Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 36
September 3, 2007

SANS Newsletters Home

Novell Netware is showing up increasingly in @RISK. It is no longer protected by the presumption that it is not widely used; too many organizations have legacy installations of Netware that support executive staff and are ripe for industrial and nation-state espionage activities. In fact, there is an overall trend toward attacks against systems that are not patched through automated services like Microsoft's SMS. The @RISK editorial board will be starting a new section focusing on what works in protecting systems that cannot be easily patched. If you have implemented (or tried and discarded) any system or process to protect unpatched or unpatchable systems, please let us know. We'll keep your name and organization confidential. Email apaller@sans.org.

Here are a few more of the questions with which this new @RISK initiative will deal: (1) What mitigation or defense-in-depth strategies lesson the burden of patching or help in situations where you are unable to patch? (2) How to deal with/respond to critical vulnerabilities that are part of unsupported software for your organization? (3) How to deal with unsupported/non-standard systems which are running applications and software which are vulnerable? Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1 (#3)
    • Third Party Windows Apps
    • 10 (#1, #2, #4, #6)
    • Linux
    • 2 (#5)
    • HP-UX
    • 1
    • Unix
    • 2
    • Cross Platform
    • 23 (#7, #8, #9)
    • Web Application - Cross Site Scripting
    • 7
    • Web Application - SQL Injection
    • 10
    • Web Application
    • 11
    • Network Device
    • 2

*************************************************************************

TRAINING UPDATE The BIGGEST security event of the fall is SANS Network Security 2007 (September 22-30) in Las Vegas with more than 40 courses and wonderful evening sessions and a big vendor exposition. It brings you the top rated teachers in cybersecurity in the world, teaching the most up to date, hands-on courses. How good are the courses? Here's what past attendees said: "You learn something new every day...the experience of the instructor and of the students make the difference." (Gabriel Schmitt, Hoffmann-LaRoche) "An extraordinary amount of information covered in a week, backed up with excellent documentation for those long winter nights." (Keith Mellism, Canada Life) "This course has valuable information that can be implemented immediately in the work place." (Christopher O'Brien, Booz Allen Hamilton) "You will never ever find anything more valuable than SANS super knowledge. Worth the price!!" (Carlos Fragoso, CESCA) Registration information: http://www.sans.org/ns2007/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
HP-UX
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Novell NetWare Client Multiple Vulnerabilities
  • Affected:
    • Novell NetWare Client for Windows versions 4.91 SP4 and prior

  • Description: The Novell NetWare Client for Windows, used to provide access to Novell NetWare services on Microsoft Windows systems, contains multiple vulnerabilities. This client exports multiple Remote Procedure Call (RPC) interfaces. Failure to properly handle values passed to several of these interfaces can lead to buffer overflow vulnerabilities. A specially crafted RPC request could exploit these vulnerabilities and allow an attacker to execute arbitrary code with the privileges of the vulnerable process. No authentication is required to exploit these vulnerabilities.

  • Status: Novell confirmed, updates available.

  • References:
  • (2) HIGH: Oracle JInitiator ActiveX Control Multiple Vulnerabilities
  • Affected:
    • Oracle JInitiator ActiveX Control versions 1.1.8.16 and prior

  • Description: The Oracle JInitiator ActiveX control allows users to execute Oracle Developer Server applications inside Microsoft Internet Explorer. This control contains multiple buffer overflow vulnerabilities. A malicious web page that instantiates this control could exploit these vulnerabilities to execute arbitrary code with the privileges of the current user.

  • Status: Oracle has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kill bit" mechanism for CLSID "9b935470-ad4a-11d5-b63e-00c04faedb18". Note that disabling the control will impact normal application functionality.

  • References:
  • (3) HIGH: Microsoft MSN Messenger Videoconferencing Buffer Overflows
  • Affected:
    • Microsoft MSN Messenger versions 7.x

  • Description: Microsoft MSN Messenger, Microsoft's popular instant messaging application, contains a buffer overflow vulnerability in its handling of videoconferencing. A specially crafted video stream in a videoconference could trigger this vulnerability to execute arbitrary code with the privileges of the current user. Note that the user would first have to accept a videoconferencing invitation from the attacker. A proof-of-concept for this vulnerability is publicly available.

  • Status: Microsoft has not confirmed. Microsoft Windows Live Messenger version 8.1 is confirmed to not be vulnerable.

  • References:
  • (4) MODERATE: Yahoo! Messenger ActiveX Control Multiple Buffer Overflows
  • Affected:
    • Yahoo! Messenger versions 8.1 and possibly prior

  • Description: Yahoo! Messenger, Yahoo!'s popular instant messaging client, contains multiple buffer overflows in its "YVerInfo" ActiveX control. A malicious web page that instantiates this ActiveX control could trigger one of these buffer overflows to execute arbitrary code with the privileges of the current user. Note that these vulnerabilities are only exploitable if the ActiveX controls believe they have been instantiated from a web page in the "yahoo.com" domain. An attacker must either spoof a yahoo.com domain or leverage a cross-site scripting vulnerability in an existing Yahoo web page to successfully exploit these vulnerabilities. Some technical details for these vulnerabilities are publicly available.

  • Status: Yahoo! confirmed, updates available. Users can mitigate the impact of these vulnerabilities by disabling the affected control using Microsoft's "kill bit" mechanism for CLSID "D5184A39-CBDF-4A4F-AC1A-7A45A852C883".

  • References:
  • (5) LOW: Red Hat Network Satellite Server XML-RPC Remote Code Execution
  • Affected:
    • Red Hat Network Satellite Server version 5.0.0

  • Description: The Red Hat Network Satellite Server is a proxy server that allows systems running Red Hat Linux to download updates from the Red Hat Network even when they are not directly connected to the internet. This application exports an XML-RPC interface that fails to properly validate user input. An authenticated user that sends a specially crafted request to the satellite server could exploit this flaw to execute arbitrary code with the privileges of the "apache" user.

  • Status: Red Hat confirmed, updates available.

  • References:
Other Software
  • (8) HIGH: Hexamail POP3 Server Buffer Overflow
  • Affected:
    • Hexamail Server version 3.0.0.001 and prior

  • Description: Hexamail is a popular, commercial, cross-platform mail solution. It includes an integrated POP3 mail server. This server fails to properly handle overlong usernames during authentication. A specially crafted username could trigger a buffer overflow in the server and allow an attacker to execute arbitrary code with the privileges of the vulnerable process (often SYSTEM). A proof-of-concept for this vulnerability is publicly available.

  • Status: Hexamail has not confirmed, no updates available.

  • References:
  • (9) MODERATE: BitchX MODE Buffer Overflow
  • Affected:
    • BitchX versions 1.1 and prior

  • Description: BitchX is a popular Internet Relay Chat (IRC) client for Unix and Unix-like systems. It fails to properly process IRC "MODE" commands, leading to a buffer overflow. A malicious server that sent a specially crafted MODE command could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that a user must first connect to a malicious IRC server. A proof-of-concept is available for this vulnerability.

  • Status: BitchX has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 36, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.36.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Entrust ESP Certificate Path Verification
  • Description: Entrust Entelligence Security Provider (ESP) is a security platform that is available for Microsoft Windows operating systems. The application is exposed to a certificate path verification issue due to a failure of the application to properly validate certificate chains. Entrust Entelligence Security Provider version 8 is affected.
  • Ref: http://www.securityfocus.com/bid/25471
  • 07.36.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ACTi Network Video Controller Multiple ActiveX Controls Multiple Remote Vulnerabilities
  • Description: Network Video Controller is an application that allows users to monitor their security camera system. The application is exposed to multiple remote issues. Network Video Controller version 2.0 SP2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.36.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EasyMail Objects EMSMTP.DLL ActiveX Control Remote Buffer Overflow
  • Description: EasyMail Objects is an application that provides email sending/receiving for ActiveX applications. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data prior to copying it to an insufficiently sized buffer. QuickSoft EasyMail Objects "emsmtp.dll" version 6.0.1 and PostCast Server Pro version 3.0.61 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.36.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft MSN Messenger Video Conversation Buffer Overflow
  • Description: Microsoft MSN Messenger is an instant messaging application for the Windows platform. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs due to an error in the way video conversations are accepted. Microsoft MSN Messenger version 7 is affected.
  • Ref: http://www.securityfocus.com/bid/25461
  • 07.36.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Media Player Classic FLI File Remote Buffer Overflow
  • Description: Media Player Classic is a media application for the Microsoft Windows operating system. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data contained in specially crafted FLI multimedia files. Media Player Classic version 6.4.9.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25437
  • 07.36.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: Oracle JInitiator allows Oracle Developer Server applications to be run within web browsers. It is freely available, and supports Microsoft Internet Explorer and Netscape Navigator. The application is exposed to multiple remote buffer overflow issues because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Oracle JInitiator version 1.1.8.16 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/474433
  • 07.36.7 - CVE: CVE-2007-4467
  • Platform: Third Party Windows Apps
  • Title: Novell Client NWSPOOL.DLL RPC Request Multiple Buffer Overflow Vulnerabilities
  • Description: Novell Client is a workstation application to enable access to Novell NetWare network services. The application is exposed to multiple buffer overflow issues because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Novell Client version 4.91 SP4 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/474433
  • 07.36.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BufferZone Redlight.SYS Driver Buffer Overflow
  • Description: BufferZone is virtualization software available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. BufferZone versions 2.1 and 2.5 are affected.
  • Ref: http://www.securityfocus.com/archive/1/477726
  • 07.36.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple MicroWorld eScan Products Local Privilege Escalation
  • Description: MicroWorld eScan is a series of security applications for the Microsoft Windows operating platform. These products are affected to a local privilege escalation issue. eScan Internet Security, eScan Virus Control, and eScan AntiVirus version 9.0.722.1 are affected.
  • Ref: http://www.securityfocus.com/bid/25493
  • 07.36.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Messenger YVerInfo.DLL ActiveX Control Multiple Buffer Overflow Weaknesses
  • Description: Yahoo! Messenger is an instant messaging application available for multiple platforms. The application is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying it into insufficiently sized buffers. Yahoo! Messenger version 8.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/478167
  • 07.36.11 - CVE: Not Available
  • Platform: Linux
  • Title: BitchX IRC MODE Remote Buffer Overflow
  • Description: BitchX is a freely available, open-source IRC client. It is available for UNIX, Linux, and other UNIX-like operating systems. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied date before copying it into an insufficiently sized buffer. BitchX version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25462
  • 07.36.12 - CVE: Not Available
  • Platform: Linux
  • Title: TCP Wrappers Libwrap0 Hosts.Deny Bypass
  • Description: TCP Wrappers are TCP logging and access control services for UNIX and Linux systems. The application is exposed to an issue that lets attackers bypass access control rules because of a design error resulting in a failure to properly handle connections that are missing server socket details in the "hosts.deny" file. TCP Wrappers:libwrap0 shipped with Ubuntu 7.0.4 and TCP Wrappers:libwrap0 version 7.6.dbs-11 on Debian Linux are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405342
  • 07.36.13 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX Get_System_Info Local Security
  • Description: HP-UX is exposed to a local issue that may result in a change of network parameters. This issue affects HP-UX running the Ignite-UX or the DynRootDisk (DRD) "get_system_info" command.
  • Ref: http://www.securityfocus.com/bid/25469
  • 07.36.14 - CVE: Not Available
  • Platform: Unix
  • Title: ClamAV Popen Function Remote Code Execution
  • Description: ClamAV is an antivirus application available for Unix and other Unix-like operating systems. The application is exposed to a remote code execution issue because the application fails to sufficiently sanitize user-supplied input. ClamAV versions prior to 0.91.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/477723
  • 07.36.15 - CVE: CVE-2007-4565
  • Platform: Unix
  • Title: Fetchmail Failed Warning Message Remote Denial of Service
  • Description: Fetchmail is a freely available, open-source mail-retrieval utility. It is available for UNIX, Linux, and other UNIX-like operating systems. The application is exposed to a denial of service issue because the application fails to handle exceptional conditions. Fetchmail versions 4.6.8 through to 6.3.8 are affected.
  • Ref: http://www.fetchmail.info/fetchmail-SA-2007-02.txt
  • 07.36.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BEA WebLogic Server Null Cipher Suite Multiple Information Disclosure Vulnerabilities
  • Description: BEA WebLogic Server is an enterprise-level application servers distributed by BEA Systems. The application is exposed to multiple information disclosure issues due to a design error in the affected application.
  • Ref: http://dev2dev.bea.com/pub/advisory/245
  • 07.36.17 - CVE: CVE-2007-3846
  • Platform: Cross Platform
  • Title: Subversion for Windows Remote Directory Traversal
  • Description: Subversion is an open-source version control application that is available for numerous platforms including Microsoft Windows, Unix, and Unix-like operating systems. The application is exposed to a remote directory traversal issue due to a failure of the application to properly sanitize user-supplied input. Subversion versions prior to 1.4.5 are affected. Ref: http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413
  • 07.36.18 - CVE: CVE-2007-4019
  • Platform: Cross Platform
  • Title: ISC BIND 8 Remote Cache Poisoning
  • Description: A remote DNS cache-poisoning issue affects BIND 8 because it fails to use secure DNS transaction IDs. BIND versions from 8.2.0 through to 8.4.7 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/927905
  • 07.36.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SIDVault Simple_Bind Function Multiple Remote Buffer Overflow Vulnerabilities
  • Description: SIDVault is a simple integration database available for various platforms. The application is exposed to multiple remote buffer overflow issues because the application fails to bounds check user-supplied input before copying it into an insufficiently sized buffer. SIDVault versions prior to 2.0f is affected.
  • Ref: http://www.securityfocus.com/archive/1/477821
  • 07.36.20 - CVE: CVE-2007-4220
  • Platform: Cross Platform
  • Title: Motorola Timbuktu Pro Directory Traversal
  • Description: Motorola Timbuktu Pro remote computer access application available for the Apple Mac OS X and Microsoft Windows operating platforms. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied "Send" requests. Timbuktu Pro for Windows version 8.6.3.1367 is affected.
  • Ref: http://www.securityfocus.com/archive/1/477856
  • 07.36.21 - CVE: CVE-2007-4221
  • Platform: Cross Platform
  • Title: Motorola Timbuktu Pro for Windows Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Motorola Timbuktu Pro is a remote-control application available for Microsoft Windows and Apple Macintosh computers. It was previously marketed as a Netopia product. The application is exposed to multiple remote buffer overflow issues due to a failure of the software to properly bounds check user-supplied input. Timbuktu Pro version 8.6.3.1367 for Microsoft Windows is affected.
  • Ref: http://www.securityfocus.com/archive/1/477853
  • 07.36.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP IISFunc Extension Local Buffer Overflow
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to a local buffer overflow issue because it fails to properly bounds check user-supplied input. PHP version 5.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25452
  • 07.36.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VMware Workstation FSSetVoleInformation Buffer Overflow
  • Description: VMware Workstation is virtualization software that allows multiple virtual machines to run on a single computer. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. VMware Workstation version 6.0 for Windows is affected
  • Ref: http://www.securityfocus.com/archive/1/477722
  • 07.36.24 - CVE: Not Available11.1.4 are affected.
  • Platform: Cross Platform
  • Title: Real Networks Helix DNA Server RTSP Command Remote Heap Buffer Overflow
  • Description: Real Networks Helix DNA Server is a multiformat, cross-platform streaming server. The application is exposed to a heap-based buffer overflow issue because it fails to perform sufficient boundary checks on user-supplied data before copying it to an insufficiently sized memory buffer. Helix Server versions prior to
  • Ref: http://seclists.org/fulldisclosure/2007/Aug/0432.html
  • 07.36.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Vavoom Multiple Remote Vulnerabilities
  • Description: Vavoom is a 3D game engine used by various applications. The application is exposed to multiple remote issues. Vavoom version 1.24 is affected.
  • Ref: http://aluigi.altervista.org/adv/vaboom2-adv.txt
  • 07.36.26 - CVE: CVE-2007-4521
  • Platform: Cross Platform
  • Title: Asterisk Malformed MIME Body Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to a remote denial of service issue because the application fails to properly handle specially crafted emails. Asterisk versions 1.4.5 to 1.4.11 are affected.
  • Ref: http://www.securityfocus.com/bid/25438
  • 07.36.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi Cosminexus Application Server Multiple Unauthorized Access Weaknesses
  • Description: Hitachi Cosminexus Application Server is an application server available for multiple operating platforms. The server is exposed to multiple weaknesses that can result in unauthorized access. The logical J2EE server weakness affects Cosminexus versions 06-50 and later. The logical user server weakness affects Cosminexus versions 07-00 and later. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html
  • 07.36.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ALPass Format String Vulnerability And Multiple Buffer Overflow Vulnerabilities
  • Description: ALPass is an application that stores login names and passwords for various online memberships. The application is exposed to a format string issue and multiple buffer overflow issues. ALPass versions prior to 2.74 are affected.
  • Ref: http://vuln.sg/alpass27-en.html
  • 07.36.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi DABroker Denial of Service
  • Description: DABroker is database access middleware. The middleware is available for various database applications. The application is exposed to a denial of service issue because the application fails to handle malformed data sent to a predefined port. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-026_e/index-e.html
  • 07.36.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EnterpriseDB Advanced Server Uninitialized Pointer
  • Description: EnterpriseDB Advanced Server is an enterprise-level relational database management system available for multiple operating platforms. The server is exposed to an uninitialized pointer issue. EnterpriseDB Advanced Server version 8.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/478057
  • 07.36.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco IOS VTY Authentication Bypass
  • Description: Cisco IOS is exposed to a remote authentication bypass issue due to a failure of the software to properly ensure that password authentication is required.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sr-20070829-vty.shtml
  • 07.36.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Doomsday Engine Multiple Remote Vulnerabilities
  • Description: Doomsday Engine is an open-source port of the original Doom engine. The application is exposed to multiple remote issues. Doomsday Engine version 1.90-beta5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/478077
  • 07.36.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Yahoo! Messenger File Transfer Denial of Service
  • Description: Yahoo! Messenger is an instant messaging application that supports file transfers. The application is exposed to a denial of service issue. Yahoo! Messenger versions 8.1.0.209 and 8.1.0.402 are affected.
  • Ref: http://www.securityfocus.com/bid/25484
  • 07.36.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: phpBG rootdir Multiple Remote File Include Vulnerabilities
  • Description: phpBG is a web-based gaming package. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "rootdir" parameter. phpBG version 0.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25486
  • 07.36.35 - CVE: CVE-2007-3847
  • Platform: Cross Platform
  • Title: Apache HTTP Server Mod_Proxy Denial of Service
  • Description: The Apache mod_proxy module is exposed to a denial of service issue due to improper handling of "date" headers in the "ap_proxy_date_canon()" function of "proxy_util.c" that could cause a buffer overflow.
  • Ref: http://marc.info/?l=apache-cvs&m=118592992309395&w=2
  • 07.36.36 - CVE: CVE-2007-4132
  • Platform: Cross Platform
  • Title: Red Hat Network Satellite Server XMLRPC Remote Code Execution
  • Description: Red Hat Network Satellite Server is a server application that allows users to perform Red Hat Network updates on computers that are not directly attached to the Internet. The Satellite Server is responsible for acting similarly to a proxy, downloading updates and serving them to client computers. The application is exposed to a remote code execution issue. Red Hat Network Satellite Server version 5.0.0 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0868.html
  • 07.36.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hexamail POP3 Server Remote Buffer Overflow
  • Description: Hexamail Server is a commercially-available mail server application that is available for the Microsoft Windows and Linux platforms. The application is exposed to a remote buffer overflow issue due to its improper bounds checking of user-supplied input. Hexamail Server version 3.0.0.001 is affected.
  • Ref: http://www.securityfocus.com/bid/25496
  • 07.36.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firebird Multiple Vulnerabilities
  • Description: Firebird is a relational database management system (RDBMS) available for multiple operating platforms. Firebird is exposed to multiple issues. Firebird versions prior to 2.0.2 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=535898
  • 07.36.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PhpGedView Login.PHP Cross Site Scripting
  • Description: PhpGedView is a PHP-based genealogy application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "username" parameter of the "login.php" script. PhpGedView version 4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/477881
  • 07.36.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: InterWorx-CP SiteWorx and NodeWorx Multiple Cross-Site Scripting Vulnerabilities
  • Description: InterWorx-CP is a web-based control panel for web administrators and system/cluster administrators. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. InterWorx-CP version 3.0.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/477848
  • 07.36.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mayaa UTF-7 Character Encoding Cross-Site Scripting
  • Description: Mayaa is a JavaServer template system. The application is exposed to cross-site scripting issue because it fails to sufficiently sanitize user-supplied input formatted in character encodings such as "UTF-7", to unspecified scripts and parameters. Mayaa versions prior to 1.1.12 are affected.
  • Ref: http://www.securityfocus.com/bid/25443
  • 07.36.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tuigwaa Unspecified Cross-Site Scripting
  • Description: Tuigwaa is a web-based application. The software is exposed to unspecified cross-site scripting issues because it fails to sanitize user-input. Tuigwaa versions prior to 1.0.5 are affected.
  • Ref: http://www.securityfocus.com/bid/25447
  • 07.36.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AutoIndex PHP Script Index.PHP Cross-Site Scripting
  • Description: AutoIndex PHP Script is a website indexing and file management application. The application is exposed to cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "search_mode" parameter of the "index.php" script. AutoIndex PHP Script version 2.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25448
  • 07.36.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TikiWiki Tiki-Remind_Password.PHP Cross-Site Scripting
  • Description: Tikiwiki is a wiki application. The application is exposed to cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the username form field of the "tiki-remind_password.php" script. Tikiwiki version 1.9.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/477653
  • 07.36.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Absolute Poll Manager XE xlaapmview.asp Cross Site Scripting
  • Description: Absolute Poll Manager XE is a web-based survey application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "msg" parameter of the "xlaapmview.asp" script. Absolute Poll Manager XE version 4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/478152
  • 07.36.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Acrotxt Show Parameter SQL Injection
  • Description: Acrotxt is a plugin module for Woltlab Burning Board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "show" parameter of the "acrotxt.php" script before using it in an SQL query. Acrotxt version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/25463
  • 07.36.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ACG News index.php Multiple SQL Injection Vulnerabilities
  • Description: ACG News is a web-based news reader application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "aid", and "catid" parameters of the "index.php" script before using it in SQL queries. ACG News version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25466
  • 07.36.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dale Mooney Calendar Events Viewevent.PHP SQL Injection
  • Description: Calendar Events is a web-based calendar. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "viewevent.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/477851
  • 07.36.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SunShop Shopping Cart Index.PHP SQL Injection
  • Description: SunShop Shopping Cart is a web-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "s[cid]" parameter of the "index.php" script before using it in an SQL query. SunShop Shopping Cart version 4.0.0 RC6 is affected.
  • Ref: http://www.securityfocus.com/bid/25445
  • 07.36.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Arcadem Index.PHP SQL Injection
  • Description: Arcadem is an arcade script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "blockpage" parameter of the "index.php" script before using it in an SQL query. Arcadem version 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/25418
  • 07.36.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ABC eStore Index.PHP SQL Injection
  • Description: ABC eStore is a web-based e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "index.php" script before using it in an SQL query. ABC eStore version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25476
  • 07.36.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DL PayCart Viewitem.PHP SQL Injection
  • Description: DL PayCart is a web-based e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemID" parameter of the "viewitem.php" script before using it in an SQL query. DL PayCart version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/25477
  • 07.36.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpns Shownews.PHP SQL Injection
  • Description: phpns is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "shownews.php" script before using it in an SQL query. phpns version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25479
  • 07.36.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Micro CMS Revert-Content.PHP SQL Injection
  • Description: Micro CMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "revert-content.php" script before using it in an SQL query. Micro CMS version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/25470
  • 07.36.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NMDeluxe Index.PHP Newspost SQL Injection
  • Description: NMDeluxe is a web-based news management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script during a "newspost" before using it in an SQL query. NMDeluxe version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25488
  • 07.36.56 - CVE: Not Available
  • Platform: Web Application
  • Title: Dale Mooney Contact Form Open Email Relay
  • Description: Contact Form is a PHP-based application that allows users to contact site administrators. The application is exposed to open-email-relay issue because the application fails to sanitize CRLF characters to the "subject", "email", "message" and "name" parameters of the "contact.php" script.
  • Ref: http://www.securityfocus.com/archive/1/477851
  • 07.36.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Dale Mooney Moon Gallery Upload.PHP Arbitrary File Upload
  • Description: Moon Gallery is a web-based calendar application. Calendar Events is exposed to an arbitrary file upload issue because it fails to sanitize user-supplied input. Specifically the issue occurs in the "config/upload.php" script.
  • Ref: http://www.securityfocus.com/archive/1/477851
  • 07.36.58 - CVE: Not Available
  • Platform: Web Application
  • Title: 2532|Gigs activate.user.php Local File Include
  • Description: 2532|Gigs is a web-based application for musicians and bands to list and manage gigs. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "ctivateuser.php"' script. 2532|Gigs version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25449
  • 07.36.59 - CVE: Not Available
  • Platform: Web Application
  • Title: AbleDesign Dynamic Picture Frame PFrame.PHP HTML Injection
  • Description: AbleDesign Dynamic Picture Frame is an application used to add picture frames to website images. The application is exposed to an HTML-injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
  • Ref: http://www.securityfocus.com/archive/1/477845
  • 07.36.60 - CVE: Not Available
  • Platform: Web Application
  • Title: Ipswitch WS_FTP Server FTP Command HTML Injection
  • Description: WS_FTP Server is an FTP server application for Windows systems. The application is exposed to an HTML-injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. WS_FTP Server version 6 is affected.
  • Ref: http://www.securityfocus.com/bid/25429
  • 07.36.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Arcadem Index.PHP Remote File Include
  • Description: Arcadem is an arcade script. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "loadpage" parameter of the "index.php" script. Arcadem version 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/25432
  • 07.36.62 - CVE: Not Available
  • Platform: Web Application
  • Title: SomeryC Include.PHP Remote File Include
  • Description: SomeryC is a content management system for web comics. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "skindir" parameter of the "/admin/system/include.php" script. SomeryC version 0.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/25475
  • 07.36.63 - CVE: Not Available
  • Platform: Web Application
  • Title: Blizzard Entertainment StarCraft Brood War Minimap Preview Remote Denial of Service
  • Description: StarCraft Brood War is a real-time strategy game developed by Blizzard Entertainment. The application is exposed to a remote denial of service issue because the application fails to handle exceptional conditions. Blizzard Entertainment StarCraft Brood War version 1.15.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/478052
  • 07.36.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Cisco CallManager/Communications Manager SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Cisco Unified CallManager and Unified Communications Manager (CUCM) are a software-based call-processing component of the Cisco IP telephony solution. The application is exposed to a SQL injection and a cross-site scripting issue. These issues affect the "lang" parameter of the "admin" and "user logon" pages.
  • Ref: http://www.securityfocus.com/archive/1/478060
  • 07.36.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Our Space UploadMedia.CGI Arbitrary File Upload
  • Description: Our Space is a web-based social networking and community portal application. The application is exposed to an arbitrary file upload issue because it fails to sanitize user-supplied files that are uploaded via the "/cgi-bin/ourpsace/newswire/uploadmedia.cgi" script. Our Space version 2.0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/25487
  • 07.36.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Pakupaku CMS Index.PHP Arbitrary File Upload
  • Description: Pakupaku CMS is a content management system. The application is exposed to an arbitrary file upload issue because it fails to sanitize user-supplied files that are uploaded via the "index.php" script. Our Space version 2.0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/25491
  • 07.36.67 - CVE: Not Available
  • Platform: Network Device
  • Title: Thomson SpeedTouch 2030 SIP Empty Message Remote Denial of Service
  • Description: Thomson SpeedTouch 2030 is a voice over IP phone (VoIP). The application is exposed to a denial of service issue because the device fails to handle specially crafted SIP INVITE messages.
  • Ref: http://www.securityfocus.com/bid/25464
  • 07.36.68 - CVE: Not Available
  • Platform: Network Device
  • Title: Thomson SpeedTouch 2030 SIP Invite Message Remote Denial of Service
  • Description: Thomson SpeedTouch 2030 is a voice over IP phone (VoIP). The application is exposed to a denial of service issue because the device fails to handle specially crafted SIP INVITE messages. Thomas SpeedTouch 2030 firmware version 1.52.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25446

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Instructors have excellent hands on real life experience.
-Terry Kuxhaus, State of South Dakota

Mentor Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU