Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 4
January 22, 2007

SANS Newsletters Home

Critical problems were uncovered last week in JAVA file processing (#1) and in several parts of Oracle (#2). The JAVA problems can be used to infect people who simply view a malicious web page or HTML email. Updates are available for both.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 2
    • Third Party Windows Apps
    • 17
    • Mac OS
    • 8
    • Linux
    • 1
    • HP-UX
    • 1
    • BSD
    • 1
    • Unix
    • 2
    • Cross Platform
    • 18 (#1, #2, #3, #4)
    • Web Application - Cross Site Scripting
    • 8
    • Web Application - SQL Injection
    • 6
    • Web Application
    • 13
    • Network Device
    • 2
Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
HP-UX
BSD
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Sun Java GIF File Parsing Vulnerability
  • Affected:
    • Sun Microsystems Java Development Kit and Java Runtime Environment
    • JDK and JRE 5.0 Update 9 and prior
    • SDK and JRE version 1.4.2_12 and prior
    • SDK and JRE version 1.3.1_18 and prior

  • Description: Certain editions of the Java platform released by Sun Microsystems contain a vulnerability in the parsing of GIF image files. A specially-crafted GIF image file with an image width value of zero can cause a heap overflow. The flaw can be exploited to execute arbitrary code with the privileges of the current user. Note that applets are automatically downloaded and executed in typical web browser configurations. Hence, the flaw can be exploited by simply viewing a malicious web page or HTML email. Technical details for this vulnerability have been publicly posted. Sun's Java platform is installed on most Microsoft Windows systems, all Mac OS X systems, and most Unix and Unix-like systems.

  • Status: Sun confirmed, updates available.

  • References:
  • (2) HIGH: Oracle Critical Patch Update January 2007
  • Affected:
    • Oracle ORADC ActiveX Component
    • Oracle Database 9i and 10g
    • Oracle Identity Management 10g
    • Oracle Application Server 9i and 10g
    • Oracle E-Business Suite Release 11i and 11.0
    • Oracle Enterprise Manager 10g Grid Control
    • Oracle PeopleSoft Enterprise PeopleTools
    • Oracle Developer Suite
    • Possibly other Oracle products.

  • Description: Oracle released its January 2007 security update that fixes over 70 vulnerabilities. Most of the issues patched are low-severity security issues (information-disclosure, denial-of-service and locally exploitable flaws) with the exception of the following: 1) The Oracle Notification Service (ONS), installed by default along with several Oracle products, contains a buffer overflow. A specially-crafted ONS message could trigger this buffer overflow, and execute arbitrary code with the privileges of the ONS process. Users are advised to block access to TCP and UDP port 6200 at the network perimeter, if possible. 2) The "SYS.DBMS_AQ_INV" SQL package contains SQL injection vulnerabilities. By sending specially-crafted SQL queries using this SQL package to a server, an authenticated attacker could execute arbitrary SQL commands with elevated privilege, and possibly take control of the database system or execute arbitrary code with the privileges of the database process. 3) The "EmChartBean" component of the Oracle Application Server contains a directory-traversal vulnerability. An unauthenticated attacker could exploit this vulnerability to read any file visible to the Oracle Application Server process, which by default runs with "LocalSystem" privilege. 4) The ORADC ActiveX component contains a buffer overflow vulnerability. A specially-crafted web page that instantiates this component could trigger the buffer overflow, and execute arbitrary code with the privileges of the current user. Users can mitigate this vulnerability by disabling the control via Microsoft's "kill bit" mechanism for GUID "EC4CF635-D196-11CE-9027-02608C4BF3B5". Note that this may adversely affect some applications. A simple proof-of-concept is available for this vulnerability. (This is a different vulnerability than the ones listed in the January 2007 CPU.)

  • Status: Oracle confirmed, updates available.

  • Council Site Actions: Most of the reporting council sites are using the affected Oracle products. These sites are in the process of validating and testing updates and plan to roll out during their next regularly scheduled system update process.

  • References:
  • (4) LOW: IBM WebSphere Multiple Vulnerabilities
  • Affected:
    • IBM WebSphere Application Server versions 6.1.x

  • Description: IBM WebSphere Application Server contains multiple vulnerabilities, which could be exploited by an attacker to obtain the source code to arbitrary Java Server Pages (JSP). Additionally, there is an unspecified security vulnerability reported by the vendor. No technical details are believed to be publicly available for these vulnerabilities.

  • Status: IBM confirmed, updates available.

  • Council Site Actions: Only one of the reporting council sites is using WebSphere products. They are investigating exposure to vulnerability with the appropriate support team.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 4, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5346 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.4.1 - CVE: Not Available
  • Platform: Windows
  • Title: BrowseDialog ActiveX Control CCRPBDS6.DLL Denial of Service
  • Description: The BrowseDialog ActiveX control is prone to a denial of service vulnerability because the BrowseDialog Object with a CLSID of "19E6E148-BAEC-11D2-B03A-EAFC20524153" does not properly sanitize user-supplied input to the "SelectedFolder" field. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/22110
  • 07.4.2 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Help Workshop .CNT File Buffer Overflow
  • Description: Microsoft Help Workshop is prone to a buffer overflow vulnerability because it fails to properly bounds check user-supplied input in ".cnt" files. Please refer to the advisory for further information.
  • Ref: http://www.securityfocus.com/bid/22100
  • 07.4.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PentaWare PentaZip Multiple Vulnerabilities
  • Description: PentaZip is a compression utility. It is affected by multiple head overflow, directory traversal and denial of service issues. PentaZip version 8.5.1.190 and PentaSuite-PRO version 8.5.1.221 are affected.
  • Ref: http://www.securityfocus.com/bid/22104
  • 07.4.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Twilight Webserver Remote Denial of Service
  • Description: Twilight Webserver is vulnerable to a denial of service issue when processing excessively large "GET" requests. Twilight Webserver version 1.3.3.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22090
  • 07.4.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FolderTreeView ActiveX Control Remote Denial of Service
  • Description: FolderTreeview is a freely availably ActiveX control designed to create tree views of folders and files. It is exposed to a denial of service issue when the "RootFolder" variable of the control is assigned an excessively long string.
  • Ref: http://www.securityfocus.com/bid/22092
  • 07.4.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AVM Fritz!DSL IGD Control Service Directory Traversal Information Disclosure
  • Description: The AVM Fritz!DSL IGD Control Service is a Universal Plug and Play (UPnP) service for Microsoft Windows. This service is used to configure Fritz!DSL routers distributed by AVM. It is exposed to a remote information disclosure vulnerability because it fails to properly sanitize user-supplied input. Fritz!DSL Software version 2.2.29 is affected.
  • Ref: http://www.securityfocus.com/bid/22093
  • 07.4.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SISCO OSI Stack Remote Denial of Service
  • Description: The SISCO (Systems Integration Specialists Company) OSI stack for Windows is software designed to implement the OSI transport protocol on top of TCP/IP. It is affected by a denial of service issue because the software fails to properly handle malformed network packets.
  • Ref: http://www.securityfocus.com/bid/22095
  • 07.4.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Outpost Firewall PRO Local Privilege Escalation
  • Description: Outpost Firewall PRO is a firewall application implemented for the Microsoft Windows operating system. It is prone to a local privilege escalation vulnerability that could allow a local attacker to elevate their privileges and can lead to the complete compromise of an affected computer. Version 4.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22069
  • 07.4.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Remedy Action Request System Username Enumeration
  • Description: Remedy Action Request System is a helpdesk application. Due to a design error, the application is affected by a username enumeration vulnerability. Remedy Action version 5.01.02 is affected.
  • Ref: http://www.securityfocus.com/bid/22066
  • 07.4.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Crob FTP Server Multiple Commands Remote Denial of Service
  • Description: Crob FTP Server is an FTP server application. It is affected by a denial of service issue when processing the "LIST", "NLIST" and "NLIST -al" commands. Crob FTP Server version 3.6.1 b.263 is affected.
  • Ref: http://www.securityfocus.com/bid/22058
  • 07.4.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kaspersky Labs Anti-Virus Local Privilege Escalation
  • Description: Kaspersky Labs AntiVirus is an application that provides virus and spyware protection. It is vulnerable to a local privilege escalation issue due to an error when handling malformed data supplied to an unspecified function. Kaspersky Anti-Virus version 6.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22061
  • 07.4.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ipswitch WS_FTP 2007 Professional WSFTPURL.EXE Local Memory Corruption
  • Description: Ipswitch WS_FTP 2007 Professional is an FTP server application written for the Microsoft Windows operating system. It is exposed to a local memory corruption issue. Ipswitch WS_FTP 2007 Professional is affected.
  • Ref: http://www.securityfocus.com/bid/22062
  • 07.4.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FileZilla Options And QueueCTRL Modules Multiple Unspecified Buffer Overflow Vulnerabilities
  • Description: FileZilla is a file transfer protocol (FTP) application. It is prone to multiple unspecified buffer overflow vulnerabilities. Versions prior to 2.2.30a are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22057
  • 07.4.14 - CVE: CVE-2006-2212
  • Platform: Third Party Windows Apps
  • Title: KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities
  • Description: Sami FTP Server is vulnerable to multiple stack overflow issues when processing arguments to the "USER" and "PASS" commands. Sami FTP Server version 2.0.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22045
  • 07.4.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WFTPD Server SITE ADMIN Command Remote Denial of Service
  • Description: FTPD is a popular FTP server developed by Texas Imperial Software for Windows systems. It is exposed to a remote denial of service issue. This issue affects the processing of the "SITE ADMIN" command. An attacker can crash the server by issuing the command with a "'" value as an argument. Versions 3.25 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22046
  • 07.4.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BolinTech Dream FTP Server USER Remote Buffer Overflow
  • Description: Dream FTP Server is vulnerable to a remote buffer overflow issue. The issue is reported when the USER command is supplied with excessively long arguments. Dream FTP Server version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/22044
  • 07.4.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinZip Command Line Remote Buffer Overflow Vulnerability
  • Description: WinZip is a file compression/archival application available for multiple Microsoft Windows platforms. It is exposed to a remote buffer overflow issue because it fails to adequately bounds check user-supplied input before copying it into an insufficiently sized buffer. This issue affects version 9.0 SR1.
  • Ref: http://www.securityfocus.com/bid/22020/info
  • 07.4.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Total Commander Arbitrary File Deletion
  • Description: Total Commander is a file compression/decompression utility. It is affected by an arbitrary file deletion vulnerability that allows an attacker to create a malicious RAR file which, when extracted, will delete arbitrary files and corrupt the filesystem on the affected computer. Versions prior to 6.5.6 are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/22033
  • 07.4.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EIQ Networks Security Analyzer Null Pointer Dereference Client Denial of Service
  • Description: EIQ Networks Security Analyzer is a network security tool for use on the Microsoft Windows operating system. It is exposed to a denial of service issue because an access violation error occurs when various functions dereference the return value from a call to the "FindIndex" library routine. EIQ Networks Security Analyzer versions 2.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21994
  • 07.4.20 - CVE: Not Available
  • Platform: Mac Os
  • Title: Mac OS X SLP Daemon Service Registration Local Buffer Overflow
  • Description: Mac OS X SLP daemon is prone to a local buffer overflow issue due to insufficient handling of crafted "attr-list" field in a registration request. Apple Mac OS X 10.4.8 is vulnerable.
  • Ref: http://projects.info-pull.com/moab/MOAB-17-01-2007.html
  • 07.4.21 - CVE: Not Available
  • Platform: Mac Os
  • Title: Colloquy INVITE Request Remote Format String Vulnerability
  • Description: Colloquy is an Internet Relay Chat (IRC) and Secure Internet Live Conferencing (SILC) client. The application is prone to a remote format string vulnerability because it fails to properly sanitize user-supplied input. Colloquy versions prior to 2.1 (3558) are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22086
  • 07.4.22 - CVE: Not Available
  • Platform: Mac Os
  • Title: Rixstep Undercover Local Privilege Escalation
  • Description: Rixstep Undercover is an application that allows users to view hidden files on the Mac OS X operating system. The application is prone to a local privilege escalation vulnerability. This issue is due to a design error in the affected application. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/22071
  • 07.4.23 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple WebKit WebCore Remote Denial of Service
  • Description: Webkit is an open source system framework and web browser engine. It is affected by a denial of service issue due to insufficient sanitization of the "ArrayImpl ()" function in the "/platform/ArrayImpl.cpp" file. Applications using WebKit build 18794 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22059
  • 07.4.24 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X DMG UFS UFS_LookUp Denial of Service
  • Description: Apple Mac OS X is prone to a remote denial of service issue due to insufficient sanitization in the "ufs_lookup()" function of the "ufs_lookup.c" source file. Mac OS X 10.4.8 is affected.
  • Ref: http://www.securityfocus.com/bid/22036
  • 07.4.25 - CVE: Not Available10.4.8 is affected.
  • Platform: Mac Os
  • Title: Apple Mac OS X AppleTalk _ATPsndrsp Function Remote Heap Overflow
  • Description: Apple Mac OS X AppleTalk is prone to a heap overflow issue because it fails to perform sufficient bounds checks on user-supplied data in the "_ATPsndrsp" function. Apple Mac OS X version
  • Ref: http://www.securityfocus.com/bid/22041
  • 07.4.26 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X DMG HFS+ DO_HFS_TRUNCATE Denial of Service
  • Description: Apple Mac OS X is prone to a denial of service issue which occurs when a DMG image containing a specially-crafted HFS+ file system is handled. Mac OS X version 10.4.8 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22042
  • 07.4.27 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X DMG UFS Byte_Swap_Sbin() Integer Overflow
  • Description: Apple Mac OS X is prone to a remote integer overflow vulnerability. This issue occurs when the UFS filesystem handler fails to properly handle specially-crafted DMG images. Mac OS X 10.4.8 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22022
  • 07.4.28 - CVE: CVE-2006-6899
  • Platform: Linux
  • Title: BlueZ HIDD Bluetooh HID Command Injection
  • Description: BlueZ (bluez-utils) is an implementation of the Bluetooth wireless standards for Linux. It is vulnerable to a device command injection issue during certain unspecified configurations of two HID servers. BlueZ version 2.25 is vulnerable. Ref: http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf
  • 07.4.29 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX IPFilter Unspecified Remote Denial of Service
  • Description: HP-UX IPFilter is prone to a remote denial of service vulnerability when it is running in combination with HP patch PHNE_34474. Please refer to the advisory below for details.
  • Ref: http://www.securityfocus.com/bid/22103
  • 07.4.30 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD ICMP6 Echo Request Remote Denial of Service
  • Description: OpenBSD is prone to a remote denial of service issue which arises when the kernel handles a specially-crafted ICMP6 echo request. OpenBSD versions 3.9 and 4.0 are affected.
  • Ref: http://www.securityfocus.com/bid/22087
  • 07.4.31 - CVE: Not Available
  • Platform: Unix
  • Title: Oftpd Unsupported Address Family Remote Denial of Service
  • Description: Oftpd is an FTP client for Unix-based operating systems. It is affected by a denial of service issue when it processes unsupported address family in the argument of a LPRT or LPASV command. Oftpd Server version 0.3.7 is affected.
  • Ref: http://www.securityfocus.com/bid/22073
  • 07.4.32 - CVE: Not Available
  • Platform: Unix
  • Title: IBM OS/400 TCP Reset Remote Denial of Service
  • Description: IBM OS/400 is prone to a denial of service vulnerability that allows a remote attacker to reset a TCP connection on a vulnerable computer. IBM OS/400 versions V5R3M0 and V5R3M5 are reported to be affected.
  • Ref: http://www.securityfocus.com/bid/22048
  • 07.4.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oreon Remote File Include Vulnerability
  • Description: Oreon is an open source supervision and monitoring engine. It is prone to a remote file include vulnerability due to insufficient sanitization of the "file" parameter of "/lang/index.php". Versions 1.2.3 RC4 and prior are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/22107
  • 07.4.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Multiple Remote Vulnerabilities
  • Description: IBM WebSphere Application Server is a utility for creating enterprise web applications. It is exposed to multiple remote issues. Versions prior to 6.1.0.5 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22089
  • 07.4.35 - CVE: CVE-2007-0243
  • Platform: Cross Platform
  • Title: Sun Java RunTime Environment GIF Images Buffer Overflow
  • Description: The Java Runtime Environment is an application that allows users to run Java applications. It is prone to a buffer overflow vulnerability when the application processes a GIF image from a Java applet. Several versions of java runtime environment are affected. See the advisory for further details
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
  • 07.4.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BEA Multiple Products Multiple Vulnerabilities
  • Description: WebLogic Server, WebLogic Platform, and WebLogic Express, are enterprise application server products. BEA has released 23 advisories identifying various vulnerabilities affecting BEA WebLogic Server, WebLogic Platform, and WebLogic Express. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/bid/22082
  • 07.4.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle January 2007 Security Update Multiple Vulnerabilities
  • Description: Multiple vulnerabilities affect various Oracle applications. Please refer to the link below for further details. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
  • 07.4.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Squid Proxy FTP URI Remote Denial of Service
  • Description: Squid is an open source proxy server. It is prone to a remote denial of service issue due to a quoting flaw in the "ftpListingFinish()" function in the "src/ftp.c" source file. Squid versions from 2.5.STABLE11 to 2.6.STABLE6 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22079
  • 07.4.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BEA JRockit Java Virtual Machine Unspecified Stack Buffer Overflow
  • Description: BEA JRockit is a server-based Java Virtual Machine (JVM) application optimized for Intel platforms. The application is deployed as part of the Weblogic server infrastructure. It is exposed to a stack-based buffer overflow vulnerability because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Version 1.4.2_05 is affected.
  • Ref: http://www.securityfocus.com/bid/22077
  • 07.4.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GnuPG Multiple Potential Vulnerabilities
  • Description: GNU Privacy Guard (GnuPG) is an open source encryption application. It is potentially vulnerable to multiple remote issues due to a code audit. GnuPG version 1.4.6 is reportedly vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/22064
  • 07.4.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Macromedia Shockwave 10 SWDIR.DLL ActiveX Control Remote Denial of Service
  • Description: Macromedia Shockwave is exposed to a denial of service issue when the "swURL" variable of the vulnerable control is assigned an excessively long string. Macromedia Shockwave 10 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22067
  • 07.4.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FileZilla Multiple Remote Format String Vulnerabilities
  • Description: FileZilla is an FTP and SFTP client application. It is prone to multiple remote format string vulnerabilities. FileZilla Version 3 prior to beta 5 is vulnerable to these issues. Please see the advisory for further information.
  • Ref: http://www.securityfocus.com/bid/22063
  • 07.4.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libgtop2 Library Local Buffer Overflow
  • Description: Libgtop2 is a Gnome library for obtaining system information. It is prone to a buffer overflow vulnerability because the process name is not properly checked in the "glibtop_get_proc_map_s()" function of the "sysdeps/linux/procmap.c" source file. Libgtop2 versions prior to 2.14.6 are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/22054
  • 07.4.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RealNetwork RealPlayer MID File Handling Remote Denial of Service
  • Description: RealNetwork RealPlayer is an application that allows users to play various media formats. It is exposed to a remote denial of service vulnerability. This issue occurs because the application fails to handle crafted "mid" files. Version 10.5 is affected.
  • Ref: http://www.securityfocus.com/bid/22050
  • 07.4.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Neon LibNeon Non-Ascii Character URI Data Denial of Service
  • Description: The Neon Library is an HTTP and WebDAV client library. It is affected by a denial of service issue while parsing URI data containing non-ascii characters. Neon Library versions 0.26 to 0.26.2 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22035
  • 07.4.46 - CVE: CVE-2006-5876
  • Platform: Cross Platform
  • Title: LibSoup Library HTTP Headers Remote Denial of Service
  • Description: LibSoup is an HTTP client server library for GNOME. It is prone to a denial of service when the "soup_headers_parse()" function of the "soup-headers.c" source file parses a malicious HTTP header containing a "" followed by a null character. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/22034
  • 07.4.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle ORADC ActiveX Control Remote Code Execution
  • Description: The ORADC ActiveX control is provided by the Oracle Objects for OLE package. It is a COM-based database connectivity library and application suite. The vulnerability affects the Oracle ORADC ActiveX control with a CLSID from the "Ora81binoradc.ocx" library. Specifically, the "UpdateRecord()" method is affected by this issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/22026
  • 07.4.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CA BrightStor ARCserve Backup Tape Engine TCP 6503 Remote Buffer Overflow
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection for mutlitple operating systems. They are exposed a remote buffer overflow issue because the application fails to perform proper bounds checking on data supplied to the application. BrightStor ARCServe Backup versions 11.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22006
  • 07.4.49 - CVE: CVE-2007-0168
  • Platform: Cross Platform
  • Title: CA BrightStor ARCserve BackUp Tape Engine Remote Code Execution
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection. They are vulnerable to a remote code execution issue when handling RPC requests over TCP port 6502. See the advisory for further details.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-002.html
  • 07.4.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CA BrightStor ARCserve Backup Message Engine Remote Buffer Overflow
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection. They are affected by a remote buffer overflow issue due the handling of user-supplied data via RPC while processing requests on TCP ports 6503 and 6504. Please see the attached advisory for details.
  • Ref: http://www.securityfocus.com/bid/22005
  • 07.4.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MyBloggie Multiple Cross-Site Scripting Vulnerabilities
  • Description: MyBloggie is a web-log application. It is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to unspecified parameters of the "index.php" and "login.php" scripts. MyBloggie version 2.1.5 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/22097
  • 07.4.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IndexU Multiple Cross-Site Scripting Vulnerabilities
  • Description: IndexU is a content managment system (CMS) for directory web sites. It is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. IndexU versions 5.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22084
  • 07.4.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DT_Guestbook Index.PHP Cross-Site Scripting
  • Description: DT_Guestbook is a web-based guestbook application. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of the "error" parameter of the "index.php" script. Version 1.0f is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22078
  • 07.4.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: liens_dynamiques Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: liens_dynamiques is a web application. It is exposed to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. These issues affect version 2.1.
  • Ref: http://www.securityfocus.com/bid/22070
  • 07.4.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ThWboard Board "styleid" SQL Injection
  • Description: ThWboard is a web-based bulletin board application implemented in PHP. It is prone to an SQL injection vulnerability due to insufficient input sanitization of the "board[styleid]" parameter of the "/inc/header.inc.php near" script file. Versions 3.0 Beta 2.84-php5 and prior are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/22047
  • 07.4.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WebGUI Wiki Title Cross-Site Scripting
  • Description: WebGUI is a web-based content management system. Insufficient sanitization of the "title" parameter of the Wiki page exposes the application to a cross-site scripting issue. All versions are affected.
  • Ref: http://www.securityfocus.com/bid/22051
  • 07.4.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: InstantForum.NET Multiple Cross-Site Scripting Vulnerabilities
  • Description: InstantForum.NET is a web-based forum application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to various scripts. InstantForum version 4.1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22052
  • 07.4.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Open Solution Quick.Cart Index.PHP Cross-Site Scripting
  • Description: Open Solution Quick.Cart is an online shopping application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "p" parameter of the "index.php" script. Open Solution Quick.Cart version 2.0 English edition is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21971
  • 07.4.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Woltlab Burning Board Search.PHP SQL Injection
  • Description: Woltlab Burning Board is a web-based bulletin board. Insufficient sanitization of the "boardids" parameter in the "search.php" script exposes the application to an SQL injection issue. Woltlab Burning Board versions 1.0.2 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/22096
  • 07.4.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MGB Email.PHP SQL Injection
  • Description: MGB is an open source guestbook. It is prone to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "email.php" script. MGB versions 0.5.4.5 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22094
  • 07.4.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scriptme SmE File Mailer Login SQL Injection
  • Description: SmE File Mailer is a web-based application to email selected files to a user's email address. Insufficient sanitization of user-supplied input exposes the application to an SQL injection issue. SmE File Mailer version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/22081
  • 07.4.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Okul Web Otomasyon Sistemi Etkinlikbak.ASP SQL Injection
  • Description: Okul Web Otomasyon Sistemi is a web-based application. It is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "etkinlikbak.asp" script file. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/22060
  • 07.4.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Block-Old_Articles.PHP SQL Injection
  • Description: PHP-Nuke is a content management and portal system. The application is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "/blocks/block-Old_Articles.php" script file before using it in an SQL query. PHP-Nuke versions 7.9 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22037
  • 07.4.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DigiAppz DigiAffiliate Visu_User.ASP SQL Injection
  • Description: DigiAffiliate is a web-based affiliate management application. It is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "visu_user.asp" script file before using it in an SQL query. DigiAffiliate versions 1.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22039
  • 07.4.65 - CVE: Not Available
  • Platform: Web Application
  • Title: FreshReader Feed HTML Injection
  • Description: FreshReader Feed is an application that displays any RSS news feed. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input when adding malicious RSS feeds. FreshReader Feed versions prior to 1.0.07010600 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22106
  • 07.4.66 - CVE: Not Available
  • Platform: Web Application
  • Title: ComVironment Grab_Globals.Lib.PHP Remote File Include
  • Description: ComVironment is a web-based portal application. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "inc_dir" parameter of the "grab_globals.lib.php" script before using it in a "require_once()" call. ComVironment version 4.0 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/22108
  • 07.4.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Uberghey Frontpage.PHP Remote File Include
  • Description: Uberghey is a web-based content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "setupfolder" parameter of the "frontpage.php" script. Uberghey version 0.3.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22098
  • 07.4.68 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyphorum Frame.PHP Remote File Include
  • Description: PHPMyphorum application is a web-based forum tool. It is prone to a remote file include vulnerability because the application fails to properly sanitize user-supplied input to the "chem" parameter of "frame.php". PHPMyphorum version 1.5a is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/22099
  • 07.4.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Jax Petitionbook Language Parameter Multiple Local File Include Vulnerabilities
  • Description: Jax Petitionbook is affected by a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "jax_petitionbook.php" and "smileys.php" scripts. Jax Petitionbook version 1.0.3.06 is affected.
  • Ref: http://www.securityfocus.com/bid/22072
  • 07.4.70 - CVE: Not Available
  • Platform: Web Application
  • Title: GOnicus System Administrator Unauthorized Data Manipulation
  • Description: GOnicus System Administrator (GOsa) is an administration tool for managing accounts and systems in LDAP databases. It is exposed to a vulnerability that may allow an attacker to manipulate certain settings and object values. This issue affects versions earlier than 2.5.8.
  • Ref: http://www.securityfocus.com/bid/22075
  • 07.4.71 - CVE: Not Available
  • Platform: Web Application
  • Title: KGB Sesskglogadmin.PHP Local File Include
  • Description: KGB is a web-based content management system. Insufficient sanitization of the "skinn" parameter of the "kgbmod/sesskglogadmin.php" script exposes the application to a local file include issue. KGB version 1.9 is affected.
  • Ref: http://www.securityfocus.com/bid/22065
  • 07.4.72 - CVE: Not Available
  • Platform: Web Application
  • Title: liens_dynamiques AdminLien.PHP Security Restriction Bypass
  • Description: liens_dynamiques is a web application. It is vulnerable to a security restriction bypass issue when navigating to the "admin/adminlien.php3" script. liens_dynamiques version 2.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/456986
  • 07.4.73 - CVE: Not Available
  • Platform: Web Application
  • Title: JV2 Folder Gallery Source Code Information Disclosure
  • Description: JV2 Folder Gallery is an image gallery application. It is exposed to a source disclosure issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "download.php" script. JV2 Folder Gallery version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22053
  • 07.4.74 - CVE: Not Available
  • Platform: Web Application
  • Title: FdWeB Espace Membre Admin_Menu.PHP Remote File Include
  • Description: FdWeB Espace Membre is a web application implemented in PHP. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "path'" parameter of the "_admin/admin_menu.php" script. Versions 2.01 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22040
  • 07.4.75 - CVE: Not Available
  • Platform: Web Application
  • Title: LunarPoll Show.PHP Remote File Include
  • Description: LunarPoll is a web-based online poll management application. It is affected by a remote file include issue due to insufficient sanitization of the "PollDir" parameter of the "show.php" script. LunarPoll version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22024
  • 07.4.76 - CVE: Not Available
  • Platform: Web Application
  • Title: sNews SNews.PHP Authentication Bypass
  • Description: sNews is a news reader. It is vulnerable to an authentication bypass issue with the "snews.php" page. sNews versions 1.5.30 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22025
  • 07.4.77 - CVE: Not Available
  • Platform: Web Application
  • Title: VP-ASP Shopping Cart Multiple Input Validation Vulnerabilities
  • Description: VP-ASP Shopping Cart is affected by multiple SQL injection and cross-site scripting issues. VP-ASP Shopping Cart version 6.09 is affected.
  • Ref: http://www.securityfocus.com/bid/22018
  • 07.4.78 - CVE: Not Available
  • Platform: Network Device
  • Title: HP Jetdirect Unspecified Denial of Service
  • Description: HP Jetdirect Printers are network compatible printers distributed by HP. They are prone to a remote denial of service vulnerability due to an unspecified error in the ftp service on Jetdirect printers.
  • Ref: http://www.securityfocus.com/bid/22105
  • 07.4.79 - CVE: Not Available
  • Platform: Network Device
  • Title: InGate Firewall and SIParator Unspecified Authentication Replay
  • Description: InGate Firewalls are hardware firewall devices that support Session Initiation Protocol (SIP) via SIParator SIP-based communication devices. It is affected by an authentication replay issue. InGate Firewall version prior to 4.5.1 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22080

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This course will provide a wealth of information to advance my career in the IT field.
-Doreen Lawrence, Los Alamos National Lab

Forensics 585

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage