@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) CRITICAL: Real Networks Real Player ActiveX Control Buffer Overflow
• (2) HIGH: Mozilla Firefox Multiple Vulnerabilities
• (3) HIGH: Apple iPhone/iPod Touch TIFF Handling Buffer Overflow
• (4) MODERATE: Microsoft Visual FoxPro ActiveX Control Arbitrary Command Execution
• (5) MODERATE: Opera Web Browser Multiple Vulnerabilities
• (6) MODERATE: IrfanView Palette File Buffer Overflow
• (7) LOW: Cisco Unified Communications Manager Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 07.43.1 - Microsoft Windows Mobile SMS Handler Source Obfuscation

Other Microsoft Products

• 07.43.2 - Microsoft Internet Explorer Extension Filter Bypass Arbitrary File Upload
• 07.43.3 - Microsoft ActiveSync Weak Password Obfuscation Information Disclosure

Third Party Windows Apps

• 07.43.4 - Computer Associates BrightStor ARCserve Backup Unspecified Remote Code Execution
• 07.43.5 - PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite
• 07.43.6 - DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow
• 07.43.7 - COWON America jetAudio M3U File Processing Remote Buffer Overflow
• 07.43.8 - Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation
• 07.43.9 - RealPlayer Unspecified ActiveX Control Buffer Overflow

Linux

• 07.43.10 - rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure
• 07.43.11 - HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution
• 07.43.12 - MadWifi Xrates Element Remote Denial of Service
• 07.43.13 - OpenSSL DTLS Heap Buffer Overflow
• 07.43.14 - Cisco CallManager and Openser SIP Remote Unauthorized Access
• 07.43.15 - Linux Kernel EFLAGS NT Local Denial of Service
• 07.43.16 - DenyHosts Client Protocol Version Identification Remote Denial of Service
• 07.43.17 - Tramp Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities

HP-UX

• 07.43.18 - HP-UX OpenSSL Unspecified Local Denial of Service

Solaris

• 07.43.19 - Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service
• 07.43.20 - Sun Solaris Kernel Statistics Retrieval Process Multiple Local Denial of Service Vulnerabilities

Cross Platform

• 07.43.21 - WWWIsis IsisScript Local File Disclosure
• 07.43.22 - eXtremail Multiple Remote Buffer Overflow Vulnerabilities
• 07.43.23 - Counter-Strike 1.6 Multiple Remote Vulnerabilities
• 07.43.24 - IBM WebSphere Application Server Administrative Scripting Tools Unspecified
• 07.43.25 - TCL/TK Tk Toolkit TKIMGGIF.C Buffer Overflow
• 07.43.26 - Mouseover Dictionary Unspecified Arbitrary Script Code Execution
• 07.43.27 - Apache Tomcat WebDav Remote Information Disclosure
• 07.43.28 - Novell SUSE ISC BIND Named LibGSSAPI Denial of Service
• 07.43.29 - Sun StorEdge 3510 FC Array FTP Service Denial of Service
• 07.43.30 - Distributed Checksum Clearinghouse SOCKS Unspecified Denial of Service
• 07.43.31 - IrfanView .PAL Importing Remote Stack Based Buffer Overflow
• 07.43.32 - TIBCO SmartPGM FX Multiple Remote Vulnerabilities
• 07.43.33 - OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
• 07.43.34 - Opera Web Browser External Applications Arbitrary Code Execution
• 07.43.35 - Opera Web Browser Frame Functions Same Origin Policy Bypass
• 07.43.36 - Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
• 07.43.37 - Cisco Unified Communications Management Applications Privilege Escalation
• 07.43.38 - Oracle TNS Listener GIOP Service Remote Denial of Service and Information Disclosure
• 07.43.39 - Oracle XML DB FTP Service Login Audit
• 07.43.40 - Oracle Database Remote Denial of Service
• 07.43.41 - Cisco Firewall Services Module Multiple Denial of Service and ACL Corruption Vulnerabilities
• 07.43.42 - Miranda Multiple Buffer Overflow Vulnerabilities
• 07.43.43 - Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
• 07.43.44 - IBM DB2 Universal Database Authentication Unspecified

Web Application - Cross Site Scripting

• 07.43.45 - Stringbeans Portal Projects Script Cross-Site Scripting
• 07.43.46 - WWWIsis Lang Parameter Cross-Site Scripting
• 07.43.47 - Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 Error Page Cross- Site Scripting
• 07.43.48 - InnovaShop Multiple Cross-Site Scripting Vulnerabilities
• 07.43.49 - WebMod AUTH.W Cross-Site Scripting
• 07.43.50 - mnoGoSearch T Parameter Cross-Site Scripting
• 07.43.51 - Alacate-Lucent OmniVista 4760 Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 07.43.52 - KwsPHP MG2 Module SQL Injection
• 07.43.53 - KwsPHP Newsletter Module SQL Injection
• 07.43.54 - Softbiz Recipes Portal Searchresult.PHP SQL Injection
• 07.43.55 - Okul Otomasyon Portal Default.ASP SQL Injection
• 07.43.56 - Asterisk Asterisk-Addons CDR_ADDON_MYSQL Module SQL Injection
• 07.43.57 - Oracle interMedia Multiple SQL Injection Vulnerabilities
• 07.43.58 - Oracle Workspace Manager LT Package SQL Injection

Web Application

• 07.43.59 - doop Index.php Local File Include
• 07.43.60 - dotProject Companies Module Security Bypass
• 07.43.61 - NSSBoard Multiple HTML Injection Vulnerabilities
• 07.43.62 - Joomla! Com_Colorlab Component MosConfig_Live_Site Remote File Include
• 07.43.63 - PHP File Sharing System Index.PHP Directory Traversal
• 07.43.64 - Live for Speed Skin Name Buffer Overflow
• 07.43.65 - VirtueMart Unspecified Arbitrary PHP Code Execution
• 07.43.66 - Artmedic CMS Index.PHP Local File Include
• 07.43.67 - Ruby on Rails Multiple Vulnerabilities
• 07.43.68 - RunCMS NewBB_Plus Unspecified Security
• 07.43.69 - LimeSurvey CLASSES/CORE/LANGUAGE.PHP ROOTDIR Parameter Remote File Include
• 07.43.70 - PHPDJ DJ/DJPAGE.PHP PAGE Parameter Remote File Include
• 07.43.71 - awzMB Multiple Remote File Include Vulnerabilities
• 07.43.72 - Drupal Weblinks Multiple Unspecified HTML Injection Vulnerabilities
• 07.43.73 - SiteBar Multiple Input Validation Vulnerabilities
• 07.43.74 - Computer Associates Host-Based Intrusion Prevention System Server HTML Injection

Network Device

• 07.43.75 - Cisco PIX and ASA Appliances MGCP and TLS Packets Denial of Service Vulnerabilities
• 07.43.76 - Nortel CS1000 ELAN Remote Denial of Service
• 07.43.77 - Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow
• 07.43.78 - Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop
• 07.43.79 - Nortel IP Phones UNIStim Messages Denial of Service
• 07.43.80 - Nortel UNIStim IP Phone Remote Denial of Service

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 07.43.1 - CVE: CVE-2007-5493
• Platform: Windows
• Title: Microsoft Windows Mobile SMS Handler Source Obfuscation
• Description: Microsoft Windows Mobile is a light-weight operating system designed for mobile devices. The application is exposed to an issue that can result in the obfuscation of an SMS message source because the SMS handler fails to adequately decode WAP PUSH messages designed to mask the originating telephone number and sending time. Microsoft Windows Mobile 5 PocketPC is affected.
• Ref: http://www.securityfocus.com/archive/1/482446

• 07.43.2 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Extension Filter Bypass Arbitrary File Upload
• Description: Internet Explorer is the default web browser shipped with all versions of the Microsoft operating system. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input.
• Ref: http://www.securityfocus.com/archive/1/482220

• 07.43.3 - CVE: CVE-2007-5460
• Platform: Other Microsoft Products
• Title: Microsoft ActiveSync Weak Password Obfuscation Information Disclosure
• Description: Microsoft ActiveSync provides a gateway between computers running Windows and portable devices running Windows Mobile. The application is exposed to an information disclosure issue because it fails to adequately obfuscate sensitive information. Software that uses ActiveSync version 4.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/482299

• 07.43.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Computer Associates BrightStor ARCserve Backup Unspecified Remote Code Execution
• Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection for Windows, NetWare, Linux, and UNIX servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS clients. The application is exposed to an unspecified remote code execution issue. Computer Associates BrightStor ARCserve Backup version 11.5 SP3 is affected.
• Ref: http://research.eeye.com/html/advisories/upcoming/20071003.html

• 07.43.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite
• Description: PBEmail ActiveX Edition is an email ActiveX component. The application is exposed to an issue that lets attackers overwrite arbitrary local files. PBEmail ActiveX Edition 7 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 07.43.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow
• Description: VImpX is an ActiveX control that imports data into a variety of industry standard databases from flat files, cross tables, and ODBC data sources. The "VImpX.ocx" ActiveX control shipped with the VImpX application is exposed to a buffer overflow issue because it fails to properly sanitize user-supplied input to the "RejectedRecordsFile" parameter in the "VImpX.ocx" ActiveX component. VImpX version 4.7.3.0 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 07.43.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: COWON America jetAudio M3U File Processing Remote Buffer Overflow
• Description: jetAudio is an integrated multimedia player for use on the Microsoft Windows operating system. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check data before copying it into an insufficiently sized buffer while processing M3U files. jetAudio version 7.0.3 is affected.
• Ref: http://www.securityfocus.com/bid/26069

• 07.43.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation
• Description: Macrovision SafeDisc is a copy-protection application written for the Microsoft Windows operating platform. The application is exposed to a local privilege escalation issue because it fails to adequately sanitize user-supplied input. The issue occurs due to insecure usage of the "METHOD_NEITHER" IOCTL by the "secdrv.sys" driver. Ref: http://www.reversemode.com/index.php?option=com_content&task=view&id=43&Itemid=1

• 07.43.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: RealPlayer Unspecified ActiveX Control Buffer Overflow
• Description: Real Networks RealPlayer is an application that allows users to play various media formats. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.
• Ref: http://support.microsoft.com/kb/240797

• 07.43.10 - CVE: Not Available
• Platform: Linux
• Title: rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure
• Description: rPath Linux is a specialized GNU/Linux distribution for enterprise users. The initscripts package is used when initializing and shutting down the system. The application is exposed to a local information disclosure issue due to incorrect file permissions being set on the "/var/log/btmp" file by scripts from the initscripts package. rPath Linux version 1 is affected.
• Ref: http://www.securityfocus.com/bid/26048

• 07.43.11 - CVE: CVE-2007-5208
• Platform: Linux
• Title: HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution
• Description: HP Linux Imaging and Printing System (HPLIP) allows Linux to utilize HP inkjet and laser based printers for printing, scanning, and faxing. The application is exposed to an arbitrary command execution issue because it fails to adequately sanitize user-supplied input. HPLIP versions in the 1.0 and 2.0 series are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=319921

• 07.43.12 - CVE: Not Available
• Platform: Linux
• Title: MadWifi Xrates Element Remote Denial of Service
• Description: MadWifi is a device driver for Wireless LAN chipsets for Linux systems. The application is exposed to a remote denial of service issue because certain beacon frames will cause the application to exit via the "BUG()" macro, leading to a kernel panic. Specifically, in the "sta_add()" function of "net80211/ieee80211_scan_sta.c" the "xrates" element has a length limit of 15. MadWifi versions 0.9.3.2 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/482168

• 07.43.13 - CVE: CVE-2007-4995
• Platform: Linux
• Title: OpenSSL DTLS Heap Buffer Overflow
• Description: OpenSSL is an open-source implementation of the SSL protocol that is used by a number of other projects, including but not restricted to, Apache, Sendmail, and Bind. It is commonly found on Linux and UNIX systems. DTLS is a datagram variant of TLS. The application is exposed to a heap-based buffer overflow issue because the library fails to perform adequate boundary checks on user-supplied data. The vulnerability resides in the DTLS library.
• Ref: https://rhn.redhat.com/errata/RHSA-2007-0964.html

• 07.43.14 - CVE: Not Available
• Platform: Linux
• Title: Cisco CallManager and Openser SIP Remote Unauthorized Access
• Description: Cisco Unified CallManager and Unified Communications Manager (CUCM) are a software-based call-processing component of the Cisco IP telephony solution. OpenSER is a Session Initiation Protocol (SIP) server available for Unix, Linux and other Unix-like operating systems. These products are exposed to a remote unauthorized access issue. A remote attacker can exploit this issue to initiate unauthorized phone calls and masquerade their identity as a legitimate user. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0306.html

• 07.43.15 - CVE: CVE-2006-5755
• Platform: Linux
• Title: Linux Kernel EFLAGS NT Local Denial of Service
• Description: The Linux kernel is exposed to a denial of service issue because the kernel on x86_64 systems fails to properly save or restore EFLAGS during a context switch. A local attacker can exploit this by causing "SYSENTER" to set an "NT" flag, which can trigger a crash in this next task. The Linux Kernel versions prior to 2.6.18 are affected.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18

• 07.43.16 - CVE: CVE-2007-4323
• Platform: Linux
• Title: DenyHosts Client Protocol Version Identification Remote Denial of Service
• Description: DenyHosts is an application designed to monitor SSH server authentication-failure messages and block hosts that attempt to brute-force SSH authentication credentials. The application is exposed to a remote denial of service issue because it fails to properly ensure the source of authentication failure messages.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=244943

• 07.43.17 - CVE: CVE-2007-5377
• Platform: Linux
• Title: Tramp Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
• Description: Emacs is an extensively featured text editor. The Tramp (Transparent Remote File Access) extension for Emacs is a file transfer application that provides remote access via a shell login. The "tramp-make-temp-file" and "tramp-make-tramp-temp-file" functions create temporary files with predictable filenames in an insecure manner. An attacker with local access could potentially exploit these issues to perform symbolic link attacks upon application-related files, overwriting them in the context of the affected application. Tramp versions prior to 2.1.11 are affected.
• Ref: http://lists.gnu.org/archive/html/emacs-devel/2007-10/msg00132.html

• 07.43.18 - CVE: Not Available
• Platform: HP-UX
• Title: HP-UX OpenSSL Unspecified Local Denial of Service
• Description: Instances of HP-UX that are running OpenSSL are prone to an unspecified local denial of service issue. HP-UX versions B.11.11, B.11.23 and B.11.31 when running OpenSSL versions prior to vA.00.09.07l are affected.
• Ref: http://www.securityfocus.com/archive/1/482369

• 07.43.19 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service
• Description: Sun Solaris is an enterprise-grade UNIX distribution. The application is exposed to a denial of service issue that stems from an unspecified error in solaris RPC services Library "librpcsvc(3LIB)". Sun Solaris versions 8, 9, and 10 for SPARC and x86 architectures are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103082-1&searchclause=

• 07.43.20 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris Kernel Statistics Retrieval Process Multiple Local Denial of Service Vulnerabilities
• Description: Sun Solaris is an enterprise-grade UNIX distribution. The application is exposed to multiple local denial of service issues that stem from unspecified errors in the kernel statistics retrieval process. Sun Solaris versions 8, 9, 10 for SPARC and x86 architectures are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103064-1&searchclause=

• 07.43.21 - CVE: Not Available
• Platform: Cross Platform
• Title: WWWIsis IsisScript Local File Disclosure
• Description: WWWIsis provides a web interface for accessing ISIS databases. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. The application is exposed to an issue that will allow remote attackers to display the contents of arbitrary local files in the context of the webserver process. The problem affects the "IsisScript" parameter, and is due to a failure to properly sanitize user-supplied input. Specifically, directory traversal strings ("../") are not properly sanitized. WWWIsis version 7.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/482356

• 07.43.22 - CVE: Not Available
• Platform: Cross Platform
• Title: eXtremail Multiple Remote Buffer Overflow Vulnerabilities
• Description: eXtremail is a mail server application. The application is exposed to an integer underflow issue and multiple buffer overflow issues. The integer underflow occurs during calls to "memmove()" in unspecified functions of the application because the size argument, "%s", increases by one byte after each call due to being specified as "%%s". eXtremail versions 2.1.0 and 2.1.1 are affected.
• Ref: http://www.securityfocus.com/archive/1/482293

• 07.43.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Counter-Strike 1.6 Multiple Remote Vulnerabilities
• Description: Counter-Strike is a modification for Half-Life. The application is exposed to multiple remote issues. A cross-site scripting issue occurs because the application fails to sufficiently sanitize user-supplied input to the "redir" parameter of the "auth.w" script. An information disclosure issue occurs when an attacker includes a local file in an iframe. Another information disclosure issue may allow an attacker to gain unauthorized access to the affected application because the cookie data includes the "rcon" password in plaintext. Counter-Strike version 1.6 is affected.
• Ref: http://www.securityfocus.com/bid/26077

• 07.43.24 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Application Server Administrative Scripting Tools Unspecified
• Description: IBM WebSphere Application Server is exposed to an unspecified issue that affects the Administrative Scripting Tools such as wsadmin and ANT. WebSphere Application Server versions 5.1.1 and 6.0.2 are affected.
• Ref: http://www.securityfocus.com/bid/26078

• 07.43.25 - CVE: CVE-2007-5378
• Platform: Cross Platform
• Title: TCL/TK Tk Toolkit TKIMGGIF.C Buffer Overflow
• Description: TCL/TK Tk Toolkit is a GUI-based Tcl (Tool Command Language) toolkit. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user supplied data before copying it to an insufficiently sized buffer. TCL/TK versions prior to 8.4.13 are affected. Ref: https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997

• 07.43.26 - CVE: Not Available
• Platform: Cross Platform
• Title: Mouseover Dictionary Unspecified Arbitrary Script Code Execution
• Description: Mouseover Dictionary is a dictionary plugin for Mozilla Firefox. The application is exposed to an unspecified issue that lets attackers run arbitrary script code. Please refer to the link below for further information. Mouseover Dictionary versions prior to 0.6.2 are affected.
• Ref: http://www.securityfocus.com/bid/26053

• 07.43.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Apache Tomcat WebDav Remote Information Disclosure
• Description: Apache Tomcat is a Java-based webserver application for multiple operating systems. The application is exposed to a remote information disclosure issue because the WebDAV "Lock" function incorrectly handles requests. It is possible to reference a remote file in the XML file submitted with the LOCK request, using an external ENTITY Declaration.
• Ref: http://www.securityfocus.com/bid/26070

• 07.43.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Novell SUSE ISC BIND Named LibGSSAPI Denial of Service
• Description: Novell SUSE Linux Enterprise Server is exposed to a denial of service issue when handling Dynamic DNS update requests sent by computers running Microsoft Windows that are using Active Directory. This issue occurs when ISC BIND "named" handles GSS-TSIG (the Microsoft Windows Dynamic DNS update request mechanism) requests and fails to access the associated "libgssapi" configuration file. libgssapi versions prior to 0.6-13.17 are affected. Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html

• 07.43.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun StorEdge 3510 FC Array FTP Service Denial of Service
• Description: Sun StorEdge 3510 FC Array is a storage device offered by Sun Microsystems. The application is exposed to a denial of service issue that stems from an unspecified error in the FTP service. Sun StorEdge 3510 FC Array with firmware version 4.21 is affected.
• Ref: http://www.securityfocus.com/bid/26086

• 07.43.30 - CVE: Not Available
• Platform: Cross Platform
• Title: Distributed Checksum Clearinghouse SOCKS Unspecified Denial of Service
• Description: Distributed Checksum Clearinghouse (DCC) is an antispam content filter. The application is exposed to an unspecified denial of service issue that occurs in the mechanisms that handle SOCKS connections. DCC version 1.3.65 is affected.
• Ref: http://www.rhyolite.com/anti-spam/dcc/CHANGES

• 07.43.31 - CVE: CVE-2007-4343
• Platform: Cross Platform
• Title: IrfanView .PAL Importing Remote Stack Based Buffer Overflow
• Description: IrfanView is an image viewer that supports multiple file formats. The application is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied input before copying it into an insufficiently sized memory buffer. IrfanView version 4.00 is affected.
• Ref: http://secunia.com/secunia_research/2007-71/advisory/

• 07.43.32 - CVE: Not Available
• Platform: Cross Platform
• Title: TIBCO SmartPGM FX Multiple Remote Vulnerabilities
• Description: SmartPGM FX is a content distribution application developed by TIBCO. The application is exposed to multiple remote issues including four unspecified stack-based buffer overflow issues, unspecified format string issue, and an unspecified denial of service issue.
• Ref: http://www.irmplc.com/index.php/111-Vendor-Alerts#TIBCO

• 07.43.33 - CVE: CVE-2007-3102
• Platform: Cross Platform
• Title: OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
• Description: OpenSSH is a free implementation of the Secure Shell protocol suite. It is available for various operating systems. The application is exposed to a remote audit log injection weakness. The issue presents itself due to an error in the "linux_audit_record_event" function, which fails to properly sanitize user-supplied data in the "username" parameter. OpenSSH version 4.3p2 is affected.
• Ref: http://www.securityfocus.com/bid/26097

• 07.43.34 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera Web Browser External Applications Arbitrary Code Execution
• Description: Opera Web Browser is a web browser available for multiple operating systems. The application is exposed to an arbitrary code execution issue. This issue occurs when Opera has been configured to use an external news reader or email client. Specially-crafted web pages can cause these external applications to run incorrectly in conjunction with Opera. Opera for Desktop versions prior to 9.24 are affected.
• Ref: http://www.opera.com/support/search/view/866/

• 07.43.35 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera Web Browser Frame Functions Same Origin Policy Bypass
• Description: Opera Web Browser is a web browser available for multiple operating platforms. The browser is exposed to an issue that lets attackers bypass the same-origin policy when content from different web domains is accessed via frames. Opera for Desktop versions prior to 9.24 are affected.
• Ref: http://www.opera.com/support/search/view/867/

• 07.43.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
• Description: Cisco Unified Communications Manager (previously known as Unified CallManager), is the call-processing component of the Cisco Unified Communications System. The application is exposed to two remote issues. The first issue is a denial of service when the software attempts to handle numerous UDP-based SIP INVITE messages. The second issue is a buffer overflow issue in the Centralized TFTP File Locator Service. Cisco Unified Communications Manager versions in the 5 and 6 series prior to 6.0(1) are affected.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml

• 07.43.37 - CVE: Not Available
• Platform: Cross Platform
• Title: Cisco Unified Communications Management Applications Privilege Escalation
• Description: Cisco Unified ICME (Intelligent Contact Management Enterprise), Unified ICM Hosted, UCCE (Unified Contact Center Enterprise), UCCH (Unified Contact Center Hosted), and SCCE (System Unified Unified Contact Center Enterprise) are included in a suite of intelligent routing and call treatment platforms used to blend multiple channels of communication. These applications are exposed to a privilege escalation issue.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml

• 07.43.38 - CVE: Not Available
• Platform: Cross Platform
• Title: Oracle TNS Listener GIOP Service Remote Denial of Service and Information Disclosure
• Description: The TNS Listener is a service that connects the Oracle database server and client applications. The TNS Listener is exposed to an issue that allows remote attackers to deny connections to legitimate users. It could also allow memory content to be exposed. It is caused by insufficient checks on GIOP (General Inter-ORB Protocol) "connect" packets. Oracle 8.1.7.4, Oracle 10g Release 2 and 1, and Oracle 9 are affected.
• Ref: http://www.securityfocus.com/archive/1/482423

• 07.43.39 - CVE: Not Available
• Platform: Cross Platform
• Title: Oracle XML DB FTP Service Login Audit
• Description: Oracle XML DB is a feature of the Oracle Database. It may be accessed in several ways, including via an internal FTP service. The application is exposed to an incorrect login audit trail which may be used to hide or obfuscate actual attack traces. Oracle versions Oracle 9ir2 and Oracle 10g Release 1 are affected. Ref: http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/

• 07.43.40 - CVE: Not Available
• Platform: Cross Platform
• Title: Oracle Database Remote Denial of Service
• Description: Oracle Database is exposed to a remote denial of service issue. This issue may be exploited by remote attackers prior to authentication. This issue occurs during protocol negotiation. Successfully exploiting this issue allows attackers to consume excessive CPU resources, denying service to legitimate users. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

• 07.43.41 - CVE: Not Available
• Platform: Cross Platform
• Title: Cisco Firewall Services Module Multiple Denial of Service and ACL Corruption Vulnerabilities
• Description: Cisco Firewall Services Module (FWSM) is an integrated firewall module for some models of Cisco networking equipment. The application is exposed to multiple issues. Cisco FWSM version 3.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/482436

• 07.43.42 - CVE: Not Available
• Platform: Cross Platform
• Title: Miranda Multiple Buffer Overflow Vulnerabilities
• Description: Miranda is an open-source instant messenger for Windows, which supports many different protocols including AIM, Gadu-Gadu, IAX, ICQ, IRC, Jabber, MSN, Yahoo. The application is exposed to multiple unspecified buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Miranda versions prior to 0.7.1 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=547866&group_id=94142

• 07.43.43 - CVE: CVE-2007-5334, CVE-2007-5337, CVE-2007-5338,CVE-2007-5339, CVE-2007-5340
• Platform: Cross Platform
• Title: Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
• Description: The Mozilla Foundation has released multiple advisories regarding security vulnerabilities in Firefox Version 2.0.0.7 and earlier. Exploiting these issues can allow attackers to execute arbitrary code remotely, cause denial of service conditions, obfuscate content, obtain access to sensitive information and compromise the browser. Other attacks are possible.
• Ref: http://www.mozilla.org/security/announce/2007/mfsa2007-29.html

• 07.43.44 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM DB2 Universal Database Authentication Unspecified
• Description: IBM DB2 Universal Database Server is a database server designed to run on various platforms including Linux, AIX, Solaris, and Microsoft Windows. The application is exposed to an unspecified issue that occurs in the authentication process. IBM DB2 Universal Database version 9.1 is affected.
• Ref: http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21283031

• 07.43.45 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Stringbeans Portal Projects Script Cross-Site Scripting
• Description: Stringbeans Portal is an ASP-based web application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "project_name" parameter of the "/portal/projects" script. Stringbeans Portal version 3.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/482303

• 07.43.46 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WWWIsis Lang Parameter Cross-Site Scripting
• Description: WWWIsis provides a web interface for accessing ISIS databases. It will run on most Unix and Linux variants, as well as Microsoft Windows systems. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "lang" parameter.
• Ref: http://www.securityfocus.com/archive/1/482356

• 07.43.47 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 Error Page Cross- Site Scripting
• Description: Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 is a Virtual Private Network (VPN) router. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "err" parameter in the error page.
• Ref: http://www.securityfocus.com/bid/26073

• 07.43.48 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: InnovaShop Multiple Cross-Site Scripting Vulnerabilities
• Description: InnovaShop is a web-based shopping-cart application implemented in JavaScript. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied data to the "msg" parameter of "msg.jsp" and the "contentid" parameter of "home001.jsp".
• Ref: http://www.securityfocus.com/archive/1/482302

• 07.43.49 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WebMod AUTH.W Cross-Site Scripting
• Description: WebMod is a multithreaded HTTP server available for Windows and Linux operating systems. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "redir" parameter of the "auth.w" script. WebMod version 0.48 is affected.
• Ref: http://www.securityfocus.com/bid/26087

• 07.43.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: mnoGoSearch T Parameter Cross-Site Scripting
• Description: mnoGoSearch is multi-platform web search engine software for Intranet and Internet servers. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "t" parameter of the "search.cgi" script in the "search.htm-dist" default template. mnoGoSearch version 3.2.43 is affected.
• Ref: http://www.mnogosearch.org/doc/msearch-changelog.html

• 07.43.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Alacate-Lucent OmniVista 4760 Multiple Cross-Site Scripting Vulnerabilities
• Description: OmniVista 4760 is a suite of network management applications. The application is exposed to multiple cross-site scripting issues because the application fails to sufficiently sanitize user-supplied input to the following scripts and parameters: "Webclient.php: action" and "index.php: Langue".
• Ref: http://www1.alcatel-lucent.com/psirt/statements/2007003/4760xss.htm

• 07.43.52 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: KwsPHP MG2 Module SQL Injection
• Description: KwsPHP is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "album" parameter of the "mg2" module before using it in an SQL query. KwsPHP version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/26083

• 07.43.53 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: KwsPHP Newsletter Module SQL Injection
• Description: KwsPHP is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsletter" parameter of the "newsletter" module before using it in an SQL query. KwsPHP version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/26051

• 07.43.54 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Softbiz Recipes Portal Searchresult.PHP SQL Injection
• Description: Softbiz Recipes Portal is a web-based forum application for discussing recipes. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sbcat_id" parameter of the "searchresult.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/26063

• 07.43.55 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Okul Otomasyon Portal Default.ASP SQL Injection
• Description: Okul Otomasyon Portal is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "default.asp" script file before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/26094

• 07.43.56 - CVE: CVE-2007-5488
• Platform: Web Application - SQL Injection
• Title: Asterisk Asterisk-Addons CDR_ADDON_MYSQL Module SQL Injection
• Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "source" and "destination" numbers for a call in the "cdr_addon_mysql" module before using it in an SQL query. Asterisk-Addons versions prior to 1.2.8 that are used with Asterisk Open Source 1.2.x, and Asterisk-Addons versions prior to 1.4.4 that are used with Asterisk Open Source 1.4.x are affected.
• Ref: http://downloads.digium.com/pub/security/AST-2007-023.html

• 07.43.57 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Oracle interMedia Multiple SQL Injection Vulnerabilities
• Description: Oracle interMedia is a product that allows users to store multimedia in an Oracle Database. The product has been renamed to Oracle Multimedia. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input before using it in SQL queries. Ref: http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/

• 07.43.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Oracle Workspace Manager LT Package SQL Injection
• Description: Oracle Workspace Manager is a workspace virtualization manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. This issue affects the "LT" package when the "FINDRICSET" procedure calls "FINDRISCET" in the "LTRIC" package. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

• 07.43.59 - CVE: Not Available
• Platform: Web Application
• Title: doop Index.php Local File Include
• Description: doop is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. Specifically, the application fails to properly sanitize directory-traversal strings ("../"). doop version 1.3.7 is affected.
• Ref: http://www.securityfocus.com/bid/26075

• 07.43.60 - CVE: Not Available
• Platform: Web Application
• Title: dotProject Companies Module Security Bypass
• Description: dotProject is a web-based project management application. The application is exposed to an issue that allows attackers to access a restricted module of the application. This issue occurs because the application fails to check privileges within the "Companies" module. dotProject versions prior to 2.1 are affected. Ref: http://sourceforge.net/project/showfiles.php?group_id=21656&package_id=30225&release_id=546754

• 07.43.61 - CVE: Not Available
• Platform: Web Application
• Title: NSSBoard Multiple HTML Injection Vulnerabilities
• Description: NSSBoard (formerly known as Simple PHP Forum) is a web-based forum and bulletin board application. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input. Specifically, it fails to sanitize user-supplied input in two instances: If "BBcode" is disabled, the application does not sanitize user-supplied HTML tags; and if User profile information, specifically the "user", "email" and "Real name" parameters, are not sanitized. NSSBoard version 0.6.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/482312

• 07.43.62 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! Com_Colorlab Component MosConfig_Live_Site Remote File Include
• Description: Joomla! Com_Colorlab is a PHP-based flash component for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_live_site" parameter of the "admin.color.php" script.
• Ref: http://www.securityfocus.com/bid/26059

• 07.43.63 - CVE: Not Available
• Platform: Web Application
• Title: PHP File Sharing System Index.PHP Directory Traversal
• Description: PHP File Sharing System is a web-based application to manage a system's files remotely. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Specifically, input to the "cam" parameter of "index.php" is not properly sanitized of directory traversal strings ("../"). PHP File Sharing System version 1.5.1 is affected.
• Ref: http://www.securityfocus.com/bid/26065

• 07.43.64 - CVE: Not Available
• Platform: Web Application
• Title: Live for Speed Skin Name Buffer Overflow
• Description: Live for Speed is an online racing simulator. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when information about a new client is sent to the server, and subsequently all currently connected clients. Specifically, the "skin name" field is relayed to all other players.
• Ref: http://www.securityfocus.com/bid/26066

• 07.43.65 - CVE: Not Available
• Platform: Web Application
• Title: VirtueMart Unspecified Arbitrary PHP Code Execution
• Description: VirtueMart is a web-based shopping application. The application is exposed to an issue that lets attackers execute arbitrary PHP code because it fails to properly sanitize user-supplied input to an unspecified parameter. VirtueMart and VirtueMart Joomla! eCommerce Edition versions prior to 1.0.13 are affected. Ref: http://virtuemart.net/index.php?option=com_content&task=view&id=260&Itemid=57

• 07.43.66 - CVE: Not Available
• Platform: Web Application
• Title: Artmedic CMS Index.PHP Local File Include
• Description: Artmedic CMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. Artmedic CMS version 3.5 is affected.
• Ref: http://www.securityfocus.com/bid/26090

• 07.43.67 - CVE: Not Available
• Platform: Web Application
• Title: Ruby on Rails Multiple Vulnerabilities
• Description: Ruby on Rails is a freely available web application framework implemented in the Ruby programming language. The application is exposed to multiple issues: a session-fixation issue that potentially allows the attacker to hijack sessions and gain unauthorized access to the affected application and an unspecified issue in the XML parser that may allow attackers to cause denial of service conditions, or disclose the contents of arbitrary files by submitting specially crafted requests. Ruby on Rails versions 1.2.3 and earlier are affected. Ref: http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release

• 07.43.68 - CVE: Not Available
• Platform: Web Application
• Title: RunCMS NewBB_Plus Unspecified Security
• Description: RunCMS is a PHP-based content manager. The application is exposed to an unspecified security issue that exists in newbb_plus. RunCMS versions prior to 1.5.3 are affected.
• Ref: http://www.securityfocus.com/bid/26099

• 07.43.69 - CVE: Not Available
• Platform: Web Application
• Title: LimeSurvey CLASSES/CORE/LANGUAGE.PHP ROOTDIR Parameter Remote File Include
• Description: LimeSurvey is an open-source survey application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "rootdir" parameter of the "classes/core/language.php" script. LimeSurvey version 1.52 is affected.
• Ref: http://www.securityfocus.com/bid/26110

• 07.43.70 - CVE: Not Available
• Platform: Web Application
• Title: PHPDJ DJ/DJPAGE.PHP PAGE Parameter Remote File Include
• Description: PHPDJ is an open-source DJ management application for radio owners. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "dj/djpage.php" script. PHPDJ version 0.5 Beta is affected.
• Ref: http://www.securityfocus.com/bid/26112

• 07.43.71 - CVE: Not Available
• Platform: Web Application
• Title: awzMB Multiple Remote File Include Vulnerabilities
• Description: awzMB is a PHP-based web application that includes guestbook, blog, and contact form features. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "Setting[OPT_includepath]" parameter. awzMB version 4.2 beta 1 is affected.
• Ref: http://www.securityfocus.com/bid/26116

• 07.43.72 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Weblinks Multiple Unspecified HTML Injection Vulnerabilities
• Description: Drupal Weblinks is a Drupal module for posting weblinks onto a web site. The application is exposed to multiple unspecified HTML injection issues because the application fails to properly sanitize user-supplied input.
• Ref: http://drupal.org/node/184323

• 07.43.73 - CVE: CVE-2007-5491, CVE-2007-5492
• Platform: Web Application
• Title: SiteBar Multiple Input Validation Vulnerabilities
• Description: SiteBar is a bookmark managing application. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. SiteBar versions 3.3.8 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/482499

• 07.43.74 - CVE: CVE-2007-5472
• Platform: Web Application
• Title: Computer Associates Host-Based Intrusion Prevention System Server HTML Injection
• Description: Computer Associates Host-Based Intrusion Prevention System (CA HIPS) Server is an application that combines a firewall, intrusion detection and intrusion revention protection. The application is exposed to an HTML injection issue because the application does not properly sanitize data from certain requests and events logged by the server before displaying it in dynamically generated content. CA HIPS versions prior to 8.0.0.93 are affected. Ref: http://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp

• 07.43.75 - CVE: Not Available
• Platform: Network Device
• Title: Cisco PIX and ASA Appliances MGCP and TLS Packets Denial of Service Vulnerabilities
• Description: Cisco PIX and ASA Appliances are network devices that provide firewall, intrusion detection, VPN, and secure connectivity services. These appliances are exposed to multiple denial of service issues.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml

• 07.43.76 - CVE: Not Available
• Platform: Network Device
• Title: Nortel CS1000 ELAN Remote Denial of Service
• Description: Nortel CS1000 is an enterprise IP phone system. The application is exposed to a remote denial of service issue that stems from an unspecified error in processing packets sent to the ELAN (Embedded LAN) interface of the Signaling Server. Nortel Enterprise version VoIP-Core-CS 1000E, 1000M Chassis/Cabinet, 1000S and Nortel Meridian-Core-Option 11C - Cabinet, 11C - Chassis, 51C, 61C, 81C are affected.
• Ref: http://www.securityfocus.com/bid/26113

• 07.43.77 - CVE: Not Available
• Platform: Network Device
• Title: Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow
• Description: Nortel Networks UNIStim IP Softphone is a VoIP soft phone application for Microsoft Windows systems. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer.
• Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655203

• 07.43.78 - CVE: Not Available
• Platform: Network Device
• Title: Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop
• Description: Nortel Networks UNIStim is a proprietary VoIP protocol used on several IP telephony products. The affected devices are exposed to a remote issue that may allow eavesdropping. This issue occurs when an attacker sends spoofed "Open Audio Stream" datagram messages to a vulnerable device. If the "ID" of the message matches the "ID" between the signaling server and the IP phone handset, an audio stream is opened.
• Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714

• 07.43.79 - CVE: Not Available
• Platform: Network Device
• Title: Nortel IP Phones UNIStim Messages Denial of Service
• Description: Nortel IP Phones are exposed to a denial of service issue because the devices fail to handle specially crafted IP packets. IP Phones that are affected include: IP Phone 1140E, IP Softphone 2050, IP Audio Conf Phone 2033, IP Phone 1100 series, IP Phone 200x, Mobile Voice Client 2050 and WLAN Handset 2210, 2211, 2212, 6120, 6140.
• Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654715

• 07.43.80 - CVE: Not Available
• Platform: Network Device
• Title: Nortel UNIStim IP Phone Remote Denial of Service
• Description: Nortel UNIStim IP Phone products are prone to a remote denial of service vulnerability. This issue is due to a failure of the software to properly handle unexpected network datagrams. Specifically, by sending crafted network resume messages to signaling servers, attackers may force servers and clients to become desynchronized. By sending repeated packets, affected devices will fail to successfully register with their service provider, denying further phone service.
• Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.