Summary of Security Items from September 21 through September 27, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
A buffer overflow vulnerability has been reported in 7-Zip, ARJ archive processing, that could let remote malicious users execute arbitrary code. Upgrade to the newest version: Currently we are not aware of any exploits for this vulnerability. | 7-Zip Arbitrary Code Execution | High | Secunia, Advisory: SA16664, September 23, 2005 | |
PowerArchiver 2006 9.5 Beta 4, Beta 5, PowerArchiver 2004 9.25, PowerArchiver 2003 8.60, | A buffer overflow vulnerability has been reported in PowerArchiver, ARJ and ACE archive processing, that could let remote malicious users execute arbitrary code. Upgrade to the newest version: Currently we are not aware of any exploits for this vulnerability. | PowerArchiver Arbitrary Code Execution | High | Secunia Advisory: SA16713 |
A buffer overflow has been reported in FL Studio, FLP file handling, that could let remote malicious users to execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | FL Studio Arbitrary Code Execution | High | Secunia, Advisory: SA16958, September 27, 2005 | |
Handy Address Book Server 1.1 | An input validation vulnerability has been reported in Handy Address Book Server that could let remote malicious users conduct Cross-Site Scripting. Upgrade to version 1.2
href="http://www.handyaddressbook.com/downloads/AHABS12.exe">http://www.handy There is no exploit code required; however, a Proof of Concept exploit script has been published. | Handy Address Book Server Cross-Site Scripting | Medium | Security Tracker, Alert ID: 1014901, September 15, 2005 Security Focus, ID: 14818, September 26, 2005 |
GroupWise 6.5.3 | A vulnerability has been reported in GroupWise that could let local malicious users execute arbitrary code. Upgrade to version 6.5 SP5: Currently we are not aware of any exploits for this vulnerability. | Novell GroupWise Arbitrary Code Execution | High | Security Tracker, Alert ID: 1014977, September 27, 2005 |
| SecureW2 3.0, 3.1.1 | A vulnerability has been reported in SecureW2 that could let remote malicious users to disclose sensitive information. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | SecureW2 Information Disclosure | Medium | Secunia, Advisory: SA16909, September 26, 2005 |
Storage Exec 5.3 rev2190R StorageCentral 5.2 rev322 | A buffer overflow vulnerability has been reported in Storage Exec/ StorageCentral that could let remote malicious users execute arbitrary code. A vendor fix is available: Currently we are not aware of any exploits for this vulnerability. | Storage Exec/ StorageCentral Arbitrary Code Execution | High | Secunia Advisory: SA16871, September 20, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
nslookup.cgi, notify, man-cgi, contribute.pl | Multiple vulnerabilities have been reported: a vulnerability was reported in various perl scripts due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code; and a Directory Traversal vulnerability was reported in 'contribute.cgi' (aka No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Alkalay.Net Multiple Scripts Arbitrary Remote Command Execution & Directory Traversal | High | CIRT-200504 Advisory, September 21, 2005 |
Apache 2.0.x | A vulnerability has been reported in 'modules/ssl Patch available at: OpenPKG: RedHat: Ubuntu: SGI: Debian: Mandriva: Slackware: Trustix: Debian: Gentoo: Avaya: There is no exploit code required. | Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass | Medium | Security Tracker Alert ID: 1014833, September 1, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.017, September 3, 2005 RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005 Ubuntu Security Notice, USN-177-1, September 07, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Debian Security Advisory, DSA 805-1, September 8, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005 Slackware Security Advisory, SSA:2005-251-02, September 9, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 Debian Security Advisory DSA 807-1, September 12, 2005 Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005 Avaya Security Advisory, ASA-2005-204, September 23, 2005 |
Mac OS X Server 10.4-10.4.2, 10.3-10.3.9, Mac OS X 10.4-10.4.2, 10.3-10.3.9 | Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'ImageIO' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in 'Mail.app' when processing auto-reply rules, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in 'Mail.app' when using Kerberos 5 for SMTP authentication, which could let a remote malicious user obtain sensitive information; a vulnerability was reported because 'malloc' creates diagnostic files insecurely when using certain environmental variables to enable debugging of application memory allocation, which could let a malicious user overwrite arbitrary files; a buffer overflow vulnerability was reported in the 'QuickDraw' manager due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the Java extensions that are bundled with Quick Time 6.52 & prior due to a validation error, which could let untrusted applets call arbitrary functions from system libraries; a vulnerability was reported in Ruby, which could let a remote malicious user bypass certain security restrictions; a Cross-Site Scripting vulnerability was reported in Safari when web archives are rendered from a malicious site, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in the 'SecurityAgent' due to an error, which could let a malicious user obtain unauthorized access to a current user's desktop; and a vulnerability was reported in the Authorization Services 'securityd' due to a validation error, which could let a malicious user obtain elevated privileges. Update information available at: Currently we are not aware of any exploits for these vulnerabilities. | High | Apple Security Advisory, LE-SA-2005-09-22, September 22, 2005 | |
Astaro Security Linux 4.0 27 | A remote Denial of Service vulnerability has been reported in the Point-to-Point Tunneling Protocol (PPTP) server due to an unspecified error. Upgrade available at: Currently we are not aware of any exploits for this vulnerability. | Astaro Security Linux PPTP Server Unspecified Remote Denial of Service | Low | Security Focus, Bugtraq ID: 14950, September 27, 2005 |
ClamAV 0.80 -0.86.2, 0.70, 0.65-0.68, 0.60, 0.51-0.54 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'libclamav/upx.c' due to a signedness error, which could let a malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported in 'libclamav/fsg.c' when handling a specially -crafted FSG-compressed executable file.
Upgrades available at: Gentoo: Mandriva: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Currently we are not aware of any exploits for these vulnerabilities. | ClamAV UPX Buffer Overflow & FSG Handling Denial of Service | High | Secunia Advisory: SA16848, September 19, 2005 Gentoo Linux Security Advisory, GLSA 200509-13, September 19, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:166, September 20, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0051, September 23, 2005 |
eric3 prior to 3.7.2 | A vulnerability has been reported due to a "potential security exploit." The impact was not specified
Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | eric3 Unspecified Vulnerability | Not Specified | Security Tracker Alert ID: 1014947, September 21, 2005 |
CUPS 1.1.21, 1.1.22 rc1, 1.1.22 | A remote Denial of Service vulnerability exists when a malicious user submits a specially crafted HTTP GET request. Upgrades available at: Fedora: RedHat: A Proof of Concept exploit has been published. | CUPS HTTP | Low | Security Tracker Alert ID, 1012811, January 7, 2005 Fedora Update Notification, RedHat Security Advisory, RHSA-2005:772-8, September 27, 2005 |
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 | A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information. Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-05.xml"> IPCop: Mandriva: TurboLinux: FreeBSD: OpenPKG: RedHat: SGI: Conectiva: Debian: Sun: Avaya: Sun: Updated Relief/Workaround section. A Proof of Concept exploit has been published. | Medium | Bugtraq, 396397, April 20, 2005 Ubuntu Security Notice, Trustix Secure Linux Security Advisory, Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005 Security Focus,13290, May 11, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005 Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005 FreeBSD OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005 RedHat Security Advisory, SGI Security Advisory, 20050603-01-U, June 23, 2005 Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005 Debian Security Advisory DSA 752-1, July 11, 2005 Sun(sm) Alert Notification Avaya Security Advisory, ASA-2005-172, August 29, 2005 Sun(sm) Alert Notification | |
Mailutils 0.6 | A format string vulnerability has been reported in 'search.c' when processing user-supplied IMAP SEARCH commands, which could let a remote malicious user execute arbitrary code. Patch available at: Gentoo: An exploit script has been published. | GNU Mailutils Format String | High | Security Tracker Alert ID: 1014879, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-10, September 17, 2005 Security Focus, Bugtraq ID: 14794, September 26, 2005 |
gzip 1.2.4, 1.3.3 | A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions. Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-05.xml"> Mandriva: TurboLinux: FreeBSD: RedHat: SGI: Conectiva: Debian: Sun: Avaya: Sun: Updated Relief/Workaround section. There is no exploit code required. | Medium | Security Focus, Ubuntu Security Notice, Trustix Secure Linux Security Advisory, Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:092, Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005 RedHat Security Advisory, SGI Security Advisory, 20050603-01-U, June 23, 2005 Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005 Debian Security Advisory DSA 752-1, July 11, 2005 Sun(sm) Alert Notification Avaya Security Advisory, ASA-2005-172, August 29, 2005 Sun(sm) Alert Notification | |
wget 1.9.1 | A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. Wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window. SUSE: Mandriva: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> RedHat: TurboLinux: Ubuntu: RedHat: A Proof of Concept exploit script has been published. | Medium | Security Tracker Alert ID: 1012472, December 10, 2004 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005 Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 Turbolinux Security Advisory, TLSA-2005-66, June 15, 2005 Ubuntu Security Notice, USN-145-1, June 28, 2005 Ubuntu Security Notice, USN-145-2, September 06, 2005 RedHat Security Advisory, RHSA-2005:771-10, September 27, 2005 | |
Hylafax 4.2.1 | Several vulnerabilities have been reported: a vulnerability was reported in the 'xferfaxstats' script due to the insecure creation of temporary files, which could let a remote malicious user create/overwrite arbitrary files; and a vulnerability was reported because ownership of the UNIX domain socket is not created or verified, which could let a malicious user obtain sensitive information and cause a Denial of Service. No workaround or patch available at time of publishing. There is no exploit code required. | HylaFAX Insecure Temporary File Creation | Medium | Security Focus, Bugtraq ID: 14907, September 22, 2005 |
AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2 | A buffer overflow vulnerability has been reported due to a failure to perform boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code. Update information available at: http://www-1.ibm.com/ Currently we are not aware of any exploits for this vulnerability. | High | IBM Security Advisory, September 28, 2005 | |
UnZip 5.52 | A vulnerability has been reported due to a security weakness when extracting an archive to a world or group writeable directory, which could let a malicious user modify file permissions. Fedora: SCO: There is no exploit code required. | Info-ZIP UnZip File Permission Modification | Medium | Security Focus, 14450, August 2, 2005 Fedora Update Notification, SCO Security Advisory, SCOSA-2005.39, September 28, 2005 |
SqWebMail 5.0.4 | A vulnerability has been reported because the '<script>' tag can be used in HTML comments, which could let a remote malicious user execute arbitrary code when malicious email is viewed. Patch available at: Debian: There is no exploit code required; however, a Proof of Concept exploit has been published. | SqWebMail HTML Email Script Tag Script Injection | Medium | Secunia Advisory: SA16704, September 6, 2005 Debian Security Advisory DSA 820-1, September 24, 2005 |
Interchange 5.2 , 5.0.1 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'pages/forum/ Upgrades available at: There is no exploit code required. | Interchange SQL Injection & ITL Injection | Medium | Secunia Advisory: SA16923, September 23, 2005
|
KDE 3.2.0 up to including 3.4.2 | A vulnerability has been reported in 'kcheckpass.c' due to the insecure creation of the lock file, which could let a malicious user obtain superuser privileges. Patches available at: Mandriva: Ubuntu: Slackware: Debian: Conectiva: There is no exploit code required. | KDE kcheckpass Superuser Privilege Escalation | High | KDE Security Advisory, September 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:160, September 6, 2005 Ubuntu Security Notice, USN-176-1 September 07, 2005 Slackware Security Advisory, SSA:2005-251-01 & 251-03, September 9, 2005 Debian Security Advisory DSA 815-1, September 16, 2005 Conectiva Linux Announcement, CLSA-2005:1011, September 23, 2005 |
KDE 3.0 - 3.4.2 | A vulnerability was reported in 'langen2kvtml' due to the insecure creation of temporary files, which could let malicious user obtain elevated privileges.
Patches available at: Fedora: Fedora: Mandriva: Slackware: Debian: There is no exploit code required. | KDE langen2kvtml Insecure Temporary File Creation | Medium | KDE Security Advisory, August 15, 2005 Fedora Update Notification, Fedora Update Notifications, Mandriva Linux Security Update Advisory, MDKSA-2005:159, September 6, 2005 Slackware Security Advisory, SSA:2005-251-03, September 9, 2005 Debian Security Advisory, DSA 818-1, September 22, 2005 |
lm_sensors 2.9.1 | A vulnerability has been reported in the 'pwmconfig' script due to the insecure creation of temporary files, which could result in a loss of data or a Denial of Service. Ubuntu: Mandriva: Gentoo: Debian: Conectiva: There is no exploit code required. | LM_sensors PWMConfig Insecure Temporary File Creation | Low | Security Focus, Bugtraq ID: 14624, August 22, 2005 Ubuntu Security Notice, USN-172-1, August 23, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:149, August 25, 2005 Gentoo Linux Security Advisory, GLSA 200508-19, August 30, 2005 Debian Security Advisory, DSA 814-1, September 15, 2005 Conectiva Linux Announcement, CLSA-2005:1012, September 23, 2005 |
Linux kernel 2.6.10, 2.6.9; RedHat Fedora Core2&3 | A Denial of Service vulnerability exists in the 'mlockall()' system call due to a failure to properly enforce defined limits.
Fedora: RedHat: Conectiva: RedHat: A Proof of Concept exploit script has been published. | Linux Kernel Local RLIMIT_ | Low | Bugtraq, January 7, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 Conectiva Linux Security Announcement, CLA-2005:930, March 7, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, 2.6.1-2.6.11 | Multiple vulnerabilities have been reported in the ISO9660 handling routines, which could let a malicious user execute arbitrary code. Fedora: Ubuntu: Fedora: RedHat: Conectiva: FedoraLegacy: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | High | Security Focus, Fedora Security Ubuntu Security Notice, USN-103-1, April 1, 2005 Fedora Update Notification RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005 Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 | |
RedHat Enterprise | A Denial of Service vulnerability has been reported in the auditing code. RedHat: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Auditing Code Denial of Service | Low | RedHat Security Advisory, RHSA-2005:420-22, June 8, 2005 RedHat Security Advisory, RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
RedHat Fedora Core4, Core3, Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; | A format string vulnerability has been reported when displaying an invalid-handle error message, which could let a remote malicious user execute arbitrary code. RedHat: Fedora: An exploit script has been published. | RealNetworks RealPlayer & Helix Player Format String | High | RedHat Security Advisory, RHSA-2005:788-3, September 27, 2005 Fedora Update Notifications, |
SuSE Linux Professional | A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code. Patches available at: Ubuntu: SUSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel XFRM Array Index Buffer Overflow | High | Security Focus, 14477, August 5, 2005 Ubuntu Security Notice, USN-169-1, August 19, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
SuSE Linux Professional | An unspecified Denial of Service vulnerability has been reported when stack fault exceptions are triggered. SUSE: Ubuntu: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Stack Fault Exceptions Denial of Service | Low | Security Focus, 14467, August 3, 2005 SUSE Security Announce- Ubuntu Security Notice, USN-187-1, September 25, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
Ubuntu Linux 5.0 4 amd64, 4.1 ia64; | A Denial of Service has been reported in 'ptrace()' due to insufficient validation of memory addresses. Updates available at: Ubuntu: SUSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'ptrace()' Denial of Service | Low | Ubuntu Security Notice, USN-137-1, June 08, 2005 SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux; | A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code. Debian: FreeBSD: Gentoo: SUSE: Ubuntu: Mandriva: OpenBSD: OpenPKG: RedHat: Trustix: Slackware: TurboLinux: Fedora: zsync: Apple: SCO: IPCop: Debian: Trolltech: FedoraLegacy: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Zlib Compression Library Buffer Overflow | High | Debian Security Advisory FreeBSD Security Advisory, Gentoo Linux Security Advisory, GLSA 200507- SUSE Security Announcement, SUSE-SA:2005:039, Ubuntu Security Notice, RedHat Security Advisory, RHSA-2005:569-03, Fedora Update Notifications, Mandriva Linux Security Update Advisory, OpenPKG Trustix Secure Slackware Security Turbolinux Security Fedora Update Notification, FEDORA-2005-565, July 13, 2005 SUSE Security Summary Security Focus, 14162, July 21, 2005 USCERT Vulnerability Note VU#680620, July 22, 2005 Apple Security Update 2005-007, SCO Security Advisory, SCOSA-2005.33, August 19, 2005 Security Focus, Bugtraq ID: 14162, August 26, 2005 Debian Security Advisory, DSA 797-1, September 1, 2005 Security Focus, Bugtraq ID: 14162, September 12, 2005 Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005 Gentoo Linux Security Advisory, GLSA 200509-18, September 26, 2005 |
Gentoo Linux; | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-15.xml"> Ubuntu: http://security.ubuntu.com/ Mandriva: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> TurboLinux: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | High | Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005 Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005 RedHat Security Advisory, RHSA-2005:659-9, September 28, 2005 | |
Linux Kernel | A race condition vulnerability has been reported in ia32 emulation, that could let local malicious users obtain root privileges or create a buffer overflow. Patch Available: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> SUSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Race Condition and Buffer Overflow | High | Security Focus, 14205, July 11, 2005 Trustix Secure Linux Security Advisory, SUSE Security Announce- RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
Linux kernel | A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak. Ubuntu: SuSE:
href=" ftp://ftp.suse.com/pub/suse/"> Fedora: Conectiva: Fedora: RedHat: RedHat: Currently we are not aware of any exploits for this vulnerability. | Low | Ubuntu Security SUSE Security Announce- Fedora Security Conectiva Linux Security Announce- Fedora Update Notification RedHat Security Advisory, RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 | |
Linux kernel
| A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges. Updates available at: SUSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit 'AR-RSC' Register Access | Medium | Security Tracker Alert ID: 1014275, June 23, 2005 SUSE Security Announce- RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
Linux Kernel 2.2, 2.4, 2.6 | Several buffer overflow vulnerabilities exist in 'drivers/char/moxa.c' due to insufficient validation of user-supplied inputs to the 'MoxaDriverloctl(),' ' moxaloadbios(),' moxaloadcode(),' and 'moxaload320b()' functions, which could let a malicious user execute arbitrary code with root privileges. Ubuntu: SUSE: FedoraLegacy: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | High | Security Tracker Alert, 1013273, February 23, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005 Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 | |
Linux Kernel 2.6 - 2.6.10 rc2 | The DRM module in the Linux kernel is susceptible to a local Denial of Service vulnerability. This vulnerability likely results in the corruption of video memory, crashing the X server. Malicious users may be able to modify the video output. Ubuntu: RedHat: FedoraLegacy: RedHat: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel Local DRM Denial of Service | Low | Ubuntu Security Notice USN-38-1 December 14, 2004 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11; | A vulnerability has been reported in the EXT2 filesystem handling code, which could let malicious user obtain sensitive information. Patches available at: Fedora: Trustix: Fedora: RedHat: Conectiva: FedoraLegacy: SUSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | Medium | Security Focus, Trustix Secure Fedora Update Notification RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005 Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005 SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
| |
Linux kernel 2.6.8-2.6.10, 2.4.21 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service. Ubuntu: Trustix: Fedora: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel Buffer Overflow, Information Disclosure, & Denial of Service | High | Secunia Advisory: SA16747, September 9, 2005 Ubuntu Security Notice, USN-178-1, September 09, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
Linux kernel 2.6-2.6.12 .1 | A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu: This issue has been addressed in Linux kernel 2.6.13-rc7. SUSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPSec Policies Authorization Bypass | Medium | Ubuntu Security Notice, USN-169-1, August 19, 2005 Security Focus, Bugtraq ID 14609, August 19, 2005 Security Focus, Bugtraq ID 14609, August 25, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 |
Linux kernel 2.6-2.6.13.1 | A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function. Fixed version (2.6.13.2), available at: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel routing_ioctl() Denial of Service | Low | Security Tracker Alert ID: 1014944, September 21, 2005 Ubuntu Security Notice, USN-187-1, September 25, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel USB Subsystem Denials of Service | Low | Secunia Advisory: SA16969, September 27, 2005 |
XFree86 X11R6 4.3 .0, | A buffer overflow vulnerability has been reported in the pixmap processing code, which could let a malicious user execute arbitrary code and possibly obtain superuser privileges. Gentoo: RedHat: http://rhn.redhat.com/ Ubuntu: Mandriva: Fedora: Trustix: Debian: Sun: SUSE: Slackware: Currently we are not aware of any exploits for this vulnerability. | XFree86 Pixmap Allocation Buffer Overflow | High | Gentoo Linux Security Advisory, GLSA 200509-07, September 12, 2005 RedHat Security Advisory, RHSA-2005:329-12 & RHSA-2005:396-9, September 12 & 13, 2005 Ubuntu Security Notice, USN-182-1, September 12, 2005 Mandriva Security Advisory, MDKSA-2005:164, September 13, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Debian Security Advisory DSA 816-1, September 19, 2005 Sun(sm) Alert Notification SUSE Security Announcement, SUSE-SA:2005:056, September 26, 2005 Slackware Security Advisory, SSA:2005-269-02, September 26, 2005 |
Net-snmp 5.x | A vulnerability has been reported in 'fixproc' due to a failure to securely create temporary files in world writeable locations, which could let a malicious user obtain elevated privileges and possibly execute arbitrary code with ROOT privileges. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-18.xml"> Fedora: RedHat: https://rhn.redhat.com/ There is no exploit code required. | High | Gentoo Linux Security Advisory, GLSA 200505-18, May 23, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:373-23, September 28, 2005 | |
PCRE 6.1, 6.0, 5.0 | A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code. Updates available at: Ubuntu: Ubuntu: Fedora: Gentoo: Mandriva: SUSE: Slackware: Ubuntu: Debian: SUSE: Gentoo: Conectiva: Gentoo: Debian: Gentoo: Debian: Currently we are not aware of any exploits for this vulnerability. | PCRE Regular Expression Heap Overflow | High | Secunia Advisory: SA16502, August 22, 2005 Ubuntu Security Notice, USN-173-1, August 23, 2005 Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005 SUSE Security Announcements, SUSE-SA:2005:048 & 049, August 30, 2005 Slackware Security Advisories, SSA:2005-242-01 & 242-02 , August 31, 2005 Ubuntu Security Notices, USN-173-3, 173-4 August 30 & 31, 2005 Debian Security Advisory, DSA 800-1, September 2, 2005 SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005 Slackware Security Advisory, SSA:2005-251-04, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-08, September 12, 2005 Conectiva Linux Announce-ment, CLSA-2005:1009, September 13, 2005 Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005 Debian Security Advisory, DSA 817-1 & DSA 819-1, September 22 & 23, 2005 Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005 Debian Security Advisory, DSA 821-1, September 28, 2005 |
qpopper 4.0.8 | A vulnerability has been reported in the 'poppassd' setuid-superuser application, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Qpopper Privilege Elevation | Medium | Security Focus, Bugtraq ID: 14944, September 26, 2005 |
RSyslog 1.10 , 0.9.3 -0.9.8 | An SQL injection vulnerability has been reported due to insufficient sanitization of a received syslog message before used in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrades available at: There is no exploit code required. | RSyslog SQL Injection | Medium | Secunia Advisory: SA16947, September 26, 2005 |
PerlDiver 2.31 | A Cross-Site Scripting vulnerability has been reported in 'Perldiver.cgi' due to insufficient sanitization of the 'module' parameter, which could let a remote malicious user execute arbitrary HTML and script code. Upgrade available at: There is no exploit code required; however, Proof of Concept exploits have been published. | PerlDiver Perldiver.CGI Cross-Site Scripting | Medium | EXPL-A-2005-014 exploitlabs.com Advisory 043, September 21, 2005 |
slocate 2.7 | A Denial of Service vulnerability has been reported when a specially crafted directory structure that contains long paths is submitted. Mandriva: TurboLinux: RedHat: There is no exploit code required. | slocate Long Path Denial of Service | Low | Mandriva Linux Security Update Advisory, MDKSA-2005:147, August 22, 2005 Turbolinux Security Advisory, TLSA-2005-91, September 20, 2005 RedHat Security Advisory, RHSA-2005:345-24, September 28, 2005 |
Solaris 10.0, _x86, 9.0, _x86, 8.0, _x86, 7.0, _x86 | A vulnerability has been reported in the Xsun and Xprt commands due to an unspecified error, which could let a malicious user obtain elevated privileges. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris Xsun & Xprt Elevated Privileges | Medium | Sun(sm) Alert Notification Sun Alert ID: 101800, September 26, 2005 |
Solaris 9.0, _x86, 8.0, _x86 | A Denial of Service vulnerability has been reported due to an unspecified error in the UFS (Unix File System). Updates available at: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris UFS Local Denial of Service | Low | Sun(sm) Alert Notification Sun Alert ID: 101940, September 22, 2005 |
Webmin 1.220, 1.210, 1.200; Usermin 1.150, 1.140, 1.130 | A vulnerability has been reported in 'miniserv.pl' due to an input validation error in the authentication process, which could let a remote malicious user bypass certain security restrictions. Webmin: Usermin: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Webmin / Usermin Remote PAM Authentication Bypass | Medium | SNS Advisory No.83, September 20, 2005 Gentoo Linux Security Advisory, GLSA 200509-17, September 24, 2005 |
UnAce 1.0, 1.1, 1.2 b | Several vulnerabilities exist: a buffer overflow vulnerability exists in the ACE archive due to an incorrect 'strncpy()' call, which could let a remote malicious user execute arbitrary code; two other buffer overflow vulnerabilities exist when archive name command line arguments are longer than 15,600 characters and when printing strings are processed, which could let a remote malicious user execute code; and a Directory Traversal vulnerability exists due to improper filename character processing, which could let a remote malicious user obtain sensitive information. Gentoo: SUSE: There is not exploit code required; however, Proof of Concept exploits have been published. | Winace UnAce ACE Archive Remote Directory Traversal & Buffer Overflow | High
| Security Tracker Alert, 1013265, February 23, 2005 SUSE Security Summary Report, SUSE-SR:2005:016, June 17, 2005 |
Ruby 1.6 - 1.6.8, 1.8 - 1.8.2 | A vulnerability has been reported in 'eval.c' due to a flaw in the logic that implements the SAFE level checks, which could let a remote malicious user bypass access restrictions to execute scripting code. Patches available at: Updates available at: There is no exploit code required. | Ruby Safe Level Restrictions Bypass | Medium | Security Tracker Alert ID: 1014948, September 21, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
E-Friends 4.0 | A vulnerability has been reported in 'index.php' due to insufficient verification of the 'mode' parameter, which could let a remote malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | AlstraSoft E-Friends Remote File Include | Medium | Security Focus, Bugtraq ID: 14932, September 24, 2005 |
Barracuda Spam Firewall 3.1.17 firmware | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'IMG.PL' which could let a remote malicious user obtain sensitive information; and a vulnerability was reported when user-supplied commands are submitted to the web interface, which could let a remote malicious user execute arbitrary commands. The vendor has released firmware version 3.1.18 to address this and other issues. Please contact the vendor to obtain the upgrade. A Proof of Concept exploit script has been published. | Barracuda Spam Firewall Remote Directory Traversal & Remote Command Execution | High | Security Focus, Bugtraq ID: 14710 & 14712, September 1, 2005 Security Focus, Bugtraq ID: 14712, September 26, 2005 |
Cisco IOS 12.2ZH & 12.2ZL based trains, | A buffer overflow vulnerability has been reported in the authentication proxy, which could let a remote malicious user cause a Denial of Service or potentially execute arbitrary code. Patch information available at: Rev. 1.1: Added 12.2SG, 12.2SEC, and 12.2SXF releases to Software Version and Fixes table. Rev. 1.2: In Software Versions and Fixes table: 12.2ZH changed to 12.2SH, added 12.2ZF. Currently we are not aware of any exploits for this vulnerability. | Cisco IOS Firewall Authentication Proxy Buffer Overflow | High | Cisco Security Advisory, Document ID: 66269, September 7, 2005 Cisco Security Advisory, Document ID: 66269 Rev 1.1 & 1.2, September 22 & 26, 2005 |
CJ LinkOut 1.0 | A Cross-SIte Scripting vulnerability has been reported in 'Top.PHP' due to insufficient sanitization of the '123' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | CJ LinkOut Cross-Site Scripting | Medium | Secunia Advisory: SA16970, September 27, 2005 |
CJ Tag Board 3.0 | Cross-Site Scripting vulnerabilities have been reported in 'details.php' due to insufficient sanitization of the 'date,' 'time,' 'name,' 'ip,' and 'agent' parameters, and in 'display.php' due to insufficient sanitization of the 'msg' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | CJ Tag Board Multiple Cross-Site Scripting | Medium | Secunia Advisory: SA16966, September 27, 2005 |
CJ Web2Mail 3.0 | Cross-Site Scripting vulnerabilities have been reported in 'thankyou.php' due to insufficient sanitization of the 'name,' 'message,' and 'ip' parameters and in 'web2mail.php' due to insufficient sanitization of the 'emsg' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | CJ Web2Mail Multiple Cross-Site Scripting | Medium | Secunia Advisory: SA16963, September 27, 2005 |
CMS Made Simple 0.10 | Several vulnerabilities have been reported: a vulnerability was reported in the 'admin/lang.php' script due to insufficient authentication, which could let a remote malicious user bypass authentication procedures; and a vulnerability was reported in 'admin/lang.php' due to insufficient verification of the 'nls[file][vx][vxsfx]' parameter, which could let a remote malicious user include arbitrary files. Upgrade available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | CMS Made Simple Authentication Bypass & File Include | High | Secunia Advisory: SA16654, September 1, 2005 Security Focus, Bugtraq ID: 14709, September 26, 2005 |
CMS Made Simple 0.10 | A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | CMS Made Simple Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 14937, September 26, 2005 |
contentServ 3.1 | A vulnerability has been reported in 'admin/about.php' due to insufficient verification of the 'ctsWebsite' parameter before including files, which could let a remote malicious user include arbitrary files. No workaround or patch available at time of publishing. An exploit script has been published. | ContentServ Local File Include | Medium | Security Focus, Bugtraq ID: 14943, September 26, 2005 |
GeSHi 1.0 .0-1.0.7.2 | A Directory Traversal vulnerability has been reported in 'example.php' due to an input validation error, which could let a remote malicious user obtain sensitive information. Updates available at: There is no exploit code required. | GeSHI Directory Traversal | Medium | Security Focus, Bugtraq ID: 14903, September 22, 2005 |
Lotus Domino 6.5.4 | A Cross-Site Scripting vulnerability has been reported due to insufficient validation of data supplied through URI parameters, which could let a remote malicious user execute arbitrary HTML and script code. Upgrade information available at: There is no exploit code required. | IBM Lotus Domino Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 14901, September 22, 2005 |
JPortal Web Portal 2.3.1, 2.2.1 | An SQL injection vulnerability has been reported in 'download.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | JPortal SQL Injection | Medium | Security Focus, Bugtraq ID: 14926, September 23, 2005 |
Land Down Under 801 | An SQL injection vulnerability has been reported due to insufficient sanitization of various scripts passed to the 'Referer' HTTP header, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Land Down Under Remote SQL Injection | Medium | Secunia Advisory: SA16878, September 21, 2005 |
lucidCMS 1.0.11 | A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | LucidCMS Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 14951, September 27, 2005 |
Internet Explorer Macintosh Edition 5.2.3 | A remote Denial of Service vulnerability has been reported when Internet Explorer attempts to render a Web page with malformed content. No workaround or patch available at time of publishing. An exploit script has been published. | Microsoft Internet Explorer for Mac OS Remote Denial of Service | Low | Security Focus, Bugtraq ID: 14899, September 22, 2005 |
Firefox 1.0.6; | A vulnerability has been reported which could let a remote malicious user execute arbitrary commands via shell metacharacters in a URL. Upgrades available at: RedHat: http://rhn.redhat.com/ Ubuntu: Mandriva: Fedora: Slackware: There is no exploit code required; however, a Proof of Concept exploit has been published. | Mozilla Browser/Firefox Arbitrary Command Execution | High | Security Focus Bugtraq ID: 14888, September 21, 2005 Security Focus Bugtraq ID: 14888, September 22, 2005 RedHat Security Advisories, RHSA-2005:785-9 & 789-11, September 22, 2005 Ubuntu Security Notices, USN-USN-186-1 & 186-2, September 23 & 25, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:169, September 26, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 |
Netscape 8.0.3.3, 7.2;
| A buffer overflow vulnerability has been reported due to an error when handling IDN URLs that contain the 0xAD character in the domain name, which could let a remote malicious user execute arbitrary code. Patches available at: RedHat: http://rhn.redhat.com/ Fedora: Ubuntu: Gentoo: Slackware: A Proof of Concept exploit script has been published. | Mozilla/Netscape/ | High | Security Focus, Bugtraq ID: 14784, September 10, 2005 RedHat Security Advisories, 769-8 & RHSA-2005:768-6, September 9, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-181-1, September 12, 2005 Gentoo Linux Security Advisory GLSA 200509-11, September 18, 2005 Security Focus, Bugtraq ID: 14784, September 22, 2005 Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 |
Mozilla Firefox 1.0-1.0.6; Mozilla Browser 1.7-1.7.11 | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when processing malformed XBM images, which could let a remote malicious user execute arbitrary code; a vulnerability has been reported when unicode sequences contain 'zero-width non-joiner' characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported due to a flaw when making XMLHttp requests, which could let a remote malicious user spoof XMLHttpRequest headers; a vulnerability was reported because a remote malicious user can create specially crafted HTML that spoofs XML objects to create an XBL binding to execute arbitrary JavaScript with elevated (chrome) permissions; an integer overflow vulnerability was reported in the JavaScript engine, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a remote malicious user can load privileged 'chrome' pages from an unprivileged 'about:' page, which could lead to unauthorized access; and a window spoofing vulnerability has been reported when a blank 'chrom' canvas is obtained by opening a window from a reference to a closed window, which could let a remote malicious user conduct phishing type attacks. Firefox: Mozilla Browser: RedHat: Ubuntu: Mandriva: Fedora: Slackware: Currently we are not aware of any exploits for this vulnerability. | Mozilla Browser / Firefox Multiple Vulnerabilities CAN-2005-2701 | High | Mozilla Foundation Security Advisory, 2005-58, September 22, 2005 RedHat Security Advisory, RHSA-2005:789-11, September 22, 2005 Ubuntu Security Notices, USN-186-1 & 186-2, September 23 & 25, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:169 & 170, September 26, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 |
Netscape Browser 8.0.3.3; | A remote Denial of Service vulnerability has been reported when a malicious user creates a Proxy Auto-Config (PAC) script that contains a specially crafted eval() statement. Firefox: Mozilla Browser: There is no exploit code required. | Multiple Browser Proxy Auto-Config Scripts Remote Denial of Service | Low | Security Tracker Alert ID: 1014949, September 21, 2005 |
Gentoo Linux; | A remote Denial of Service vulnerability has been reported in the HTTP 'Range' header due to an error in the byte-range filter. Patches available at: Gentoo: RedHat: Ubuntu: Fedora: SGI: Debian: Trustix: Mandriva: SUSE: Avaya: There is no exploit code required. | Apache Remote Denial of Service | Low | Secunia Advisory: SA16559, August 25, 2005 Security Advisory, GLSA 200508-15, August 25, 2005 RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005 Ubuntu Security Notice, USN-177-1, September 07, 2005 Fedora Update Notifications, Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Debian Security Advisory, DSA 805-1, September 8, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 SUSE Security Summary Report, SUSE-SR:2005:020, September 12, 2005 Avaya Security Advisory, ASA-2005-204, September 23, 2005 |
Mantis 0.19.0a-0.19.2, 0.18-0.18.3; | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; a Cross-Site Scripting vulnerability has been reported in the 'mantis/view_all_set.php' script, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability has been reported in 'mantis/view_all_ Upgrades available for the first two vulnerabilities available at: Debian: Gentoo: There is no exploit code required. | Mantis Multiple Input Validation | Medium | Debian Security Advisory, DSA 778-1, August 19, 2005 Secunia Advisory: SA16506, August 22, 2005 Gentoo Linux Security Advisory, GLSA 200509-16, September 24, 2005
|
PHPXMLRPC 1.1.1; | A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
PHPXMLRPC : Pear: Drupal: eGroupWare: MailWatch: Nucleus: RedHat: Ubuntu: Mandriva: Gentoo: http://security.gentoo.org/ http://security.gentoo.org/ Fedora: Debian: SUSE: Gentoo: http://security.gentoo.org/ Slackware: Debian: SGI: Slackware: Gentoo: There is no exploit code required. | PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution | High | Security Focus, Bugtraq ID 14560, August 15, 2995 Security Focus, Bugtraq ID 14560, August 18, 2995 RedHat Security Advisory, RHSA-2005:748-05, August 19, 2005 Ubuntu Security Notice, USN-171-1, August 20, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:146, August 22, 2005 Gentoo Linux Security Advisory, GLSA 200508-13 & 14, & 200508-18, Fedora Update Notifications, Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 Gentoo Linux Security Advisory, GLSA GLSA 200508-20& 200508-21, August 30 & 31, 2005 Slackware Security Advisory, SSA:2005-242-02, August 31, 2005 Debian Security Advisory, DSA 798-1, September 2, 2005 SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Slackware Security Advisories, SSA:2005-251-03 & 251-04, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005 |
MultiTheftAuto 0.5 patch 1 | Several vulnerabilities have been reported: a vulnerability has been reported in admin command 40 due to an authentication error, which could let a remote malicious user obtain unauthorized access; and a remote Denial of Service vulnerability has been reported in admin command 40 due to an error. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | MultiTheftAuto Server Unauthorized Access & Remote Denial of Service | Medium | Secunia Advisory: SA16926, September 26, 2005 |
my little forum 1.5, 1.3 | An SQL injection vulnerability has been reported in 'search.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | My Little Forum SQL Injection | Medium | Security Focus, Bugtraq ID: 14908, September 22, 2005 |
Nokia 7610, 3210 | A remote Denial of Service vulnerability has been reported in Bluetooth OBEX transfers due to a failure to handle certain filename characters. No workaround or patch available at time of publishing. There is no exploit code required. | Nokia 3210 & 7610 Remote OBEX Denial of Service | Low | Security Focus, Bugtraq ID: 14948, September 27, 2005 |
Opera Web Browser 8.0 2 | Several vulnerabilities have been reported: a vulnerability was reported because attached files are opened without warnings, which could let a remote malicious user execute arbitrary JavaScript code; and a vulnerability was reported because filenames can be appended with an additional '.' which could let a remote malicious user spoof attachment names. Upgrade available at: SUSE: There is no exploit code required. | Opera Mail Client Attachment Spoofing & Arbitrary JavaScript Execution | Medium | Secunia Advisory: SA16645, September 20, 2005 SUSE Security Announcement, SUSE-SA:2005:057, September 26, 2005 |
PHP 5.0.5, 4.4.0 | A vulnerability has been reported in the 'open_basedir' directive due to the way PHP handles it, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | PHP 'Open_BaseDir' Information Disclosure | Medium | Security Focus, Bugtraq ID: 14957, September 27, 2005 |
phpMyFAQ 1.5.1 | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'password.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site vulnerability was reported in 'footer.php' due to insufficient sanitization of the 'PMF_CONF[version]' parameter and in 'header.php' due to insufficient sanitization of the 'PMF_LANG Updates available at: There is no exploit code required; however, Proof of Concept exploits have been published. | phpMyFAQ SQL Injection, Cross-Site Scripting, & Remote Command Execution CAN-2005-3046 | High | Secunia Advisory: SA16933, September 26, 2005 |
wzdftpd 0.5.4 | A vulnerability has been reported due to insufficient sanitization of 'SITE' command parameters, which could let a remote malicious user execute arbitrary commands. No workaround or patch available at time of publishing. An exploit has been published. | Wzdftpd Remote Arbitrary Command Execution | High | Security Focus, Bugtraq ID: 14935 , September 26, 2005 |
Polipo 0.9-0.9.8 | A buffer overflow vulnerability has been reported due to an off-by-one error when NL-terminated headers are parsed, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Polipo Off-By-One Buffer Overflow | High | Security Focus, Bugtraq ID: 14961, September 28, 2005 |
PostNuke Phoenix 0.760 | A file include vulnerability has been reported in 'PN_BBCode' due to insufficient sanitization of user-supplied input, which could let a malicious user obtain unauthorized access.
Upgrades available at: http://news.postnuke.com/ There is no exploit code required. | PostNuke File Include | Medium | Security Focus, Bugtraq ID: 14958, September 28, 2005 |
PunBB 1.2.1-1.2.7 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'forgotten e-mail' feature, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the user language selection, which has an unknown impact. Upgrades available at: There is no exploit code required. | PunBB Cross-Site Scripting & File Include | Medium | Secunia Advisory: SA16908, September 22, 2005 |
RSS Syndicator module 2.1.7 | Multiple Cross-Site Scripting vulnerabilities have been reported in 'rss.php' due to insufficient HTML filtering from user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Riverdark RSS Syndicator Module Multiple Cross-Site Scripting | Medium | Security Tracker Alert ID: 1014969, September 24, 2005 |
SEO-Board 1.0.2 | An SQL injection vulnerability has been reported in 'admin.php' due to insufficient sanitization of the 'user_pass_sha1' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrade available at: There is no exploit code required. | SEO-Board SQL Injection | Medium | Secunia Advisory: SA16949, September 26, 2005 |
Simplog 0.9 .1 | SQL injection vulnerabilities have been reported in 'archive.php' due to insufficient sanitization of the 'pid,' 'blogid,' 'cid,' and 'm' parameters and in 'blogadmin.php' due to insufficient sanitization of the 'blogid' parameter, which could let a remote malicious user execute arbitrary SQL code. The vendor has released version 0.9.2 beta 2 to address this issue. There is no exploit code required. | Simplog SQL Injection | Medium | Secunia Advisory: SA16881, September 21, 2005 |
Movable Type 3.17 | Multiple vulnerabilities have been reported: a vulnerability was reported in the password reset functionality because different error messages are returned depending on whether or not a username exists, which could let a remote malicious user obtain sensitive information; a vulnerability was reported because files that contain arbitrary file extensions can be uploaded to a directory inside the web root; a Cross-Site Scripting vulnerability was reported when creating new blog entries due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'mt-comments.cgi' script because external URLs in comments are redirected, which could trick a user into visiting a malicious web site. Update available at: There is no exploit code required. | Movable Type Multiple Remote Vulnerabilities | High | Secunia Advisory: SA16899, September 22, 2005 |
PSP 2.0 firmware | A buffer overflow vulnerability has been reported in the TIFF library when processing a specially crafted TIFF image, which could let a remote malicious user cause a Denial of Service. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Sony PSP TIFF Image Handling Remote Buffer Overflow | Low | Secunia Advisory: SA16922, September 26, 2005 |
TWiki 20040903, 20040902, 20040901, 20030201 | A vulnerability has been reported in the '%INCLUDE' variable due to insufficient sanitization of the 'rev' attribute before used in a shell expression, which could let a remote malicious user execute arbitrary code.
Patches available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | TWiki Remote Arbitrary Command Execution | High | TWiki Security Advisory, September 28, 2005 |
MailGust 1.9 | An SQL injection vulnerability has been reported in the password functionality due to insufficient sanitization of the 'email' field before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | UNU Networks Mailgust SQL Injection | Medium | Security Focus, Bugtraq ID: 14933, September 24, 2005 |
Zengaia 0.1.5 | An SQL injection vulnerability has been reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrade available at: There is no exploit code required. | Zengaia SQL Injection | Medium | Secunia Advisory: SA16896, September 21, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Asia To Dominate WiMAX Market, Study Claims: According to a study released by the market research firm, In-Stat, about 45 percent of all WiMAX subscribers in 2009 will be in the Asia Pacific region of the world.
The study predicts that the number of subscribers in that region will increase from 80,000 this year to about 3.8 million in 2009. South Korea will be the most active in terms of WiMAX. Chinese operators will account for 34 percent of all equipment purchases and Japan will account for 17 percent, the study claims. Source: http://www.networkingpipeline.com/news/171201264. - Mobile Users Are Lax On Security: Survey: According to a survey conducted by Bluefire Security Technologies, Inc. found that while most users are concerned about security, and while more than half their companies would invest more in mobile technology if these concerns were addressed, only 40% currently use mobile security tools. 44% of respondents said that, while they have concerns, neither they nor their companies have any immediate intentions to implement mobile security.
Source: http://www.networkingpipeline.com/showArticle.jhtml?articleID=171200908. - New security proposed for do it all phones: The Trusted Computing Group (TCG) which is backed by Nokia, Motorola, Intel, Samsung, VeriSign, and Vodafone plan to unveil a plan at a conference sponsored by the Cellular Telecommunications & Internet Association proposing new hardware-based security standards for mobile phones. The TCG has already developed similar specifications for PCs and servers. Source: http://news.com.com/New+security+proposed+for+do-it-all+phones/
2100-1037_3-5883341.html?tag=nefd.lede.
Wireless Vulnerabilities
- New Mobile Virus Also Aims At PCs: According to F-Secure a new trojan, Cardtrap A, exists that is aimed at smartphones based on the Symbian platform also attempts to infect PCs. When the trojan attempts to infect the smartphone, it also copies two Windows worms to the phone's memory card. The two PC viruses are Win32/Padobot.Z and Win32/Rays.
Source: http://informationweek.com/story/
showArticle.jhtml?articleID=171100069 . - Nokia 3210 & 7610 Remote OBEX Denial of Service: A remote Denial of Service vulnerability has been reported in Bluetooth OBEX transfers due to a failure to handle certain filename characters in Bluetooth OBEX transfers.
- wlan_webauth.txt: A script that redirects a wireless client to a fake a login page for a WLAN.
- HijackHeadSet.tx: An article titled, "Hijacking Bluetooth Headsets for Fun and Profit".
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
[back to
top]
name=trends>Trends
- Password Overload Makes Enterprise Systems Less Secure: According to a survey released by RSA Security, 28 percent of corporate workers juggle 13 or more passwords required to access Windows, specific applications, and Web portals. Another 30 percent have to deal with between 6 and 12 passwords.
Source: http://www.techweb.com/wire/security/171201073;jsessionid=
LQWK5KTXEH154QSNDBCSKH0CJUMEKJVN. - Name that worm plan looks to cut through chaos: The U.S. Computer Emergency Readiness Team (US-CERT) plans to use the Common Malware Enumeration (CME) initiative identifiers for malicious code. Zotob.E, Tpbot-A, Rbot.CBQ, and IRCbot.worm were all names given to a single worm that wreaked havoc in Windows 2000 systems last month. Among the plethora of identifiers, perhaps the most useful CME-540 didn't make an impact. But that's about to change. Source: http://news.com.com/Name+that+worm--plan+looks+to+cut+through+chaos/2100-7349_3-5876293.html?tag=alert.
- New Phish Deceives With Phony Certificates: An Internet security vendor, SurfControl warns that a new advanced form a phishing dubbed "secured phishing" has surfaced. "Secured phishing' relies on self-signed digital certificates and can easily fool all but the most cautious consumers. Source:
http://www.techweb.com/wire/security/171100298;jsessionid=
JIA55XLPAW02YQSNDBGCKH0CJUMEKJVN.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
| 2 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 3 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
| 4 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
| 5 | Netsky-Q | Win32 Worm | Stable | March 2004 | A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
| 6 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 7 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
| 8 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 9 | Netsky-Z | Win32 Worm | Stable | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
| 10 | Mytob-BE | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
Table Updated September 28, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.