Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 40
October 6, 2005

SANS Newsletters Home

Another week where the attackers are finding holes in security vendors' products. Note that (#2) Symantec's antivirus scan engine is used to incorporate Symantec's content scanning technologies into third party applications. If anyone has found a list of all the applications that are vulnerable because of this Symantec error, please share it with us.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 7 (#2, #5)
    • Mac Os
    • 1
    • Linux
    • 2 (#1)
    • Unix
    • 1
    • Cross Platform
    • 9 (#3, #4, #6)
    • Web Application
    • 12
    • Network Device
    • 1

************** SPONSORED BY SANS Network Security 2005 ******************

Los Angeles, CA October 24-30. Sixteen immersion training tracks and many special short courses on the hottest technologies and the newest techniques used by attackers. Special programs for auditors and security managers along with a huge offering for security professionals. Plus a big exposition and many evening sessions. A great conference. Information: http://www.sans.org/ns2005/ If you cannot make, LA - SANS will be in Baltimore: November 14-19 www.sans.org/innerharbor2005/

Why people who care about security attend SANS training: "This training is like nothing else. No vendor-bias, no marketing spiel, just detailed theory and practice that will make a real, immediate difference to my job." Jon King, VANCO

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Unix
Cross Platform
Web Application
Network Device
PART I Critical Vulnerabilities

Part I is compiled by Dinesh Sequeira at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: RealNetworks RealPlayer/Helix Player RealPix(timeformat)Format String Vulnerability
  • Affected:
    • Linux RealPlayer 10 (10.0.0 - 10.0.5) and Helix Player(10.0.0 - 10.0.5)
    • bundled with various Linux distributions.

  • Description: A vulnerability has been reported in RealPlayer and Helix Player, the popular media players on UNIX systems. These players reportedly contain a format string vulnerability in processing realpix (".rp") files. The flaw is triggered by providing an invalid format string to the "timeformat" attribute in an ".rp" file. A malicious realpix file in a webpage or an email can exploit this issue to execute arbitrary code on the client system. If Real Player or Helix Player is configured as the default media player, no user interaction is required to leverage the flaw. The discoverer has posted an exploit.

  • Status: Patches are available from the vendor.

  • Council Site Actions: One site, although it does not support the software, has advised the users to upgrade. A second site is relying on update notification feature of the RealNetworks products to notify the users that a new version is available. However, if there is a reported exploitation in the wild, they plan to send a mess out to their site's Linux announcements mailing list, suggesting that users go directly to http://service.real.com/help/faq/security/050930_player/ to update.

  • References:
Other Software
  • (2) HIGH: Symantec Antivirus Scan Engine Web Service Buffer Overflow
  • Affected:
    • Products utilizing Symantec AntiVirus Scan Engine version 4.0 and 4.3

  • Description: Symantec's AntiVirus Scan Engine is a TCP/IP server and programming interface that is used to incorporate Symantec's content scanning technologies into third party applications. The web based administrative interface is vulnerable to a buffer overflow due to insufficient input validation of HTTP headers. A remote attacker can send a specially crafted HTTP request to the administrative Scan Engine Web Service (default 8004/TCP) and can either cause it to crash or execute arbitrary code. The issue is due to improper bounds checking of user supplied data, into an insufficiently sized memory buffer which results in a heap overflow. Exploitation does not require credentials. Currently there are no known exploits.

  • Status: Vendor has released updates and workarounds.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. (Editor note: As far as they know) They reported that no action was necessary.

  • References:
  • (3) MODERATE: PHP-Fusion Multiple SQL Injection Vulnerabilities
  • Affected:
    • PHP-Fusion version 6.x

  • Description: PHP-Fusion is a lightweight Content Management System (CMS) written in PHP. It is easily extensible via plug-ins(fusions) which makes it a flexible and versatile Web Application. Vulnerabilities exist due to improper sanitization of user supplied input to the "photo" and "album" parameters in "photogallery.php" before being used in a SQL query. The software is vulnerable to a SQL Injection attack that may allow attackers to create, delete, insert and modify database records or execute system commands on behalf of the database user. No proof of concept or exploit is available.

  • Status: No vendor patches are available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (4) MODERATE: Kaspersky Anti-Virus CAB Archive Handling Buffer Overflow
  • Affected:
    • Kaspersky Anti-Virus 5.x and Personal Security Suite 1.1

  • Description: Kaspersky is an Anti-virus program for Windows, Unix/Linux, Novell and file and mail servers. A vulnerability exists due to an error in handling CAB archives. Specifically, the vulnerability is the result of an improperly bounded copy loop in a core processing function. When a specially crafted CAB archive is scanned it would cause a heap-based buffer overflow, and could allow arbitrary code execution. No known exploits are available in the wild.

  • Status: Vendor has released a workaround by releasing signatures that detect possible exploits. Updates to eliminate the vulnerability will be available online at vendor's website on Oct 05, 2005.

  • Council Site Actions: Only one of the reporting council sites is using the affected software, but only on a very small number of systems.They primarily use a different anti-virus vendor. They are not attempting to identify the affected systems, but will assist the system users in converting to their supported anti-virus software if they wish. Their users are also able to obtain the Kaspersky update and install it on their own.

  • References:
  • (5) LOW: MailEnable W3C Logging Buffer Overflow Vulnerability
  • Affected:
    • MailEnable Professional version 1.6 and prior and MailEnable Enterprise
    • version 1.1 and prior.

  • Description: MailEnable provides mail services for many domains and users and supports mail protocols like POP, IMAP, SMTP, web mail and HTTPmail. A buffer overflow vulnerability exists when the application processes W3C logging. This can be exploited to execute arbitrary code on the vulnerable system. No details have been posted and proof of concept code is not available.

  • Status: Vendor hotfix is available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (6) MODERATE: Virtools Web Player Multiple Vulnerabilities
  • Affected:
    • Virtools Web Player version 3.0.0.100 and prior

  • Description: Virtools is a set of applications for creating games, CAD, simulations, real time 3D and other interactive multimedia applications. Virtools Web Player provides web users with free access to highly interactive, immersive content created with the Virtools Dev development environment. There are two vulnerabilities. (a) A buffer overflow when handling a ".vmo" file with an overly long filename can be exploited to run arbitrary code. (b) A directory traversal vulnerability when handling a ".vmo" file with directory traversal sequences in its filename can be leveraged to overwrite arbitrary files on the system. This would require a user to be tricked into clicking on a link to a malicious ".vmo" file in the browser or a link via email. Proof of concept code has been posted.

  • Status: Vendor has a patched version available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 40, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4517 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.40.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: IE XmlHttpRequest Parameter Validation Weakness
  • Description: Microsoft Internet Explorer is vulnerable to an XmlHttpRequest Parameter Validation Weakness due to insufficient sanitization of user-supplied input passed to XmlHttpRequest. Microsoft Internet Explorer versions 6.0 SP2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/411585
  • 05.40.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ALTools ALZip Multiple Archive Formats File Name Buffer Overflow
  • Description: ALZip is prone to a buffer overflow when handling various archive formats that contain files with overly long names. Specifically, this issue may be exploited through malformed ALZ, ARJ, ZIP, UUE or XXE archives. Long file names can be copied into a finite stack-based buffer without adequate limitations on the size of the source data resulting in corruption of adjacent regions of stack-based memory. ALZip Versions 5.52, 6.1 and 6.12 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15010
  • 05.40.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable W3C Logging Buffer Overflow
  • Description: MailEnable is a mail server for the Microsoft Windows platform. It is reported to be vulnerable to a buffer overflow issue due to improper sanitization of user-supplied input. MailEnable Professional versions 1.6 and earlier and MailEnable Enterprise versions 1.1 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15006
  • 05.40.4 - CVE: CAN-2005-2758
  • Platform: Third Party Windows Apps
  • Title: Symantec Antivirus Administrative Interface Buffer Overflow
  • Description: A buffer overflow vulnerability exists in the web-based administrative interface of the Symantec Antivirus Scan Engine. This issue presents itself when an attacker sends maliciously crafted HTTP requests to the web-based administrative interface. Please see the link below for the list of affected versions.
  • Ref: http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html
  • 05.40.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Virtools Web Player Buffer Overflow
  • Description: Virtools is a set of applications for creating games, demos, CAD, simulations and other multimedia applications. Virtools Web Player is a program which allows usage of those applications through use of the Web browser. Virtools Web Player is prone to a buffer overflow vulnerability which presents itself when the application handles excessively long filenames. Virtools Web Player version 3.0.0.100 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/412164
  • 05.40.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MetaFrame Presentation Server Security Policy Bypass
  • Description: Citrix MetaFrame is a remote desktop management software application. It is vulnerable to a server policy bypass issue due to the application trusting client-supplied data in policy decisions. Citrix MetaFrame Presentation Server versions 3.0 and 4.0 are vulnerable.
  • Ref: http://support.citrix.com/kb/entry!default.jspa?categoryID=275&externalID=CT
    X107705
  • 05.40.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NateOn Messenger Arbitrary File Download and Buffer Overflow Vulnerabilities
  • Description: NateOn is an instant messenger application that is available for Microsoft Windows platforms. It is susceptible to an arbitrary file download vulnerability and a buffer overflow vulnerability. These issues are present in the "NateonDownloadManager.ocx" ActiveX control that is installed with the application. NateOn Messenger version 3.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14974
  • 05.40.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Polipo Web Root Restriction Bypass
  • Description: Polipo is a caching web proxy. It is reported to be vulnerable to a web root restriction bypass issue due to improper sanitization. Polipo versions 0.9.8 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14970
  • 05.40.9 - CVE: Not Available
  • Platform: Mac Os
  • Title: 4D WebSTAR Remote IMAP Denial of Service
  • Description: 4D WebSTAR is an application providing web, FTP and email services for Apple Mac OS X. It is affected by a remote denial of service vulnerability due to a failure in handling exception conditions in a proper manner. 4D WebSTAR versions 5.3.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/14981
  • 05.40.10 - CVE: Not Available
  • Platform: Linux
  • Title: Blender Command Line Processing Buffer Overflow
  • Description: Blender is a 3D-modeling application. It is vulnerable to a buffer overflow due to insufficient boundary checks on excessively long command line arguments. Blender version 2.37a is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14983/info
  • 05.40.11 - CVE: Not Available
  • Platform: Linux
  • Title: SBLim-SFCB Malformed Header Denial of Service
  • Description: SBLim-SFCB is a lightweight CIM daemon. It is prone to a denial of service vulnerability due a failure in handling overly long malformed headers. SBLim-SFCB versions 0.9.1 and 0.9 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14972
  • 05.40.12 - CVE: CAN-2005-2917
  • Platform: Unix
  • Title: Squid Proxy Client NTLM Authentication Denial of Service
  • Description: Squid Proxy is a web proxy software package. It is reported to be vulnerable to a denial of service issue. The issue presents itself when proxy handles certain NTLM request sequences. Squid Web Proxy Cache version 2.5 .STABLE9 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14977
  • 05.40.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Monitoring Multiple Denial of Service Vulnerabilities
  • Description: IBM Tivoli Monitoring is a solution that optimizes the performance and availability of a network. It is affected by multiple remote denial of service vulnerabilities. These issues affect the application because of an old version of IBM HTTP Server shipped with the Web Health Console of Tivoli Monitoring. Please see the link below for the list of affected versions.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21214217
  • 05.40.14 - CVE: CAN-2005-2933
  • Platform: Cross Platform
  • Title: University of Washington IMAP Mailbox Name Buffer Overflow
  • Description: University of Washington IMAP is prone to a buffer overflow vulnerability due to insufficient parsing of mailbox names in the "mail_valid_net_parse_work()" function, which is found in the "src/c-client/mail.c" source file. University of Washington IMAP versions 2004f and earlier are vulnerable.
  • Ref: http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&
    amp;flashstatus=true
  • 05.40.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kaspersky Anti-Virus Library Unspecified Remote Heap Overflow
  • Description: The Kaspersky Anti-Virus library is prone to an unspecified remote heap overflow vulnerability. The vulnerability is exposed during analysis of .CAB files. This issue may potentially affect all Kaspersky products that include the library, including desktop, server, and gateway anti-virus products. Please refer to the link provided to know more about vulnerable versions.
  • Ref: http://www.securityfocus.com/bid/14998
  • 05.40.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Virtools Web Player Directory Traversal
  • Description: Virtools is a set of applications for creating games, demos, CAD, simulations and other multimedia applications. Virtools Web Player is a program which allows the usage of those applications through use of the Web browser. It is prone to a directory traversal vulnerability due to improper sanitization of user-supplied input to the filenames used when saving temporary files. Virtools Web Player version 3.0.0.100 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/412164
  • 05.40.17 - CVE: CAN-2005-2961
  • Platform: Cross Platform
  • Title: Prozilla Unspecified Buffer Overflow
  • Description: Prozilla is a freely available download accelerator. It is used to fetch HTTP and FTP URIs using multiple simultaneous connections. It is prone to an unspecified buffer overflow vulnerability. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/412118
  • 05.40.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Merak Mail Server Arbitrary File Deletion
  • Description: Merak Mail Server is a mail server. It is reported to be vulnerable to an arbitrary file deletion issue due to improper sanitization of user-supplied input. Merak Mail Server version 8.2.4r is reported to be vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/14988
  • 05.40.19 - CVE: CAN-2004-2069
  • Platform: Cross Platform
  • Title: OpenSSH LoginGraceTime Remote Denial of Service
  • Description: OpenSSH is susceptible to a remote denial of service vulnerability. This issue is due to a design flaw when servicing timeouts related to the "LoginGraceTime" server configuration directive. Specifically, when "LoginGraceTime" in conjunction with "MaxStartups" and "UsePrivilegeSeparation" are configured and enabled in the server, a condition may arise where the server refuses further remote connection attempts. For a list of vulnerable versions, please visit the reference provided.
  • Ref: http://www.securityfocus.com/bid/14963
  • 05.40.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BitDefender Antivirus Logging Function Format String Vulnerability
  • Description: BitDefender Antivirus is a proprietary antivirus product for multiple platforms. It is vulnerable to a format string issue in its logging functionality. This issue is due to a failure of the application to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function. A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution and privilege escalation. BitDefender versions 7.2, 8, and 9 for Windows are reported vulnerable. Other versions and platforms may also be affected.
  • Ref: http://www.securityfocus.com/bid/14968/info
  • 05.40.21 - CVE: CAN-2005-2964
  • Platform: Cross Platform
  • Title: AbiWord RTF File Processing Buffer Overflow
  • Description: AbiWord is an open source word processor. It is susceptible to a buffer overflow vulnerability. This issue presents itself when RTF files are imported into AbiWord. When the affected application attempts to process malicious RTF files, a buffer may be overwritten, resulting in the attacker being able to modify critical memory control structures. AbiWord versions 2.0.1 through 2.2.9 are vulnerable.
  • Ref: http://www.abisource.com/changelogs/2.2.10.phtml
  • 05.40.22 - CVE: Not Available
  • Platform: Web Application
  • Title: TellMe Multiple Cross-Site Scripting Vulnerabilities
  • Description: TellMe is a DNS tool used to find server information such as traceroute and whois lookups. It is prone to multiple cross-site scripting vulnerabilities caused by improper sanitization of user-supplied input to the "q_ip" and "q_host" parameters of the "index.php" script. TellMe version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15012
  • 05.40.23 - CVE: Not Available
  • Platform: Web Application
  • Title: Hitachi Cosminexus Remote Information Disclosure
  • Description: Hitachi Cosminexus is affected by an information disclosure vulnerability. This issue can allow remote attackers to disclose other user's personal information. When an attacker issues an HTTP POST request without a body the server handles it using the body data of the previously sent HTTP POST request. Please refer to the advisory for version details.
  • Ref: http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/index-e.html
  • 05.40.24 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Fusion Multiple SQL Injection Vulnerabilities
  • Description: PHP-Fusion is prone to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. PHP-Fusion version 6.0.109 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15005/info
  • 05.40.25 - CVE: Not Available
  • Platform: Web Application
  • Title: Bugzilla config.cgi Information Disclosure
  • Description: Bugzilla is a Web-based bug tracking system. It is vulnerable to an information disclosure issue. This issue is a result of an input validation error in the config.cgi script which may expose product names to unauthenticated users. Bugzilla versions 2.18rc1 to 2.18.3, 2.19 to 2.20rc2, and 2.21 are affected.
  • Ref: http://www.securityfocus.com/archive/1/412202
  • 05.40.26 - CVE: Not Available
  • Platform: Web Application
  • Title: Bugzilla User-Matching Information Disclosure
  • Description: Bugzilla is a web-based bug tracking system. It is reported to be vulnerable to an information disclosure issue. Bugzilla 2.19.1 to 2.20rc2 and 2.21 are reported to be vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/14996
  • 05.40.27 - CVE: CAN-2005-1488
  • Platform: Web Application
  • Title: IceWarp Multiple Cross-Site Scripting Vulnerabilities
  • Description: IceWarp is a Web-based mail reader for Merak Mail Server Software. It is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. IceWarp Web Mail 5.5.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/412118
  • 05.40.28 - CVE: Not Available
  • Platform: Web Application
  • Title: EasyGuppy Printfaq.PHP Directory Traversal
  • Description: EasyGuppy is a content management system written for the Microsoft Windows operating system. It is prone to a directory traversal vulnerability caused by insufficient sanitization of user-supplied input to the "pg" parameter of the "printfaq.php" script. EasyGuppy versions 4.5.5 and 4.5.4 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/14984
  • 05.40.29 - CVE: Not Available
  • Platform: Web Application
  • Title: IceWarp Web Mail Directory Traversal
  • Description: IceWarp is a web-based mail reader for Merak Mail Server software. Insufficient sanitization of the "../" sequence in the "helpid" parameter of the "help.html" script exposes the application to a directory traversal issue. IceWarp Web Mail version 5.5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/412118
  • 05.40.30 - CVE: Not Available
  • Platform: Web Application
  • Title: MediaWiki Multiple Cross-Site Scripting Vulnerabilities
  • Description: MediaWiki is a web application for collaborative editing. It is vulnerable to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input. These issues occur when handling "<math>" tags and extensions or "<nowiki>" tags. An attacker may leverage this issue to steal cookie-based authentication credentials as well as perform other attacks. MediaWiki versions earlier than 1.4.9 are vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=198060
  • 05.40.31 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Fusion Multiple SQL Injection Vulnerabilities
  • Description: PHP-Fusion is an open source content management system written in PHP. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "pm_email_notify" and "pm_save_sent" parameters of the "Messages.PHP" script before using it in SQL queries. PHP-Fusion versions 6.0.107 and 6.0.106 are reported to be affected.
  • Ref: http://www.gnucitizen.org/writings/php-fusion-messages.php-sql-injection-vulnera
    bility.xhtml
  • 05.40.32 - CVE: Not Available
  • Platform: Web Application
  • Title: SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting
  • Description: SquirrelMail Address Add Plugin allows you to add the sender of an email to your SquirrelMail address book. Insufficient sanitization of the "first" parameter of the "add.php" script exposes the application to a cross-site scripting issue. SquirrelMail Address Add Plugin versions 2.0 and earlier are affected.
  • Ref: http://moritz-naumann.com/adv/0002/sqmadd/0002.txt
  • 05.40.33 - CVE: Not Available
  • Platform: Web Application
  • Title: lucidCMS Login SQL Injection
  • Description: lucidCMS is a simple and flexible content management system. lucidCMS is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input to the "login" input form box before using it in an SQL query. An attacker could leverage this issue to gain administrative access, compromise the underlying system or perform other attacks. lucidCMS version 1.0.11 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/412047
  • 05.40.34 - CVE: Not Available
  • Platform: Network Device
  • Title: NetFORCE 800 Information Disclosure
  • Description: Procom Technology NetFORCE 800 is a network attached storage device. It is vulnerable to an information disclosure issue due to sending password hashes in plaintext. NetFORCE 800 version 4.02 M10 (Build 20) is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/412200

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS provides the best up to date training relating to security issues. The sessions are relevant and well presented with well written manuals.
-Ravindranath Goswami, The Power Generation Company of Trinidad and Tobago Ltd.

Community SANS Training

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP