 and earlier are affected.
  • Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

  • 05.28.20 - CVE: CAN-2005-1175
  • Platform: Cross Platform
  • Title: MIT Kerberos 5 Key Distribution Center Remote Heap Overflow
  • Description: MIT Kerberos 5 Key Distribution Center (KDC) implementation is affected by a remote single-byte heap overflow vulnerability due to insufficient boundary checks performed by the software before copying user-supplied data into sensitive process buffers. An attacker could leverage this issue to cause a denial of service condition or execute arbitrary code. MIT Kerberos 5 versions krb5-1.4.1 and earlier are vulnerable.
  • Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt

  • 05.28.21 - CVE: CAN-2005-1174
  • Platform: Cross Platform
  • Title: MIT Kerberos 5 Key Distribution Center Remote Denial of Service
  • Description: Kerberos is a network authentication protocol. KDC is reported to be vulnerable to a denial of service issue due. The issue arises when the application handles a principle name consisting of zero components. All MIT Kerberos 5 releases up to and including krb5-1.4.1 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14240

  • 05.28.22 - CVE: CAN-2005-1848
  • Platform: Cross Platform
  • Title: dhcpcd Remote Denial of Service
  • Description: dhcpcd has a remote denial of service issue. This issue arises because the application fails to handle exception conditions in a proper manner. A remote attacker may trigger this condition to crash the daemon and deny service to legitimate users. dhcpcd 1.3.22pl4 is reported to be affected.
  • Ref: http://www.securityfocus.com/advisories/8862

  • 05.28.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: 4D WebStar Unspecified Vulnerability
  • Description: 4D WebStar server is a client/server database, development and deployment application. An unspecified security vulnerability exists in the application. The vendor has released an update.
  • Ref: http://www.securityfocus.com/bid/14192/

  • 05.28.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Management Framework Endpoint Remote Denial of Service
  • Description: IBM Tivoli Management Framework is a suite of management applications for the management of cross-platform computers. It is reported to be vulnerable to a remote denial of service issue due to a failure of the application to properly handle exceptional conditions. IBM Tivoli Management Framework version 4.1.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14194

  • 05.28.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Vendor VoIP Phones Spoofed SIP Status Message Handling Weakness
  • Description: Session Initiation Protocol (SIP) is a signaling protocol for Internet conferencing, telephony, events notification and instant messaging. The issue arises because the affected phones do not verify the "Call-ID", "tag" and "branch" headers of NOTIFY messages and process spoofed status messages instead of rejecting the messages. Cisco 7940 and 7960 and Grandstream BT 100 phones are affected by this issue. Other vendors may be vulnerable as well.
  • Ref: http://www.securityfocus.com/bid/14174/references

  • 05.28.26 - CVE: CAN-2005-2096
  • Platform: Cross Platform
  • Title: Zlib Compression Library Buffer Overflow Vulnerability
  • Description: The Zlib compression library is a library designed for compression and decompression of data. It is reported to be vulnerable to a buffer overflow issue in the "inflate_table()" function in the "inftrees.c" file. Zlib versions 1.2.2 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14162

  • 05.28.27 - CVE: CAN-2005-2095
  • Platform: Web Application
  • Title: SquirrelMail Unspecified Variable Handling Vulnerability
  • Description: SquirrelMail is a Web mail application It is affected by an unspecified variable-handling vulnerability. It was reported that an attacker can exploit this vulnerability to disclose and manipulate users' preferences, write to arbitrary files in the context of "www-data" and carry out cross-site scripting attacks.
  • Ref: http://www.securityfocus.com/bid/14254/

  • 05.28.28 - CVE: Not Available
  • Platform: Web Application
  • Title: WebEOC Multiple Input Validation Privilege Escalation and Denial of Service Vulnerabilities
  • Description: ESi WebEOC is a web-based emergency management communications system. WebEOC is affected by multiple vulnerabilities. These issues are due to a series of input validation, access validation and other design errors in the application. Please refer to the advisory for further details. The vendor has addressed these issues in WebEOC version 6.0.2.
  • Ref: http://www.securityfocus.com/bid/14249/references

  • 05.28.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Emilda Management.PHP Input Validation
  • Description: Emilda is a library management system implemented in PHP. Emilda is affected by an input validation vulnerability. An attacker can supply an arbitrary value to the 'user_id' parameter and modify the user's information. This would result in a loss of integrity and possible confidentiality. The vendor has addressed this version in Emilda version 1.2.3.
  • Ref: http://www.securityfocus.com/bid/14244

  • 05.28.30 - CVE: Not Available
  • Platform: Web Application
  • Title: WPS Wps_shop.CGI Remote Command Execution
  • Description: Web portal system (WPS) is a Perl web application. It is vulnerable to a remote arbitrary command execution issue due to insufficient sanitization of user-supplied data in the "wps_shop.cgi" script. An attacker could leverage this issue to get unauthorized remote access in the context of the Web server to the affected computer. WPS version 0.7 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14245/info

  • 05.28.31 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPsFTPd Inc.Login.PHP Privilege Escalation
  • Description: PHPsFTPd is a web-based administrator interface for SlimFTPd. PHPsFTPd is affected by a privilege escalation vulnerability. An attacker can exploit this vulnerability to retrieve the administrator username and password.
  • Ref: http://www.securityfocus.com/bid/14222

  • 05.28.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Squito Gallery Photolist.INC.PHP File Include
  • Description: Squito Gallery is a web bulletin board application. It is reported to be vulnerable to a remote file include issue due to improper sanitization of user-supplied input to the "photoroot" parameter in the "photolist.inc.php" script. SquitoSoft Squito Gallery versions 1.3.3 and 1.3.2 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14219

  • 05.28.33 - CVE: Not Available
  • Platform: Web Application
  • Title: iPhotoAlbum File Inclusion Vulnerabilities
  • Description: IPhotoAlbum is a web-based photo album application. It is vulnerable to multiple local and remote file include issues due to insufficent sanitization of user input to the "doc_path" parameter of the "getpage.php" script, and the "set_menu" parameter in the "header.php" script. IPhotoAlbum versions 1.1 and earlier are vulnerable.
  • Ref: http://secunia.com/advisories/16031/

  • 05.28.34 - CVE: Not Available
  • Platform: Web Application
  • Title: Yawp Conf_Path Remote File Include
  • Description: Yawp is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process.
  • Ref: http://www.securityfocus.com/archive/1/404948

  • 05.28.35 - CVE: CAN-2005-2221
  • Platform: Web Application
  • Title: Dragonfly Commerce Multiple SQL Injection Vulnerabilities
  • Description: Dragonfly Commerce is web shopping cart software. It is prone to multiple SQL injection vulnerabilities due to improper sanitization of user input to various scripts. Dragonfly Commerce version 1.0 is vulnerable.
  • Ref: http://securitytracker.com/alerts/2005/Jul/1014451.html

  • 05.28.36 - CVE: Not Available
  • Platform: Web Application
  • Title: DVBBS ShowErr.ASP Cross-Site Scripting
  • Description: Dvbbs is Web forum software. It is vulnerable to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to the "action" parameter of "showerr.asp". An attacker might leverage this issue to steal cookie-based authentication credentials as well as other attacks. Dvbbs version 7.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14223/info

  • 05.28.37 - CVE: Not Available
  • Platform: Web Application
  • Title: ASPNuke Comment_Post.ASP Cross-Site Scripting
  • Description: ASPNuke is web portal software implemented in ASP. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input to the "TaskID" parameter of the "comment_post.asp" script. ASPNuke version 0.80 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14226

  • 05.28.38 - CVE: CAN-2005-2203
  • Platform: Web Application
  • Title: phpWishList Unauthorized Administrator Access
  • Description: phpWishList is a web-based application for managing wishlists. It is prone to a vulnerability regarding the unauthorized access to administrator functions. This issue could be exploited to elevate privileges. This could aid in further attacks against the underlying system; other attacks are also possible. phpWishlist versions 0.1.14 is reported vulnerable.
  • Ref: http://www.securityfocus.com/bid/14202

  • 05.28.39 - CVE: Not Available
  • Platform: Web Application
  • Title: Computer Associates eTrust SiteMinder Cross-Site Scripting
  • Description: eTrust SiteMinder has multiple cross-site scripting vulnerabilities. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
  • Ref: http://secunia.com/advisories/15956/

  • 05.28.40 - CVE: CAN-2005-2197
  • Platform: Web Application
  • Title: ID Board SQL.CLS.PHP SQL Injection
  • Description: ID Board is a web bulletin board system vulnerable to SQL injection. This issue is due to a failure to properly sanitize user-supplied input to the "tbl_suff" parameter of the "sql.cls.php" script. ID Board version 1.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/14204/info

  • 05.28.41 - CVE: CAN-2005-2228
  • Platform: Web Application
  • Title: Web Wiz Forums Information Disclosure
  • Description: Web Wiz Forums is a web-based discussion forum. It is prone to an information disclosure issue caused by improper user credential verification in the "search.asp" script. Web Wiz Forums version 8.0alpha and 7.9 are affected.
  • Ref: http://www.securityfocus.com/bid/14207/info

  • 05.28.42 - CVE: Not Available
  • Platform: Web Application
  • Title: SPiD lang_path File Include Vulnerability
  • Description: SPiD is a gallery management application. It is vulnerable to a remote file include issue due to lack of validation of user input in the "lang/lang.php" script. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. SPiD version 7.1 is vulnerable.
  • Ref: http://spid.adnx.net/ChangeLog

  • 05.28.43 - CVE: Not Available
  • Platform: Web Application
  • Title: PPA ppa_root_path File Include Vulnerability
  • Description: PPA is a photo album application. It is reported to be vulnerable to a file include issue due to improper sanitization of user-supplied input to the "ppa_root_path" parameter in the "inc/functions.inc.php" script. PPA version 0.5.6 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14209

  • 05.28.44 - CVE: Not Available
  • Platform: Web Application
  • Title: DownloadProtect Directory Traversal
  • Description: DownloadProtect is an application that prevents file leeching. It is vulnerable to a directory traversal issue due to insufficient sanitization of user input passed to the "download.php" script. DownloadProtect versions 1.0.2b and earlier are vulnerable.
  • Ref: http://php.reinsveien.com/DP/changelog.txt

  • 05.28.45 - CVE: Not Available
  • Platform: Web Application
  • Title: PunBB Local File Include Weakness
  • Description: PunBB is a web-based bulletin board application. It is prone to a local file include weakness. This issue may allow an attacker to execute arbitrary script code on an affected computer. PunBB 1.2.5 and prior versions are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/404550

  • 05.28.46 - CVE: Not Available
  • Platform: Web Application
  • Title: Bugzilla Unauthorized Flag Change Access Validation Vulnerability
  • Description: Bugzilla is a web-based bug tracking system. It is vulnerable to an access validation issue due to a failure in the application to do proper authentication before permitting changes to bug flags. An attacker could exploit this vulnerability to retrieve an emailed copy of the summary of the bug; other attacks may also be possible. Bugzilla versions earlier than 2.18.2 are vulnerable.
  • Ref: http://www.bugzilla.org/security/2.18.1/

  • 05.28.47 - CVE: CAN-2005-2174
  • Platform: Web Application
  • Title: Bugzilla Unauthorized Access
  • Description: Bugzilla is a web-based bug tracking system. It is vulnerable to an unauthorized access issue when inserting a bug into the database before it is marked private. Mozilla Bugzilla versions 2.20 rc1 and 2.18.2 are not vulnerable.
  • Ref: http://www.bugzilla.org/security/2.18.1/

  • 05.28.48 - CVE: CAN-2005-2251
  • Platform: Web Application
  • Title: PHPSecurePages cfpProgDir File Include
  • Description: PHPSecurePages is a module to secure pages with a login name and password. It is vulnerable to a remote file include issue due to lack of validation of user input to the "phpSecurePages/secure.php" script. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. PHPSecurePages version 0.28 beta is vulnerable. PHPSecurePages version 0.26 beta is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/14201/info

  • 05.28.49 - CVE: CAN-2005-2257
  • Platform: Web Application
  • Title: phpSlash Arbitrary Account Privilege Escalation
  • Description: phpSlash is an open source groupware utility. It is prone to a privilege escalation vulnerability. Successful exploitation would result in an attacker gaining control of arbitrary accounts of the affected application. phpSlash versions earlier than 0.8.1 are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/404550

  • 05.28.50 - CVE: Not Available
  • Platform: Web Application
  • Title: Jinzora Include_Path Remote File Include Vulnerability
  • Description: Jinzora is a web-based media streaming and management system, designed to stream audio and video files. It is susceptible to a remote file include issue. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process.
  • Ref: http://www.securityfocus.com/bid/14188/

  • 05.28.51 - CVE: CAN-2005-2191
  • Platform: Web Application
  • Title: Comersus Cart Multiple Cross-Site Scripting Vulnerabilities
  • Description: Comersus Open Technologies Comersus Cart is a set of ASP scripts creating an online shopping cart. Insufficient sanitization of the user input to the "idCustomer" parameter of "comersus_backoffice_listAssignedPricesToCustomer.asp" and the "message" parameter of "comersus_backoffice_message.asp" exposes the application to multiple cross-site scripting issues. Comersus Cart version 6.0.41 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/404570

  • 05.28.52 - CVE: Not Available
  • Platform: Web Application
  • Title: PhotoGal News_File Remote File Include
  • Description: PhotoGal is a Web photo gallery. PhotoGal is vulnerable to a remote file include issue due to a failure in the application to properly sanitize user-supplied input in the "ops/gals.php" script. An attacker could gain unauthorized access to a vulnerable machine by executing arbitrary code. PhotoGal versions earlier than 1.0 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/14190

  • 05.28.53 - CVE: CAN-2005-2193
  • Platform: Web Application
  • Title: PunBB SQL Injection
  • Description: PunBB is a web-based bulletin board application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input passed to the "temp" array parameter in the "profile.php" script. PunBB versions 1.2.5 and earlier are vulnerable.
  • Ref: http://www.hardened-php.net/advisory-082005.php

  • 05.28.54 - CVE: CAN-2005-2205
  • Platform: Web Application
  • Title: pngren Kaiseki.CGI Remote Command Execution
  • Description: pngren is a web-based application. Insufficient sanitization in the "ReadLog" subroutine of the "kaiseki.cgi" script exposes a remote command execution issue. pngren version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/404546

  • 05.28.55 - CVE: Not Available
  • Platform: Web Application
  • Title: Elemental Software CartWIZ Multiple SQL Injection Vulnerabilities
  • Description: CartWIZ from Elemental Software is a web-based shopping cart application. It is vulnerable to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. An attacker could exploit these issues to compromise the application, get hold of sensitive information or perform other attacks. CartWIZ version 1.2 is vulnerable to this issue.
  • Ref: http://www.cartwiz.com/support/index.asp

  • 05.28.56 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPAuction Multiple Vulnerabilities
  • Description: PHPAuction is a web-based auction system. It is reported to be vulnerable to SQL injection and cross-site scripting attacks due to improper sanitization of user-supplied input to the "category" parameter of the "adsearch.php" script and the "id" parameter of the "viewnews.php" script. PHPAuction version 2.5 is reported to be affected by these issues.
  • Ref: http://www.securityfocus.com/bid/14184

  • 05.28.57 - CVE: CAN-2005-1888
  • Platform: Web Application
  • Title: MediaWiki Page Move Cross Site Scripting
  • Description: MediaWiki is a collaborative editing application. It is vulnerable to a cross-site scripting issue due to insufficent sanitization of input variables to the page move template. MediaWiki version 1.5 beta3 and 1.4.6 are not vulnerable.
  • Ref: http://wikipedia.sourceforge.net/

  • 05.28.58 - CVE: CAN-2005-2183
  • Platform: Web Application
  • Title: PHPXmail Password Authentication Bypass
  • Description: PHPXmail is a web-based administration tool. Insufficient sanitization of the username and password parameter in the "class.xmail.php" script exposes the application to an authentication bypass issue. PHPXmail versions 0.7 up to and including version 1.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/404424

  • 05.28.59 - CVE: Not Available
  • Platform: Web Application
  • Title: TikiWiki Authentication Bypass
  • Description: Tikiwiki is a content management system. It is vulnerable to an authentication bypass issue. An attacker could leverage this issue to get full access to the victim's site. Tikiwiki 1.6.1 is vulnerable to this issue.
  • Ref: http://sourceforge.net/tracker/?group_id=64258&atid=506848

  • 05.28.60 - CVE: Not Available
  • Platform: Web Application
  • Title: eRoom Plug-In Insecure File Download Handling Vulnerability
  • Description: The eRoom plug-in is reported to be vulnerable to an insecure file download handling issue. Documentum eRoom version 6.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14176

  • 05.28.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Comersus Cart Multiple SQL Injection Vulnerabilities
  • Description: Comersus Cart is a set of ASP scripts creating an online shopping cart. It has multiple SQL injection issues. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
  • Ref: http://www.securityfocus.com/archive/1/404570

  • 05.28.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Eskuel Unauthorized Administrator Access
  • Description: Eskuel is a MySQL database administration web interface. It is vulnerable to an unauthorized access issue to administrator functions due to a failure in the application to do proper authentication on user credentials. An attacker could leverage this issue to elevate privileges or perform other attacks. Eskuel version 1.0.2 is vulnerable.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=163653

  • 05.28.63 - CVE: Not Available
  • Platform: Web Application
  • Title: phpWebSite Index.PHP Directory Traversal
  • Description: phpWebSite is a portal content management system. It is reported to be vulnerable to a directory traversal issue due to improper sanitization of user-supplied input to the "mod" parameter of the "index.php" script. phpWebSite versions 0.10.1 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14166

  • 05.28.64 - CVE: CAN-2005-0572
  • Platform: Web Application
  • Title: phpWebSite Multiple SQL Injection Vulnerabilities
  • Description: phpWebSite is a free open source portal content management system. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user supplied input to the "module" and "mod" parameters of the "index.php" script. phpWebSite versions 0.10.1 and earlier are vulnerable.
  • Ref: http://www.hackerscenter.com/archive/view.asp?id=3489

  • 05.28.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Online Bookmarks Variable Translations
  • Description: Online Bookmarks is a bookmark management system written in PHP. An unspecified security vulnerability exists in the variable translations portion of the "main.php" script. Due to the nature of the application, this vulnerability is believed to be remotely exploitable. This issue is reported to affect version 0.1.9. Version 0.1.11 is reported to resolve the issue.
  • Ref: http://www.securityfocus.com/bid/14157

  • 05.28.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Gossamer Threads Links Multiple HTML Injection Vulnerabilities
  • Description: Gossamer Threads Links is a web-based directory management application. It is vulnerable to multiple HTML injection issues due to a failure in the application to properly sanitize user-supplied input to the "user.cgi" and "add.cgi" scripts before using it in dynamically generated content. An attacker could leverage this issue to steal cookie based authentication credentials and other attacks. Gossamer Threads Links versions earlier than 3.0.4 are vulnerable.
  • Ref: http://www.gossamer-threads.com/forum/Gossamer_Links_English_and_German_3.0.4_Re
    leased_P283710/

  • 05.28.67 - CVE: CAN-2003-0509
  • Platform: Web Application
  • Title: CyberStrong eShop 20review.ASP SQL Injection
  • Description: CyberStrong eShop is a web-based shopping application. It is vulnerable to an SQL injection vulnerability issue because the "ProductCode" URI parameter is not validated. CyberStrong eShop ASP Shopping Cart version 4.2 is vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2003-07/0006.html

  • 05.28.68 - CVE: Not Available
  • Platform: Web Application
  • Title: W-Agora Unauthorized Forum Moderation Access
  • Description: W-Agora is a web publishing and forum software, written in PHP. It is prone to an access validation issue which will let a malicious moderator bypass the application's authentication mechanism. Once bypassed, the attacker may manipulate forums owned by other moderators. This issue is reported to exist in W-Agora 4.0.1.
  • Ref: http://www.securityfocus.com/bid/14150

  • 05.28.69 - CVE: CAN-2005-2161
  • Platform: Web Application
  • Title: phpBB Nested BBCode URL Tag Script Injection
  • Description: phpBB is an open-source web forum application. It is vulnerable to a script injection issue because the application fails to properly sanitize user-supplied input prior to including it in dynamically generated content. An attacker could leverage this issue to steal cookie-based authentication credentials and perform other attacks. phpBB version 2.0.16 is vulnerable.
  • Ref: http://www.phpbb.com/support/documents.php?mode=changelog

  • 05.28.70 - CVE: CAN-2005-2162
  • Platform: Web Application
  • Title: MyGuestbook Form.Inc.PHP3 Remote File Include
  • Description: MyGuestbook is a Web guestbook. It is vulnerable to a remote file include issue due to insufficient sanitization of user supplied input when a URI is passed to the "lang" variable of "form.inc.php3". MyGuestBook version 0.6.1 is vulnerable.
  • Ref: http://www.soulblack.com.ar/repo/papers/advisory/myguestbook_advisory.txt

  • 05.28.71 - CVE: Not Available
  • Platform: Web Application
  • Title: AutoIndex PHP Script Index.PHP Cross-Site Scripting
  • Description: AutoIndex PHP Script is a web site directory indexer and file manager. Insufficient sanitization of the "search" parameter of the "index.php" script exposes a cross-site scripting issue in the application. AutoIndex PHP Script version 1.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/14154

  • 05.28.72 - CVE: CAN-2005-2164
  • Platform: Web Application
  • Title: Covide Groupware-CRM Unspecified SQL Injection
  • Description: Covide Groupware-CRM is a web-based collaboration application. Covide Groupware-CRM is reportedly affected by an unspecified SQL injection vulnerability. This is due to the application failing to properly sanitize user-supplied input before being used in an SQL query. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
  • Ref: http://www.securityfocus.com/archive/1/404301

  • 05.28.73 - CVE: CAN-2005-2179
  • Platform: Web Application
  • Title: JAWS Remote File Include
  • Description: JAWS is a content management system. Insufficient sanitization of the "path" variable in the "BlogModel.php" script exposes the application to a remote file include issue. JAWS versions 0.5.2 and earlier are affected.
  • Ref: http://www.hardened-php.net/index.37.html

  • 05.28.74 - CVE: CAN-2005-2241
  • Platform: Network Device
  • Title: Cisco CallManager RISDC Remote Denial of Service
  • Description: Cisco CallManager is the software based call processing component of the Cisco IP Telephony solution. The CallManager RISDC (Realtime Information Server Data Collection) service is susceptible to a remote denial of service vulnerability. If attackers repeatedly create and then drop TCP connections to the vulnerable service, excessive memory resources will be consumed, potentially leading to further connections being refused. Please refer to the following link for the list of vulnerable versions.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a00804c0c26.s
    html

  • 05.28.75 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco ONS 15216 OADM Management Plane Telnet Denial of Service
  • Description: Cisco ONS 15216 OADM is an Optical Add/Drop Multiplexer appliance. It contains a vulnerability in the handling of telnet sessions that can cause a denial of service condition in the management plane. This vulnerability exists in the Cisco ONS 15216 OADM device running software release 2.2.2 and earlier.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml

  • 05.28.76 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco CallManager Multiple Remote Vulnerabilities
  • Description: Cisco CallManager is the software based call processing component of the Cisco IP Telephony solution. It is susceptible to multiple remote vulnerabilities including socket leaks, denial of service, memory leak, and buffer overflow issues. Please refer the Cisco advisory for the list of vulnerable versions of CallManager.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a00804c0c26.s
    html

  • 05.28.77 - CVE: CAN-2005-2245
  • Platform: Network Device
  • Title: F5 BIG-IP Unspecified SSL Authentication Bypass
  • Description: F5 BIG-IP is an appliance that provides a high-availability load balancing service. It is susceptible to an unspecified SSL authentication bypass vulnerability. This allows remote attackers to gain access to protected web sites. Depending on the nature of the protected Web sites, various further attacks may also be possible. Versions of BIP-IP from 9.0.2 through to 9.1 are affected.
  • Ref: http://www.securityfocus.com/bid/14215

  • 05.28.78 - CVE: Not Available
  • Platform: Network Device
  • Title: Lantronix SecureLinx SLC Remote File Disclosure
  • Description: Lantronix SecureLinx SLC is a console manager that controls access to servers and IT infrastructure equipment. It is reported to be vulnerable to an issue that allows remote attackers to download sensitive files. SecureLinx SLC32 3.0 firmware and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14199

  • 05.28.79 - CVE: Not Available
  • Platform: Network Device
  • Title: Xerox WorkCentre Pro Multiple Remote Vulnerabilities
  • Description: Xerox WorkCentre is a multifunction photocopy, printer, fax machine, and scanning device. It is reported to be vulnerable to unauthorized access, denial of service, arbitrary file disclosure and HTML injection attacks. WorkCentre Pro Color models 2128, 2636, and 3545 running firmware versions 0.001.04.044 through 0.001.04.504 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14187

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.