Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 10
March 5, 2009

SANS Newsletters Home

Firefox, Thunderbird, Opera, Novell eDirectory and a widely-used C library are all on the "critical list" this week. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 9 (#5, #7, #8)
    • Linux
    • 4
    • Novell
    • 1 (#4)
    • Cross Platform
    • 21 (#1, #2, #3, #6)
    • Web Application - Cross Site Scripting
    • 4
    • Web Application - SQL Injection
    • 8
    • Web Application
    • 21

************** SPONSORED BY THE SANS THOUGHT LEADERSHIP SERIES ********

Check out the latest interviews in the SANS Thought Leadership series: http://www.sans.edu/resources/securitylab/41/ John Pirc, IBM, ISS Product Line & Services Executive: Security and Intelligent Network Leigh Purdie, InterSect Alliance, co-founder of Snare: Evolution of log analysis Bill Worley, Chief Technology Officer, Secure64 Software Corporation

*************************************************************************

TRAINING UPDATE - - Phoenix 3/23-3/30 (5 courses) http://www.sans.org/phoenix09/ - - Washington DC (Tyson's Corner) 4/14-4/22 (5 long courses and 8 short courses) http://www.sans.org/tysonscorner09/event.php - - Log Management Summit in Washington 4/5-4/7 http://www.sans.org/logmgtsummit09/ - - Plus Calgary, New Orleans, San Diego and more... - - Looking for training in your own Community? http://sans.org/community/ For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

****************************** Sponsored Link: **************************

1) Listen to industry leaders discuss issues and solutions - Penetration Testing and Ethical Hacking Summit June 1-2 http://www.sans.org/info/39783

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Mozilla Products Multiple Vulnerabilities
  • Affected:
    • Mozilla Firefox versions 3.0.7 and prior
    • Mozilla Thunderbird versions 2.0.0.18 and prior
    • Mozilla SeaMonkey versions 1.1.14 and prior

  • Description: Products based on the Mozilla codebase, including the Mozilla Firefox web browser, contain multiple vulnerabilities in their handing of a variety of inputs. A specially crafted web page or script could trigger one of these vulnerabilities, leading to a variety of exploit conditions. Most severely, a specially crafted web page could result in memory corruption leading to arbitrary code execution with the privileges of the current user. Attackers could also exploit the errors in the PNG library, used by the vulnerable browser, to execute arbitrary code or crash the browser. There is also a same-origin error which can be used to read sensitive information. Technical details for these vulnerabilities is publicly available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) CRITICAL: Opera Web Browser Multiple Vulnerabilities
  • Affected:
    • Opera version 9.63 and prior

  • Description: Opera, a popular cross-platform web browser developed by Opera Software Company, has multiple vulnerabilities which can be exploited by attackers to carry out remote code execution, denial-of-service, cross-site scripting attacks. A specially crafted JPEG image file could trigger one of these issues leading to memory corruption. Successful exploitation may allow the attacker to either cause denial-of-service condition or execute arbitrary code in the context of the application. A second unspecified issue related to plug-ins, may be exploited to execute script code in a different domain. There are some unspecified errors of low criticality with no further information. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: libsndfile 'CAF' Processing Integer Overflow Vulnerability
  • Affected:
    • libsndfile version 1.0.18 and prior
    • NullSoft Winamp 5.55 and prior

  • Description: libsndfile, a C library for reading and writing files containing sampled sounds, has an integer overflow vulnerability. Some versions of NullSoft Winamp which uses the vulnerable libsndfile code is also affected by this vulnerability. A specially crafted Core Audio Format (CAF) file could be used to trigger this vulnerability, caused mainly due to inadequate boundary checks by libsndfile while processing these CAF files. Successful exploitation can be leveraged by an attacker to execute arbitrary code in the context of the application using the library. Technical details for this vulnerability is publicly available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) CRITICAL: Novell eDirectory Management Console Accept-Language Buffer Overflow Vulnerability
  • Affected:
    • Novell eDirectory 8.7.3 SP10b
    • Novell eDirectory 8.7.3 SP10 FTF1
    • Novell eDirectory 8.7.3 sp10
    • Novell eDirectory 8.7.3 9
    • Novell eDirectory 8.7.3 10
    • Novell eDirectory 8.7.3 .8 pre-SP9
    • Novell eDirectory 8.7.3 .8
    • Novell eDirectory 8.7.3
    • Novell eDirectory 8.8 SP4
    • Novell eDirectory 8.8 SP3
    • Novell eDirectory 8.8 SP2
    • Novell eDirectory 8.8 SP1
    • Novell eDirectory 8.8

  • Description: Novell eDirectory, a product by Novell, Inc is used for central managing access to resources on multiple servers and computers. The iMonitor component of Novell eDirectory has a buffer overflow vulnerability caused due to inadequate boundary checks on incoming HTTP requests. A specially crafted HTTP request with malformed "Accept-Language" headers could trigger this vulnerability. Successfully exploiting this vulnerability could allow the attackers to execute arbitrary code with system or root privileges. And unsuccessful attempts can lead to a Denial-of-Service condition. Note that as of now a partial update from the vendor is available. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, partial updates available.

  • References:
  • (5) HIGH: NovaStor NovaNET 'DtbClsLogin()' Buffer Overflow Vulnerability
  • Affected:
    • NovaStor NovaNET version 12 and possibly prior

  • Description: NovaNET, a professional network backup from NovaStor, is prone to a buffer overflow vulnerability caused due to errors in 'DtbClsLogin()' function. A specially crafted request with overly long username can trigger this vulnerability during authentication to a NovaNET domain. Successful exploitation can lead to arbitrary code execution on a Linux system and a crash on a Windows system. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (6) HIGH: Fujitsu Jasmine2000 Enterprise Edition WebLink Multiple Vulnerabilities
  • Affected:
    • Fujitsu Jasmine2000 Enterprise Edition 0

  • Description: Fujitsu Jasmine2000 Enterprise Edition is prone to multiple vulnerabilities which can be leveraged to cause a denial-of-service, execute arbitrary code or carry out cross-site scripting attacks. By gaining access to a Jasmine Weblink managed website in a particular way, attackers are in a position to cause a buffer to overflow. Successful exploitation may lead to arbitrary code execution or denial of service condition. There is another unspecified error which can be used to inject HTML and script code via cross-site scripting attacks. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) MODERATE: Media Commands Playlist Processing Buffer Overflow Vulnerability
  • Affected:
    • Media Commands version 1.0 and prior

  • Description: Media Commands, a media player for synchronizing and playing media files simultaneously in real time, is prone to a buffer overflow vulnerability. The issue is due to a boundary error while processing playlist files e.g. "m3u", and hence a specially crafted playlist file can be used to trigger this vulnerability. Successful Exploitation can lead to either arbitrary code execution with the privileges of the user running the application or a denial-of-service condition. User interaction is required in that the user has to open the malicious playlist file. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (8) MODERATE: BreakPoint Software Hex Workshop '.hex' Processing Buffer Overflow Vulnerability
  • Affected:
    • BreakPoint Software Hex Workshop 6.0.1.4603 and prior

  • Description: Hex Workshop is a Hex Editor by BreakPoint Software for the Windows platorm. It has a buffer overflow vulnerability due to a boundary error while processing '.hex' files. A specially crafted '.hex' file could be used by an attacker to trigger this vulnerability. Successful exploitation may allow the attacker to execute arbitrary code with the privileges of the logged on user, or to cause a denial-of-service condition. User interaction is needed where the victim has to open the malicious file with the vulnerable application. Technical details are available in the form of a PoC.

  • Status: Vendor confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 10, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 6599 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.10.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sopcast SopCore "SetExternalPlayer()" ActiveX Control Remote Code Execution
  • Description: Sopcast SopCore is an ActiveX control included in SopPlayer. The application is exposed to a remote code execution issue that occurs in the "SetExternalPlayer()" method of the ActiveX control identified by CLSID: 8FEFF364-6A5F-4966-A917-A3AC28411659. Attackers can assign an arbitrary executable application without confirmation.
  • Ref: http://www.securityfocus.com/archive/1/501252
  • 09.10.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: POP Peeper UIDL Remote Buffer Overflow
  • Description: POP Peeper is an email notifier application for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. POP Peeper version 3.4.0.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501317
  • 09.10.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BreakPoint Software Hex Workshop ".hex" File Handling Buffer Overflow
  • Description: Hex Workshop is a hex editor for the Microsoft Windows platform. Hex Workshop is exposed to a buffer overflow issue because it fails to adequately validate user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when the application processes specially crafted ".hex" files. Hex Workshop version 6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501300
  • 09.10.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Internet Download Manager Language File Parsing Buffer Overflow
  • Description: Internet Download Manager (IDM) is an application designed to increase the speed of downloading files from remote sites. It runs on Microsoft Windows. IDM is exposed to a buffer overflow issue because it fails to sufficiently sanitize user-supplied input. The issue occurs when handling an excessively long "Toolbar" name in a specially crafted language file. Internet Download Manager version 5.15 Build 3 is affected.
  • Ref: http://securityreason.com/wlb_show/WLB-2009020053
  • 09.10.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: iDefense COMRaider Active X Control "write()" Arbitrary File Overwrite
  • Description: iDefense COMRaider is an ActiveX fuzzing utility. The application is exposed to an issue that allows attackers to overwrite arbitrary local files. Specifically, the "write()" method of the "VbDevKit.dll" ActiveX control will overwrite files in an insecure manner.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.10.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NovaStor NovaNET "DtbClsLogin()" Remote Stack Buffer Overflow
  • Description: NovaStor NovaNET is a backup-and-recovery solution available for various platforms. The application is exposed to a stack-based buffer overflow issue. Specifically, the issue occurs in the "DtbClsLogin()" function in the "nnwindtb.dll" file on Windows systems and in the "libnnlindtb.so" file on Linux systems. NovaNET version 12 is affected. Ref: http://www.insight-tech.org/index.php?p=NovaNET-12-Remote-Buffer-Oveflow
  • 09.10.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
  • Description: Media Commands is a media player for Microsoft Windows. The application is exposed to multiple heap-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. These issues occur when the application opens malformed ".m3u", ".m3l", ".txt" and ".lrc" files. Media Commands version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33958
  • 09.10.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VUPlayer ".CUE" File Buffer Overflow
  • Description: VUPlayer is a media player for Microsoft Windows. VUPlayer is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue occurs when parsing a specially crafted ".cue" metadata file. VUPlayer version 2.49 is affected.
  • Ref: http://www.securityfocus.com/bid/33960
  • 09.10.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EFS Software Easy Chat Server "registresult.htm" Authentication Bypass
  • Description: EFS Software Easy Chat Server is a web-based chat application for Microsoft Windows. The application is exposed to an authentication bypass issue because it fails to perform adequate authentication checks. Easy Chat Server version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33967
  • 09.10.10 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Audit System "audit_syscall_entry()" System Call Security Bypass
  • Description: The Linux kernel is exposed to a local security bypass issue when running as a 64-bit aware kernel. This issue affects the Linux Audit System, which is used to log a configurable set of events, including system calls. A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.
  • Ref: http://scary.beasts.org/security/CESA-2009-001.html
  • 09.10.11 - CVE: CVE-2009-0028
  • Platform: Linux
  • Title: Linux Kernel Cloned Process "CLONE_PARENT" Local Origin Validation Weakness
  • Description: The Linux kernel supports a "clone()" function used to create child processes. This function allows the calling process to define a signal that will be sent to the parent process when the child process terminates. To exploit this issue, attackers must have access to a privileged process that will create child processes for attacker-supplied executables. Linux kernel version 2.6.28 is affected.
  • Ref: http://scary.beasts.org/security/CESA-2009-002.html
  • 09.10.12 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "seccomp" System Call Security Bypass
  • Description: The Linux kernel is exposed to a local security bypass issue when running as a 64-bit aware kernel. This issue affects the "seccomp" sandbox mechanism, which can be used to restrict the system calls available to specific userspace processes. A local attacker may be able to make unintended system calls, which may result in an elevation of privileges.
  • Ref: http://scary.beasts.org/security/CESA-2009-001.html
  • 09.10.13 - CVE: CVE-2009-0365, CVE-2009-0578
  • Platform: Linux
  • Title: Ubuntu network-manager-applet Permission Enforcement Multiple Local Vulnrabilities
  • Description: network-manager applet is a network management framework for Ubuntu Linux. network-manager-applet is exposed to multiple local issues because the application fails to properly enforce permissions.
  • Ref: http://www.securityfocus.com/bid/33966
  • 09.10.14 - CVE: Not Available
  • Platform: Novell
  • Title: Novell eDirectory iMonitor "Accept-Language" Request Buffer Overflow
  • Description: Novell eDirectory is software for identity management and security. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Novell eDirectory versions 8.8 SP3 and earlier are affected. Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5042340.html
  • 09.10.15 - CVE: CVE-2009-0620, CVE-2009-0621, CVE-2009-0622,CVE-2009-0623, CVE-2009-0624, CVE-2009-0625
  • Platform: Cross Platform
  • Title: Multiple Cisco ACE Products Multiple Remote Vulnerabilities
  • Description: Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine are load-balancing and application-delivery solutions for data centers. The products are exposed to multiple remote issues. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml
  • 09.10.16 - CVE: CVE-2009-0614
  • Platform: Cross Platform
  • Title: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass
  • Description: Cisco Unified MeetingPlace Web Conferencing is an online meeting application. The application is exposed to an unspecified authentication bypass issue. A remote attacker may exploit this issue by submitting a specially crafted URI to the application. This issue is tracked by Cisco Bug ID CSCsv65815. Unified MeetingPlace Web Conferencing versions 6.0 and 7.0 are affected. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml
  • 09.10.17 - CVE: CVE-2008-5263
  • Platform: Cross Platform
  • Title: ksquirrel-libs "RGBE" File Parsing Multiple Stack Buffer Overflow Vulnerabilities
  • Description: ksquirrel-libs is an image-processing library. The library is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate checks on user-supplied input. Specifically, these issues affect the "mt_codec::getHdrHead()" function of the "kernel/kls_hdr/fmt_codec_hdr.cpp" source file when processing malicious "RGBE" files. ksquirrel-libs version 0.8.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501228
  • 09.10.18 - CVE: CVE-2009-0615, CVE-2009-0616, CVE-2009-0617,CVE-2009-0618
  • Platform: Cross Platform
  • Title: Cisco Application Network Manager and Application Control Engine Multiple Vulnerabilities
  • Description: Cisco Application Network Manager (ANM) provides management for multi-device data centers; Application Control Engine (ACE) Device Manager is a management application for networking gear for data centers. A successful exploit may allow an attacker to obtain sensitive information, view or modify files, cause denial of service conditions, or gain unauthorized access to the affected application. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml#@ID
  • 09.10.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SHOUTcast Server DNAS Relay Remote Buffer Overflow
  • Description: SHOUTcast Server is a streaming audio server for multiple platforms, including Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically this issue occurs when the application is configured to act as a DNAS (Distributed Network Audio Software) relay server. SHOUTcast Server version 1.9.8 for Windows is affected.
  • Ref: http://secunia.com/secunia_research/2008-62/
  • 09.10.20 - CVE: CVE-2009-0507
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Cluster Configuration File Information Disclosure
  • Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. WAS is exposed to an information disclosure issue. Specifically when a user exports the cluster configuration file from the administration console, sensitive information (such as the JMSAPI and mail session data) is included. WAS versions 6.1.2 and 6.2 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27006649
  • 09.10.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari Malformed "feeds:" URI Null Pointer Dereference Remote Denial of Service
  • Description: Apple Safari is a web browser available for multiple operating platforms. The browser is exposed to a denial of service issue that stems from a NULL-pointer dereference. This issue occurs when handling malformed "feeds:" URIs. Apple Safari version 4 Beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/501229
  • 09.10.22 - CVE: CVE-2008-4308
  • Platform: Cross Platform
  • Title: Apache Tomcat POST Data Information Disclosure
  • Description: Apache Tomcat is a Java-based webserver for multiple operating systems. Tomcat is exposed to a remote information disclosure issue. Specifically, attackers may potentially access data from previous POST requests sent to the server.
  • Ref: http://www.securityfocus.com/archive/1/501250
  • 09.10.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Unified MeetingPlace Web Conferencing "E-Mail Address" Field HTML Injection
  • Description: Cisco Unified MeetingPlace Web Conferencing is an online meeting application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "E-Mail Address" field in the application's section for user account settings.
  • Ref: http://www.securityfocus.com/archive/1/501251
  • 09.10.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenSC PKCS#11 Implementation Unauthorized Access
  • Description: OpenSC is an application for managing smart cards; it is available for Linux, Mac OS X, and windows. OpenSC is exposed to an unauthorized access issue that occurs in the OpenSC PKCS#11 implementation. Attackers can exploit this issue to gain unauthorized access to private data. Successfully exploiting this issue may lead to other attacks. OpenSC versions prior to 0.11.7 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1527
  • 09.10.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to multiple security issues. Successful exploits could allow an attacker to cause a denial of service condition. PHP versions 5.2.8 and earlier are affected.
  • Ref: http://www.php.net/releases/5_2_9.php
  • 09.10.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MPFR Library "printf.c" Multiple Buffer Overflow Vulnerabilities
  • Description: The MPFR library is a C library for multiple-precision floating-point computations with correct rounding. The library is exposed to multiple buffer overflow issues because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. These issues occur in the "mpfr_snprintf()" and "mpfr_vsnprintf()" functions in the "printf.c" source file. MPFR versions prior to 2.4.1 are affected.
  • Ref: http://mpfr.loria.fr/mpfr-2.4.1/
  • 09.10.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avahi "avahi-core/server.c" Multicast DNS Denial of Service
  • Description: Avahi is an application for discovering available services on the local network. Avahi is exposed to a denial of service issue because the application fails to handle exceptional conditions. This issue occurs in the "local_legacy_unicast_socket()" function in the "avahi-core/server.c" source file. Avahi version 0.6.23 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683
  • 09.10.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: djbdns Long Response Packet Remote Cache Poisoning
  • Description: djbdns is a Domain Name System (DNS) toolkit. djbns is exposed to a remote DNS cache poising issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability affects the "response_addname()" function of "response.c". djbdns version 1.05 is affected.
  • Ref: http://www.securityfocus.com/bid/33937
  • 09.10.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Multiple Unspecified Vulnerabilities
  • Description: Mozilla Firefox is exposed to multiple unspecified vulnerabilities. The impact of these issues is not known. Firefox versions prior to 3.0.7 Beta are affected.
  • Ref: http://www.securityfocus.com/bid/33939
  • 09.10.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fujitsu Jasmine2000 Enterprise Edition Multiple Remote Vulnerabilities
  • Description: Fujitsu Jasmine2000 Enterprise Edition is exposed to the following issues: 1. An HTML injection vulnerability occurs because the application fails to properly sanitize unspecified user-supplied input before using it in dynamically generated content. 2. A remote denial of service vulnerability affects the application due to an unspecified error. An attacker can exploit this issue to deny access to legitimate users. 3. An unspecified buffer overflow vulnerability exists and may allow remote attackers to execute arbitrary code in the context of the affected application or cause denial of service conditions. Ref: http://www.fujitsu.com/global/support/software/security/products-f/jasmine-200801e.html
  • 09.10.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. Opera is exposed to multiple security issues. Opera 9.64 provides various security enhancements and fixes numerous bugs which may also be security related. Opera versions prior to 9.64 are affected.
  • Ref: http://www.opera.com/support/kb/view/926/
  • 09.10.32 - CVE: CVE-2009-0037
  • Platform: Cross Platform
  • Title: cURL/libcURL HTTP "Location:" Redirect Security Bypass
  • Description: cURL is a utility for transferring files with URL syntax over a number of protocols. As a shared library, libcURL provides this functionality to applications. The application is exposed to a security bypass issue because of an access validation error. This issue occurs when the application handles HTTP "Location:" redirect requests and fails to verify target protocols used in an automatic redirect request. cURL/libcURL 5.11 up to and including 7.19.3 are affected.
  • Ref: http://curl.haxx.se/docs/adv_20090303.html
  • 09.10.33 - CVE: CVE-2009-0186
  • Platform: Cross Platform
  • Title: libsndfile CAF Processing Buffer Overflow
  • Description: The "libsndfile" library is a C library for reading and writing audio files. The library is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue stems from an integer overflow error when processing CAF description chunks. libsndfile version 1.0.18 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501413
  • 09.10.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Nested "window.print()" Denial of Service
  • Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue that occurs when the browser parses a malicious webpage that contains nested "window.print()" JavaScript functions. Firefox version 2.0.0.20 is affected.
  • Ref: http://www.securityfocus.com/bid/33969
  • 09.10.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL XPath Expression Remote Denial of Service
  • Description: MySQL is an open-source SQL database available for multiple operating systems. MySQL is exposed to a remote denial of service issue because it fails to handle certain XPath expressions. MySQL versions prior to 5.1.32 and 6.0.9 and earlier are affected.
  • Ref: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html
  • 09.10.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: JOnAS "select" Parameter Error Page Cross-Site Scripting
  • Description: JOnAS is an open source Java application server. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue affects the "select" parameter of the "ListMBeanDetails.do". When multiple values are passed to the parameter, an error page is generated. JOnAS version 4.10.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501232
  • 09.10.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BitDefender Internet Security 2009 File Name Cross-Site Scripting
  • Description: BitDefender Internet Security 2009 is a security application suite for Microsoft Windows platforms. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the File Name value.
  • Ref: http://www.securityfocus.com/archive/1/501277
  • 09.10.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Yektaweb Academic Web Tools CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: Yektaweb Academic Web Tools CMS is a web-based content management application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Academic Web Tools CMS version 1.5.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501350
  • 09.10.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Blogsa "Widgets.aspx" Cross-Site Scripting
  • Description: Blogsa is an ASP-based blogging application. Blogsa is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "searchText" parameter of the "Widgets.aspx" script. Blogsa version 1.0 Beta 3 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/archive/1/501382
  • 09.10.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo DigiStore Component "pid" Parameter SQL Injection
  • Description: DigiStore an ecommerce component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "com_digistore" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33953
  • 09.10.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PenPal "admin/login.asp" Multiple SQL Injection Vulnerabilities
  • Description: PenPal is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" text boxes when logging in to the application through the "admin/login.asp" script. PenPal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33907
  • 09.10.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Orooj CMS "news.php" SQL Injection
  • Description: Orooj CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "nid" parameter of the "news.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33908
  • 09.10.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Parsi PHP CMS "index.php" SQL Injection
  • Description: Parsi PHP CMS is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Cat" parameter of the "index.php" script before using it in an SQL query. Parsi PHP CMS version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33914
  • 09.10.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BannerManager "default.asp" Multiple SQL Injection Vulnerabilities
  • Description: BannerManager is a PHP-based application for managing online banners. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" text boxes when logging in to the application through the "default.asp" script. BannerManager version 0.81 is affected.
  • Ref: http://www.securityfocus.com/bid/33925
  • 09.10.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple EtoShop Products Login Parameters SQL Injection Vulnerabilities
  • Description: EtoShop produces a number of ASP-based web applications. The applications are exposed to multiple SQL injection issues because they fail to sufficiently sanitize user-supplied data provided to the "username" and "password" form fields of the "admin.asp" script.
  • Ref: http://www.securityfocus.com/bid/33930
  • 09.10.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EZ-Blog "public/view.php" SQL Injection
  • Description: EZ-Blog is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "storyid" parameter of the "public/view.php" script before using it in an SQL query. EZ-Blog Beta version 1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501352
  • 09.10.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Centreon "oreon.php" SQL Injection
  • Description: Centreon (formerly Oreon) is a PHP-based application for monitoring networks. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "p" parameter of the "oreon.php" script before using it in an SQL query. Centreon versions prior to 2 are vulnerable.
  • Ref: http://trac.centreon.com/changeset/7582/trunk/centreon/www/main.php
  • 09.10.48 - CVE: Not Available
  • Platform: Web Application
  • Title: BlogMan Multiple Input Validation Vulnerabilities
  • Description: BlogMan is a weblog application. BlogMan is exposed to multiple input validation issues. A successful exploit may allow an attacker to compromise the application, gain unauthorized access to the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. BlogMan version 0.45 is affected.
  • Ref: http://www.securityfocus.com/bid/33950
  • 09.10.49 - CVE: Not Available
  • Platform: Web Application
  • Title: Graugon PHP Article Publisher SQL Injection and Cookie Authentication Bypass Vulnerabilities
  • Description: Graugon PHP Article Publisher is an article publishing application. The application is exposed to these input validation issue. The attacker can leverage the authentication bypass vulnerability to gain administrative access to the affected application. Graugon PHP Article Publisher version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33952
  • 09.10.50 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Theme System Template File Local File Include
  • Description: Drupal is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input included with the URI before using it to select a template file.
  • Ref: http://drupal.org/node/383724
  • 09.10.51 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple SkyPortal Modules Multiple Authentication Bypass Vulnerabilities
  • Description: Classifieds System, WebLinks and Picture are modules for the SkyPortal content manager. Multiple SkyPortal modules are exposed to multiple authentication bypass issues because the applications fails to restrict access to certain administration scripts. An attacker can exploit these issues to gain unauthorized access to the affected applications.
  • Ref: http://www.securityfocus.com/bid/33911
  • 09.10.52 - CVE: Not Available
  • Platform: Web Application
  • Title: Coppermine Photo Gallery "IMG" BBCode HTML Injection
  • Description: Coppermine Photo Gallery is a web-based photo application. Coppermine Photo Gallery is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, BBCode "IMG" tags are not properly sanitized in new messages. Coppermine Photo Gallery version 1.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33917
  • 09.10.53 - CVE: CVE-2009-0208
  • Platform: Web Application
  • Title: HP Virtual Rooms Client Unspecified Remote Code Execution
  • Description: HP Virtual Rooms client is a web conferencing application. The application is exposed to a remote code execution issue caused by an unspecified error. Successfully exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user running the affected application. Virtual Rooms versions 7.0 and earlier running on Microsoft Windows are affected.
  • Ref: http://www.kb.cert.org/vuls/id/461321
  • 09.10.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Taxonomy Theme Module "Vocabulary name" HTML Injection
  • Description: Taxonomy Theme is a PHP-based component for Drupal. It is used to change the theme of nodes based on taxonomy terms. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Vocabulary name" field, when a new vocabulary is added, before using the input in dynamically generated content. Taxonomy Theme version 5.x-1.1 is affected.
  • Ref: http://www.lampsecurity.org/node/21
  • 09.10.55 - CVE: Not Available
  • Platform: Web Application
  • Title: APC PowerChute Network Shutdown HTTP Response Splitting and Cross Site Scripting Vulnerabilities
  • Description: APC PowerChute Network Shutdown is a software package that will safely shut down computer systems when UPS power starts to fail. APC PowerChute Network Shutdown is exposed to multiple input validation isses affecting the web interface. Ref: http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=9539
  • 09.10.56 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Viewfield Module HTML Injection
  • Description: Viewfield is a PHP-based Drupal component that allows administrators to put views directly into nodes. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Drupal Viewfield version 5.x-1.5 is affected.
  • Ref: http://www.lampsecurity.org/node/20
  • 09.10.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Irokez Blog Multiple Input Validation Vulnerabilities
  • Description: Irokez Blog is a PHP-based blog application. Irokez Blog is exposed to multiple input validation issues. Irokez Blog version 0.7.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33931
  • 09.10.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Demium CMS Multiple Local File Include and SQL Injection Vulnerabilities
  • Description: Demium CMS is a PHP-based content manager. The application is exposed to multiple input-validation issues. The attacker can exploit the local file include vulnerabilities using directory-traversal strings to view and execute arbitrary local files within the context of the web server process. Demium CMS version 0.2.1 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/33933
  • 09.10.59 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Protected node Module "Password page info" HTML Injection
  • Description: Protected node is a PHP-based Drupal component for adding password protection to nodes. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, this affects input to the "Password page info" field when password protection is added to a node. Protected node version 5.x-1.3 is affected.
  • Ref: http://lampsecurity.org/node/28
  • 09.10.60 - CVE: Not Available
  • Platform: Web Application
  • Title: CMME Multiple Unspecified Security Vulnerabilities
  • Description: CMME is a PHP-based content manager. The application is exposed to multiple remote security issues caused by unspecified errors. CMME version 1.19 is affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=215535&release_id=663882
  • 09.10.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Golabi CMS "index_logged.php" Remote File Include
  • Description: Golabi CMS is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cur_module" parameter of the "/templates/default/index_logged.php" script.
  • Ref: http://www.securityfocus.com/bid/33916
  • 09.10.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Afian "includer.php" Directory Traversal
  • Description: Afian is a web-based document sharing application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "files" parameter of the "includer.php" script.
  • Ref: http://www.securityfocus.com/archive/1/501341
  • 09.10.63 - CVE: Not Available
  • Platform: Web Application
  • Title: eXtplorer "include/init.php" Local File Include
  • Description: eXtplorer is a PHP-based file explorer. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "include/init.php" script. eXtplorer 2.0.0 is vulnerable; prior versions may also be affected.
  • Ref: http://www.securityfocus.com/archive/1/501377
  • 09.10.64 - CVE: Not Available
  • Platform: Web Application
  • Title: access2asp "default_Image.asp" Arbitrary File Upload
  • Description: access2asp is a web-based application implemented in ASP. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize file extensions before uploading images onto the web server. access2asp version 4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/33956
  • 09.10.65 - CVE: Not Available
  • Platform: Web Application
  • Title: RitsBlog SQL Injection and HTML Injection Vulnerabilities
  • Description: RitsBlog is a weblog application. The application is exposed to multiple input validation issues. RitsBlog version 0.4.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501383
  • 09.10.66 - CVE: Not Available
  • Platform: Web Application
  • Title: WikyBlog Arbitrary File Upload
  • Description: WikyBlog is a combined wiki and blog application implemented in PHP and MySQL. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize multiple file extensions before uploading files onto the web server. WikyBlog version 1.7.1 is affected.
  • Ref: http://www.wikyblog.com/Help/en/Notes
  • 09.10.67 - CVE: Not Available
  • Platform: Web Application
  • Title: ZABBIX "locales.php" Local File Include and Remote Code Execution
  • Description: ZABBIX is a network monitoring tool available for Unix, Linux, and other Unix-like operating systems. ZABBIX is exposed to these input validation issues that occurs in the front-end web interface. ZABBIX version 1.6.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501400
  • 09.10.68 - CVE: Not Available
  • Platform: Web Application
  • Title: NovaBoard HTML Injection and Cross-Site Scripting Vulnerabilities
  • Description: NovaBoard is a web-based messaging application implemented in PHP. Since it fails to properly sanitize user-supplied input, the application is exposed to multiple input validation issues. NovaBoard version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501439

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS never fails to provide top level training that is worth every penny.
-Tyler Hudak, Yellow Roadway Tech

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU