Summary of Security Items from October 19 through October 25, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
DirectX DirectShow 7.0 to 9.0c | A buffer overflow vulnerability has been reported in DirectX DirectShow that could let remote malicious users execute arbitrary code. Vendor fix available: Avaya: V1.3 Updated to note availability of Microsoft Knowledge Base Article 909596 and to clarify an issue affecting Windows 2000 SP4 customers, also updates of file versions. Currently we are not aware of any exploits for this vulnerability. | Microsoft DirectX DirectShow Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-050, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 Avaya, ASA-2005-214, October 11, 2005 Microsoft, Security Bulletin MS05-050 V1.3, October 21, 2005 |
Microsoft Internet Explorer 6.0 SP2 | A vulnerability has been reported in Internet Explorer, J2SE Runtime Environment, that could let remote malicious users cause a Denial of Service. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Microsoft Internet Explorer Denial of Service | Low | Security Tracker, Alert ID: 1015101, October 25, 2005 |
Network Connection Manager | A vulnerability has been reported in Network Connection Manager that could let malicious users cause a Denial of Service. Vendor fix available: V1.1 Updated to revise the install registry key name. An exploit has been published. | Microsoft Network Connection Manager Denial of Service | Low | Microsoft Security Bulletin MS05-045, October 11, 2005 Microsoft Security Bulletin MS05-045 V1.1, October 21, 2005 |
Windows Plug and Play | A buffer overflow vulnerability has been reported in Windows Plug and Play that could let malicious users execute arbitrary code. Vendor fix available: Avaya: An exploit has been published. | Microsoft Windows Plug and Play Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-047, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 Avaya, ASA-2005-214, October 11, 2005 Security Focus, ID: 15065, October 24, 2005 |
RSA ACE/ Agent for Web 5.1, Authentication for Web 5.1, 5.2, 5.3 | A vulnerability has been reported in RSA ACE/ Agent for Web and Authentication Agent for Web that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | RSA ACE/ Agent for Web Cross-Site Scripting | Medium | Security Focus, ID: 15206, October 26, 2005 |
Symantec Discovery 6.0, Standard 4.5.X, Web 4.5.X | A vulnerability has been reported in Symantec Discovery that could let remote malicious users obtain unauthorized access. Vendor fix available: There is no exploit code required. | Symantec Discovery Unauthorized Access | Medium | Symantec, Security Response SYM05-022, October 24, 2005 |
NetBackup Data and Business Center 4.5FP, 4.5MP, Client/ Enterprise/ Server 5.0, 5.1, 6.0 | A vulnerability has been reported in NetBackup that could let remote malicious users execute arbitrary code. Vendor fix available: An exploit has been published. | VERITAS NetBackup Arbitrary Code Execution | High | Secunia, Advisory: SA17181, October 13, 2005 Security Focus, ID: 15079, October 20, 2005 |
A buffer overflow vulnerability has been reported in ZipGenius, ACE, ZIP, and UUE processing, that could let remote malicious users execute arbitrary code. Upgrade to version 6.0.2.1050: Currently we are not aware of any exploits for this vulnerability. | ZipGenius Arbitrary Code Execution | High | Security Tracker, Alert ID: 1015090, October 21, 2005 | |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Apache 2.0.x | A vulnerability has been reported in 'modules/ssl/ssl_engine_ Patch available at: OpenPKG: RedHat: Ubuntu: SGI: Debian: Mandriva: Slackware: Trustix: Debian: Gentoo: Avaya: Conectiva: TurboLinux: Trustix: There is no exploit code required. | Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass | Medium | Security Tracker Alert ID: 1014833, September 1, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.017, September 3, 2005 RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005 Ubuntu Security Notice, USN-177-1, September 07, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Debian Security Advisory, DSA 805-1, September 8, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005 Slackware Security Advisory, SSA:2005-251-02, September 9, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 Debian Security Advisory DSA 807-1, September 12, 2005 Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005 Avaya Security Advisory, ASA-2005-204, September 23, 2005 Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005 Turbolinux Security Advisory, TLSA-2005-94, October 3, 2005 HP Security Bulletin, Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 |
Control-M Agent 6.1.03 | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user overwrite files. No workaround or patch available at time of publishing.
There is no exploit code required. | BMC Control-M Agent Insecure File Permission | Medium | Security Focus, Bugtraq ID: 15167, October 22, 2005 |
ClamAV 0.80 -0.86.2, 0.70, 0.65-0.68, 0.60, 0.51-0.54 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'libclamav/upx.c' due to a signedness error, which could let a malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported in 'libclamav/fsg.c' when handling a specially -crafted FSG-compressed executable file.
Upgrades available at: Gentoo: Mandriva: Trustix: Debian: Conectiva: Currently we are not aware of any exploits for these vulnerabilities. | ClamAV UPX Buffer Overflow & FSG Handling Denial of Service | High | Secunia Advisory: SA16848, September 19, 2005 Gentoo Linux Security Advisory, GLSA 200509-13, September 19, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:166, September 20, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0051, September 23, 2005 Debian Security Advisory DSA 824-1, September 29, 2005 Conectiva Linux Announcement, CLSA-2005:1020, October 3, 2005 |
DCP-Portal 6.1.1, 6.1, 6.0 5.3-5.3.2, 5.2, 5.1, 5.0.2, 5.0.1, 4.5.1, 4.2, 4.1, 4.0, 3.7 | Several Cross-Site Scripting and SQL Injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code and SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | DCP-Portal Cross-Site Scripting & SQL Injection | Medium | Security Focus, Bugtraq ID: 15183, October 24, 2005 |
module-assistant | A vulnerability has been reported in module-assist due to the insecure creation of temporary files, which could let a malicious user overwrite files. Update available at: There is no exploit code required. | Medium | Debian Security Advisory DSA 867-1, October 20, 2005 | |
eric3 prior to 3.7.2 | A vulnerability has been reported due to a "potential security exploit." The impact was not specified
Upgrades available at: Debian: Currently we are not aware of any exploits for this vulnerability. | eric3 Unspecified Vulnerability | Not Specified | Security Tracker Alert ID: 1014947, September 21, 2005 Debian Security Advisory, DSA 869-1, October 21, 2005 |
Fetchmail 6.x | A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information. Upgrades available at: http://download. There is no exploit code required. | Fetchmail 'fetchmailconf' Information Disclosure | Medium | fetchmail-SA-2005-02 Security Announcement, October 21, 2005 |
XPDF prior to 3.00pl3 | A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code. Update available at: Patch available at: Debian: http://security.debian. Fedora: Gentoo: KDE: Ubuntu: Conectiva: Mandrake: SUSE: FedoraLegacy: Gentoo: SGI: Trustix: FedoraLegacy: RedHat: SCO: Currently we are not aware of any exploits for this vulnerability. | Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow | High | iDEFENSE Security Advisory, January 18, 2005 Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005 Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 SGI Security Advisory, 20050202-01-U, February 9, 2005 Gentoo Linux Security Advisory, GLSA 200502-10, February 9, 2005 Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 Fedora Legacy Update Advisory, FLSA:2127, March 2, 2005 SUSE Security Announcement, SUSE-SA:2005:015, March 14, 2005 RedHat Security Advisory, RHSA-2005:026-15, March 16, 2005 SuSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005 SCO Security Advisory, SCOSA-2005.42, October 20, 2005
|
Texinfo 4.7 | A vulnerability has been reported in 'textindex.c' due to insecure creation of temporary files by the 'sort_offline()' function, which could let a malicious user create/ overwrite arbitrary files. Gentoo: Mandriva: Ubuntu: SUSE: Trustix: There is no exploit code required. | GNU Texinfo Insecure Temporary File Creation | Medium | Security Focus, Bugtraq ID: 14854, September 15, 2005 Gentoo Linux Security Advisory, GLSA 200510-04, October 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:175, October 6, 2005 Ubuntu Security Notice, USN-194-1, October 06, 2005 SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 |
Xpdf prior to 3.00pl2 | A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user. A fixed version (3.00pl2) is available at: A patch is available: KDE: Gentoo: Fedora: Ubuntu: Mandrakesoft (update for koffice): Mandrakesoft (update for kdegraphics): Mandrakesoft (update for gpdf): Mandrakesoft (update for xpdf): Mandrakesoft (update for tetex): Debian: Fedora (update for tetex): Fedora: Gentoo: TurboLinux: SGI: Conectiva: SuSE: FedoraLegacy: FedoraLegacy: SUSE: RedHat: RedHat: SCO: Currently we are not aware of any exploits for this vulnerability. | GNU Xpdf Buffer Overflow in doImage() | High | iDEFENSE Security Advisory 12.21.04 KDE Security Mandrakesoft, Fedora Update Notification, Gentoo Linux Conectiva Linux Security SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 Avaya Security Advisory, SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Fedora Legacy Fedora Legacy Update Advisory, FLSA:2127, SUSE Security Announcement, RedHat Security Advisory, SuSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005 RedHat Security Advisory, RHSA-2005:354-03, SCO Security Advisory, SCOSA-2005.42, October 20, 2005
|
Graphviz 2.2.1 | A vulnerability has been reported in '/dotty/dotty/ Update available at: Debian: Ubuntu: Mandriva: There is no exploit code required. | Graphviz Insecure Temporary File Creation | Medium | Debian Security Advisory, DSA 857-1, October 10, 2005 Ubuntu Security Notice, USN-208-1, October 17, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:188, October 21, 2005 |
BMV 1.2 | A buffer overflow vulnerability has been reported in the 'openpsfile()' function in 'gsinterf.c' due to an integer overflow error when allocating memory to store the file offsets of each page in a PS file, which could let a malicious user execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | BMV Buffer Overflow | High | Security Tracker Alert ID: 1015086, October 20, 2005 |
CHM lib 0.36, 0.35, 0.3-0.33, 0.2, 0.1 | A buffer overflow vulnerability has been reported in the '_chm_decompress_block()' function due to a boundary error when reading input, which could let a remote malicious user execute arbitrary code. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | CHM Lib Remote Buffer Overflow | High | Security Focus, Bugtraq ID: 15211, October 26, 2005 |
KOffice 1.4.1, 1.4, 1.3-1.3.5, 1.2.1, 1.2 | A buffer overflow vulnerability has been reported when handling a malformed RTF file, which could let a remote malicious user execute arbitrary code. Upgrades available at: Patches available at: Ubuntu: Gentoo: Ubuntu: Fedora: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | KDE KOffice KWord RTF Remote Buffer Overflow | High | Security Focus, Bugtraq ID: 15060, October 11, 2005 Ubuntu Security Notice, USN-202-1, October 12, 2005 Gentoo Linux Security Advisory, GLSA 200510-12, October 12, 2005 Fedora Update Notification, Mandriva Linux Security Update Advisory, MDKSA-2005:185, October 14, 2005 Debian Security Advisory, DSA 872-1, October 26, 2005 |
mgdiff 1.0 | A vulnerability has been reported in the 'viewpatch' script due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required. | mgdiff Insecure Temporary File Creation | Medium | Secunia Advisory: SA17299, October 24, 2005 |
Bugzilla 2.17.1, 2.17.3-2.17.7, | Several vulnerabilities have been reported: a vulnerability was reported because users can determine if a given invisible product exits when an access denied error is returned, which could let a remote malicious user obtain sensitive information; a vulnerability was reported because bugs can be entered into products that are closed for bug entry when a remote malicious user modifies the URL to specify the name of the product; and a vulnerability was reported because a user's password may be embedded as part of a report URL, which could let a remote malicious user obtain sensitive information.
Update available at: http://www.bugzilla.org Conectiva: There is no exploit code required. | Bugzilla Information Disclosure | Medium | Secunia Advisory, SA15338, May 12, 2005 Conectiva Linux Announcement, CLSA-2005:1040, October 19, 2005 |
DIA 0.91-0.94; | A vulnerability has been reported in 'plug-ins/ Ubuntu: Gentoo: SUSE: Debian: Mandriva: A Proof of Concept exploit has been published. | DIA Remote Arbitrary Code Execution | High | Security Focus, Bugtraq ID: 15000, October 3, 2005 Ubuntu Security Notice, USN-193-1, October 04, 2005 Gentoo Linux Security Advisory, GLSA 200510-06, October 6, 2005 SUSE Security Summary Report. SUSE-SR:2005:022, October 7, 2005 Debian Security Advisory DSA, 847-1, October 8, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:187, October 21, 2005 |
OpenLDAP 2.1.25; Padl Software pam_ldap Builds 166, 85, 202, 199, 198, 194, 183-192, 181, 180, 173, 172, 122, 121, 113, 107, 105 | A vulnerability has been reported in OpenLDAP, 'pam_ldap,' and 'nss_ldap' when a connection to a slave is established using TLS and the client is referred to a master, which could let a remote malicious user obtain sensitive information. Trustix: Gentoo: Mandriva: Ubuntu: TurboLinux: SUSE: Conectiva: RedHat: SGI: There is no exploit code required. | Multiple Vendors TLS Plaintext Password | Medium | Trustix Secure Gentoo Linux Security Mandriva Linux Security Update Advisory, Ubuntu Security Notice, USN-152-1, July 21, 2005 Turbolinux Security Advisory, TLSA-2005-86 & 87, August 29, 2006 SUSE Security Summary Report, SUSE-SR:2005:020, September 12, 2005 Conectiva Linux Announcement, CLSA-2005:1027, October 14, 2005 RedHat Security Advisory, RHSA-2005:767-8, October 17, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 |
Glyph and Cog Xpdf 3.0, pl2 & pl3; Ubuntu Linux 5.0 4 powerpc, i386, amd64; | A remote Denial of Service vulnerability has been reported when verifying malformed 'loca' table in PDF files. RedHat: http://rhn.redhat.com/ http://rhn.redhat.com/ Ubuntu: KDE: Mandriva: SGI: Gentoo: Fedora: Debian: Trustix: TurboLinux: Conectiva: Mandriva: SCO: Currently we are not aware of any exploits for this vulnerability. | Low | RedHat Security Advisories, RHSA-2005:670-05 & RHSA-2005:671-03, & RHSA-2005:708-05, August 9, 2005 Ubuntu Security Notice, USN-163-1, August 09, 2005 KDE Security Advisory, 20050809-1, August 9, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:134, 135, 136 & 138, August 11, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 Gentoo Linux Security Advisory GLSA, 200508-08, August 16, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 780-1, August 22, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 Turbolinux Security Advisory, TLSA-2005-88, September 5, 2005 Conectiva Linux Announcement, CLSA-2005:1010, September 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:138-1, September 19, 2005 SCO Security Advisory, SCOSA-2005.42, October 20, 2005 | |
Linux Kernel Linux kernel 2.6- 2.6.14 | A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function. Fedora: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPV6 Denial of Service | Low | Secunia Advisory: SA17261, October 21, 2005 Fedora Update Notifications, |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; | Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.
Debian: Fedora: Gentoo: KDE: Mandrake: Ubuntu: Conectiva: Debian: SUSE: Update: Gentoo: Fedora: FedoraLegacy: RedHat: FedoraLegacy: RedHat: SGI: SUSE: RedHat: Trustix: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows | High | Security Tracker Conectiva Linux Security Debian Security Advisory, DSA 599-1, November 25, 2004 SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 Gentoo Linux Security Advisory, Fedora Update Notifications, Fedora Legacy Mandrakelinux RedHat Security Advisory, Fedora Legacy Mandrakelinux RedHat Security Advisory, RHSA-2005:213-04, SGI Security SUSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005 RedHat Security Advisory, Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 |
Gnome-DB libgda 1.2.1; | Format string vulnerabilities have been reported in 'gda-log.c' due to format string errors in the 'gda_log_error()' and 'gda_log_message()' functions, which could let a remote malicious user execute arbitrary code. Debian: Currently we are not aware of any exploits for these vulnerabilities. | GNOME-DB | High | Security Focus, Bugtraq ID: 15200, October 25, 2005 Debian Security Advisory, |
Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11 | A vulnerability has been reported in the 'bluez_s Patches available at: Fedora: SUSE: Trustix: Fedora: RedHat: RedHat: http://rhn.redhat.com/ Conectiva: FedoraLegacy: Another exploit script has been published. | Linux Kernel | High | Security Tracker SUSE Security Announcement, SUSE-SA:2005 Trustix Secure Fedora Update Notification RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 RedHat Security Advisories, RHSA-2005:283-15 & RHSA-2005:284-11, April 28, 2005 Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005 Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005 SUSE Security Announcement, SUSE-SA:2005:29, June 9, 2005 Security Focus, Bugtraq ID: 12911, October 24, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/ Patches available at: Fedora: Trustix: There is no exploit code required. | Linux Kernel Denial of Service & Information Disclosure | Medium | Secunia Advisory: SA17114, October 12, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 Fedora Update Notifications, |
Linux Kernel 2.6-2.6.14 | Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_ Ubuntu: Trustix: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel Denials of Service CVE-2005-3053 | Low | Ubuntu Security Notice, USN-199-1, October 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 |
MandrakeSoft Multi Network Firewall 2.0, Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0; | A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied NTLM user name data, which could let a remote malicious user execute arbitrary code. WGet: Daniel Stenberg: Mandriva: Ubuntu: Fedora: Trustix: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor WGet/Curl NTLM Username Buffer Overflow | High | Security Tracker Alert ID: 1015056, October 13, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:182 & 183, October 13, 200 Ubuntu Security Notice, USN-205-1, October 14, 2005 Fedora Update Notifications Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Gentoo Linux Security Advisory. GLSA 200510-19, October 22, 2005 |
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10 | A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_ SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security. OpenSSL: FreeBSD: RedHat: Mandriva: Gentoo: Slackware: Fedora: Sun: Ubuntu: OpenPKG: SUSE: Trustix: SGI: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors OpenSSL Insecure Protocol Negotiation | Medium | OpenSSL Security Advisory, October 11, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005 RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005 Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005 Slackware Security Advisory, SSA:2005-286-01, October 13, 2005 Fedora Update Notifications, Sun(sm) Alert Notification Ubuntu Security Notice, USN-204-1, October 14, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005 SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005
|
RedHat Fedora Core3; Linux kernel 2.6.10-2.6.13
| A vulnerability has been reported because a world writable file is created in 'SYSFS' which could let a malicious user obtain sensitive information. Upgrades available at: Fedora: There is no exploit code required. | Linux Kernel World Writable SYSFS Information Disclosure | Medium | Security Focus, Bugtraq ID: 15154, October 20, 2005 Fedora Update Notification |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0 | A buffer overflow vulnerability has been reported in the 'PNMToPNG' conversion package due to insufficient bounds checking of user-supplied input before coping to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code. Ubuntu: RedHat: Gentoo: SUSE: Mandriva: Currently we are not aware of any exploits for this vulnerability. | NetPBM Buffer Overflow | High | Ubuntu Security Notice, USN-210-1, October 18, 2005 RedHat Security Advisory, RHSA-2005:793-6, October 18, 2005 Gentoo Linux Security Advisory, GLSA 200510-18, October 20, 2005 SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005 Mandriva Linux Security Advisory, MDKSA-2005:199, October 26, 2005 |
util-linux 2.8-2.13; | A vulnerability has been reported because mounted filesystem options are improperly cleared due to a design flaw, which could let a remote malicious user obtain elevated privileges. Updates available at: Slackware: Trustix: Ubuntu: Gentoo: Mandriva: Debian: SUSE: Conectiva: Sun: SGI: There is no exploit code required. | Util-Linux UMount Remounting Filesystem Elevated Privileges | Medium | Security Focus, Bugtraq ID: 14816, September 12, 2005 Slackware Security Advisory, SSA:2005-255-02, September 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Ubuntu Security Notice, USN-184-1, September 19, 2005 Gentoo Linux Security Advisory, GLSA 200509-15, September 20, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:167, September 20, 2005 Debian Security Advisory, DSA 823-1, September 29, 2005 SUSE Security Summary Report, SUSE-SR:2005:021, September 30, 2005 Conectiva Linux Announcement, CLSA-2005:1022, October 6, 2005 Sun(sm) Alert Notification SGI Security Advisor, 20051003-01-U, October 26, 2005 |
XFree86 X11R6 4.3 .0, | A buffer overflow vulnerability has been reported in the pixmap processing code, which could let a malicious user execute arbitrary code and possibly obtain superuser privileges. Gentoo: RedHat: http://rhn.redhat.com/ Ubuntu: Mandriva: Fedora: Trustix: Debian: Sun: SUSE: Slackware: Sun: SUSE: Avaya: Sun 101926: Updated Contributing Factors, Relief/Workaround, and Resolution sections. Currently we are not aware of any exploits for this vulnerability. | XFree86 Pixmap Allocation Buffer Overflow | High | Gentoo Linux Security Advisory, GLSA 200509-07, September 12, 2005 RedHat Security Advisory, RHSA-2005:329-12 & RHSA-2005:396-9, September 12 & 13, 2005 Ubuntu Security Notice, USN-182-1, September 12, 2005 Mandriva Security Advisory, MDKSA-2005:164, September 13, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Debian Security Advisory DSA 816-1, September 19, 2005 Sun(sm) Alert Notification SUSE Security Announcement, SUSE-SA:2005:056, September 26, 2005 Slackware Security Advisory, SSA:2005-269-02, September 26, 2005 Sun(sm) Alert Notification SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Avaya Security Advisory, ASA-2005-218, October 19, 2005 Sun(sm) Alert Notification |
xine xine-lib 1.1.0, 1.0-1.0.2, 0.9.13; Ubuntu Linux 5.0 4 powerpc, i386, amd64, ppc, ia64, ia32; | A format string vulnerability has been reported in 'input_cdda.c' when writing CD metadata retrieved from a CDDB server to a cache file, which could let a remote malicious user execute arbitrary code. Gentoo: Ubuntu: Slackware: Mandriva: Debian: Conectiva: SUSE: An exploit script has been published. | Multiple Vendors CDDB Client Format String | High | Gentoo Linux Security Advisory, GLSA 200510-08, October 8, 2005 Ubuntu Security Notice, USN-196-1, October 10, 2005 Slackware Security Advisory, SSA:2005-283-01, October 11, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:180, October 11, 2005 Debian Security Advisory, DSA 863-1, October 12, 2005 Conectiva Linux Announcement, CLSA-2005:1026, October 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:024, October 21, 2005 |
Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1 | A remote Denial of Service vulnerability has been reported when handling stream-based protocols. Upgrades available at: Trustix: Fedora: RedHat: Mandriva: Ubuntu: RedHat: Conectiva: Avaya: SUSE: Debian: Currently we are not aware of any exploits for this vulnerability. | Net-SNMP | Low | Secunia Trustix Secure Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005 Ubuntu Security Notice, USN-190-1, September 29, 2005 RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005 Conectiva Linux Announcement, CLSA-2005:1032, October 13, 2005 Avaya Security Advisory, ASA-2005-225, October 18, 200 SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005 Debian Security Advisory, DSA 873-1, October 26, 2005 |
pam_ldap Build 179, Build 169 | A vulnerability has been reported when handling a new password policy control, which could let a remote malicious user bypass authentication policies. Upgrades available at: Gentoo: Conectiva: RedHat: Mandriva: SGI: There is no exploit code required. | PADL Software PAM_LDAP Authentication Bypass | Medium | Bugtraq ID: 14649, August 24, 2005 Gentoo Linux Security Advisory, GLSA 200508-22, August 31, 2005 Conectiva Linux Announcement, CLSA-2005:1027, October 14, 2005 RedHat Security Advisory, RHSA-2005:767-8, October 17, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:190, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 |
PCRE 6.1, 6.0, 5.0 | A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code. Updates available at: Ubuntu: Ubuntu: Fedora: Gentoo: Mandriva: SUSE: Slackware: Ubuntu: Debian: SUSE: Gentoo: Conectiva: Gentoo: Debian: Gentoo: Debian: Conectiva: TurboLinux: Avaya: Trustix: Currently we are not aware of any exploits for this vulnerability. | PCRE Regular Expression Heap Overflow | High | Secunia Advisory: SA16502, August 22, 2005 Ubuntu Security Notice, USN-173-1, August 23, 2005 Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005 SUSE Security Announcements, SUSE-SA:2005:048 & 049, August 30, 2005 Slackware Security Advisories, SSA:2005-242-01 & 242-02, August 31, 2005 Ubuntu Security Notices, USN-173-3, 173-4 August 30 & 31, 2005 Debian Security Advisory, DSA 800-1, September 2, 2005 SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005 Slackware Security Advisory, SSA:2005-251-04, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-08, September 12, 2005 Conectiva Linux Announce- Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005 Debian Security Advisory, DSA 817-1 & DSA 819-1, September 22 & 23, 2005 Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005 Debian Security Advisory, DSA 821-1, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005 Turbolinux Security Advisory, TLSA-2005-92, October 3, 2005 Avaya Security Advisory, ASA-2005-216, October 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 |
PHP 5.0 .0-5.0.5, 4.4 .0, 4.3.1 -4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0 0-4.0.7 | A Denial of Service vulnerability has been reported in the 'sapi_apache2.c' file. PHP 5.1.0 final and 4.4.1 final are not affected by this issue. Please contact the vendor to obtain fixes. There is no exploit code required. | PHP Apache 2 Denial of Service | Low | Security Focus, Bugtraq ID: 15177, October 24, 2005 |
phpMyAdmin 2.6.4 -pl1 | A vulnerability has been reported in 'libraries/grab_ Gentoo: Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHPMyAdmin File Include | Medium | Secunia Advisory: SA17137, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-16, October 17, 2005 Security Focus Bugtraq ID: 15053, October 22, 2005 |
phpMyAdmin 2.x | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of certain configuration parameters, which could let a remote malicious user include arbitrary files; and a Cross-Site Scripting vulnerability was reported in 'left.php,' 'queryframe.php,' and 'server_databases.php' due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: There is no exploit code required; however, a Proof of Concept exploit has been published. | phpMyAdmin Local File Inclusion & Cross-Site Scripting | Medium | Secunia Advisory: SA17289, October 24, 2005 Gentoo Linux Security Advisory, GLSA 200510-21, October 25, 2005 |
Open Server 5.0.7 | A buffer overflow vulnerability has been reported in 'Backupsh' when processing excessive data, which could let a malicious user execute arbitrary code. Update available at: Currently we are not aware of any exploits for this vulnerability. | SCO OpenServer 'Backupsh' Buffer Overflow | High | SCO Security Advisory, SCOSA-2005.40, October 20, 2005 |
Unixware 7.1.4, 7.1.3 | A buffer overflow vulnerability has been reported in the PPP binary, which could let a malicious user obtain root privileges. Updates available at: Currently we are not aware of any exploits for this vulnerability. | SCO UnixWare PPP Prompt Buffer Overflow | High | SCO Security Advisory, SCOSA-2005.41, October 20, 2005 |
Domain Manager Pro | A Cross-Site Scripting vulnerability has been reported in the 'panel' script due to insufficient sanitization of the 'err 'parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | SiteTurn Domain Manager Pro Admin Panel Cross-Site Scripting | Medium | KAPDA::#8 Advisory, October 25, 2005 |
Squid 2.x | A remote Denial of Service vulnerability has been reported when handling certain FTP server responses. Patches available at: Fedora: Mandriva: There is no exploit code required. | Squid FTP Server Response Handling Remote Denial of Service | Low | Secunia Advisory: SA17271, October 20, 2005 Fedora Update Notifications, Mandriva Linux Security Advisory, MDKSA-2005:195, October 26, 2005 |
SuSE Linux Professional 9.0, x86_64, Linux Personal 9.0, x86_64 | A remote Denial of Service vulnerability has been reported in the squid proxy when handling specially crafted HTTPs data. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | SUSE Linux Squid Proxy SSL Handling Remote Denial of Service | Low | SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005 |
UnitedLinux 1.0, Linux Professional 10.0 OSS, 10.0, 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, 9.0, x86_64, Linux Personal 10.0 OSS, 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, 9.0, x86_64, Linux Enterprise Server 9, 8, Linux Desktop 1.0 | A vulnerability has been reported in the 'permissions' package due to file permissions improper handling by the 'chkstat' utility, which could let a malicious user obtain sensitive information.
SUSE: There is no exploit code required. | SUSE Linux Permissions Package CHKSTAT Information Disclosure | Medium | SUSE Security Announcement, SUSE-SA:2005:062, October 24, 2005 |
Norton Utilities for Macintosh 8.0, Norton System Works for Macintosh 3.0, Norton Personal Firewall for Macintosh 3.1, 3.0, Norton Internet Security for Macintosh 3.0, Norton Antivirus for Macintosh 10.0.1, 10.0 .0, 9.0.0-9.0.3, LiveUpdate for Macintosh 3.5, 3.0-3.0.3
| Several vulnerabilities have been reported: a vulnerability was reported in the 'DiskMountNotify' component of Symantec Norton AntiVirus for Macintosh due to failure to use the execution path environment, which could let a malicious user execute arbitrary commands with System Administrative privileges; and a vulnerability was reported in the liveupdate component because the '/Library/Application Support/Norton Solutions Support/LiveUpdate/jlucaller' command-line application is used to interface with the Java interpreter, which could let a malicious user execute arbitrary Java code with System Administrative privileges. Symantec has released a patch to address this issue. This patch can be automatically installed on vulnerable computers by running LiveUpdate. There is no exploit code required. | Symantec AntiVirus/ | High | Security Tracker Alert IDs: 1015083 & 1015084, October 20, 2005 |
Sudo 1.x | A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges. Debian: There is no exploit code required. | Todd Miller Sudo Local Elevated Privileges | Medium | Debian Security Advisory, DSA 870-1, October 25, 2005 |
UW-imapd imap-2004c1 | A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code. Upgrade to version imap-2004g: Trustix: Debian: Gentoo: SUSE: Mandriva: Currently we are not aware of any exploits for this vulnerability. | UW-imapd Denial of Service and Arbitrary Code Execution | High | Secunia, Advisory: SA17062, October 5, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Debian Security Advisory, DSA 861-1, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194 , October 21 & 26, 2005 |
Webmin 1.220, 1.210, 1.200; Usermin 1.150, 1.140, 1.130 | A vulnerability has been reported in 'miniserv.pl' due to an input validation error in the authentication process, which could let a remote malicious user bypass certain security restrictions. Webmin: Usermin: Gentoo: Mandriva: SUSE: Currently we are not aware of any exploits for this vulnerability. | Webmin / Usermin Remote PAM Authentication Bypass | Medium | SNS Advisory No.83, September 20, 2005 Gentoo Linux Security Advisory, GLSA 200509-17, September 24, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:176, October 7, 2005 SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005 |
xloadimage 4.1 | A buffer overflow vulnerability has been reported when handling the title of a NIFF image when performing zoom, reduce, or rotate functions, which could let a remote malicious user execute arbitrary code. Debian: http://security.debian. RedHat: Mandriva: SUSE: SGI: Currently we are not aware of any exploits for this vulnerability. | Xloadimage NIFF Image Buffer Overflow | High | Debian Security Advisories, DSA 858-1 & 859-1, October 10, 2005 RedHat Security Advisory, RHSA-2005:802-4, October 18, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:191, October 21, 2005 SUSE Security Summary Report, SUSE-SR:2005:024, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005
|
Ruby 1.6 - 1.6.8, 1.8 - 1.8.2 | A vulnerability has been reported in 'eval.c' due to a flaw in the logic that implements the SAFE level checks, which could let a remote malicious user bypass access restrictions to execute scripting code. Patches available at: Updates available at: Gentoo: Ubuntu: Debian: RedHat: Debian: Conectiva: Mandriva: RedHat: SGI: There is no exploit code required. | Ruby Safe Level Restrictions Bypass | Medium | Security Tracker Alert ID: 1014948, September 21, 2005 Gentoo Linux Security Advisory, GLSA 200510-05, October 6, 2005 Ubuntu Security Notice, USN-195-1, October 10, 2005 Debian Security Advisories, DSA 860-1 & DSA 862-1, October 11, 2005 RedHat Security Advisory, RHSA-2005:799-3, October 11, 2005 Debian Security Advisory, DSA 864-1, October 13, 2005 Conectiva Linux Announcement, CLSA-2005:1030, October 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:191, October 21, 2005 RedHat Security Advisory, RHSA-2005:799-6, Updated October 25, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 |
Zope 2.6-2.8.1 | A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'RestructuredText' functionality via the web. The impact was not specified. Hotfix available at: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Zope 'Restructured | Not Specified | Zope Security Alert, October 12, 2005 Gentoo Linux Security Advisory, GLSA 200510-20, October 25, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
AbiWord 2.2.0-2.2.10, 2.2.12, 2.0.1-2.0.9 | Multiple stack-based buffer overflow vulnerabilities have been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer while importing RTF files, which could let a remote malicious user execute arbitrary code. The vendor has addressed this issue in AbiWord version 2.2.11. Users are advised to contact the vendor to obtain the appropriate update. Ubuntu: Fedora: Conectiva: Gentoo: Currently we are not aware of any exploits for these vulnerabilities. | AbiWord Stack-Based Buffer Overflows | High | Ubuntu Security Notice, USN-203-1, October 13, 2005 Fedora Update Notification, Conectiva Linux Announcement, CLSA-2005:1035, October 14, 2005 Gentoo Linux Security Advisory, GLSA 200510-17, October 20, 2005 |
AL-Caricatier 2.5, 1.0 | A vulnerability has been reported in 'ss.php' due to an insecure process, which could let a remote malicious user obtain unauthorized access. No workaround or patch available at time of publishing. There is no exploit code required. | AL-Caricatier SS.PHP Authentication Bypass | Medium | Secunia Advisory: SA17292, October 24, 2005 |
| Apache | A vulnerability has been reported in Apache which can be exploited by remote malicious users to smuggle http requests. Conectiva: Fedora: Mandriva: http://security.ubuntu.com/ TurboLinux: SGI: SuSE: Debian: Ubuntu: SGI: IBM has released fixes for Hardware Management Console addressing this issue. Users should contact IBM for further information. Trustix: Currently we are not aware of any exploits for this vulnerability. | Apache HTTP Request Smuggling Vulnerability | Medium | Secunia, Advisory: SA14530, July 26, 2005 Conectiva, CLSA-2005:982, July 25, 2005 Fedora Update Notification Mandriva Linux Security Update Advisory, MDKSA-2005:129, August 3, 2005 Ubuntu Security Notice, USN-160-1, August 04, 2005 Turbolinux Security Advisory, TLSA-2005-81, August 9, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 SUSE Security Announcement, SUSE-SA:2005:046, August 16, 2005 Debian Security Advisory DSA 803-1, September 8, 2005 Ubuntu Security Notice, USN-160-2, September 07, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Security Focus, Bugtraq ID: 14106, September 21, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 |
MWChat 6.8 | An SQL injection vulnerability has been reported in 'chat.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | MWChat SQL Injection | Medium | Security Tracker Alert ID: 1015094, October 24, 2005 |
ar-blog 5.2, 2.0 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input when adding a comment, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to an insecure authentication process, which could let a remote malicious user obtain unauthorized access. No workaround or patch available at time of publishing. There is no exploit code required. | ar-blog Cross-SIte Scripting & Authentication Bypass | Medium | Security Tracker Alert ID: 1015100, October 25, 2005 |
BASE Basic Analysis and Security Engine BASE Basic Analysis and Security Engine 1.2 | An SQL injection vulnerability has been reported in 'base_qry_main.php' due to insufficient sanitization of the 'sig[1] parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Basic Analysis and Security Engine SQL Injection | Medium | Secunia Advisory: SA17314, October 25, 2005 |
vCard 2.9 | A file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Belchior Foundry VCard Remote File Include | High | Security Focus, Bugtraq ID: 15207, October 26, 2005 |
Chipmunk Topsites, Forum, Directory | Cross-Site Scripting vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'newtopic.php,' 'quote.php,' 'index.php,' and 'reply.php' due to insufficient sanitization of the 'forum_ID' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'recommend.php' due to insufficient sanitization of the 'ID" parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Chipmunk Multiple Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15149, October 20, 2005 |
PHP-Fusion 6.0.204 | A vulnerability has been reported in the 'submit.php' script due to insufficient sanitization of the 'news_body' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | PHP-Fusion Script Insertion | Medium | Secunia Advisory: SA17312, October 25, 2005 |
eBASEweb 3.0 | An SQL injection vulnerability has been reported due to insufficient sanitization of input passed to certain parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrade available at: There is no exploit code required. | eBASEweb SQL Injection | Medium | Security Tracker Alert ID: 1015089, October 21, 2005 |
FlatNuke 2.5.1-2.5.6 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'index.php' due to insufficient verification of the 'user' and 'quale' parameters before used to show file context, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'user' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required; however, Proof of Concept exploits have been published. | FlatNuke Cross-Site Scripting & Directory Traversal | Medium | Secunia Advisory: SA17291, October 24, 2005 |
Flyspray 0.9.8 development, 0.9.8, 0.9.7 | Cross-Site Scripting vulnerabilities have been reported in 'index.php' due to insufficient sanitization of input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit URLs have been published. | Flyspray Multiple Cross-Site Scripting | Medium | Flyspray Security Advisory, FS#703, October 24, 2005 |
PHP-Nuke 7.8 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHPNuke Multiple Modules SQL Injection | Medium | Security Focus, Bugtraq ID: 15178, October 24, 2005 |
ipbProArcade 2.5.2 | An SQL injection vulnerability has been reported in the 'gameid' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | IPBProArcade Remote SQL Injection | Medium | Security Focus, Bugtraq ID: 15205, October 26, 2005 |
Mantis 1.0.0RC2, 0.19.2 | Several vulnerabilities have been reported: a vulnerability was reported in 'bug_ Upgrades available at: There is no exploit code required; however, Proof of Concept exploits have been published. | Mantis Multiple Vulnerabilities CVE-2005-3335 | High | Secunia Advisory: SA16818, October 26, 2005 |
Firefox 1.0.6; | A vulnerability has been reported which could let a remote malicious user execute arbitrary commands via shell metacharacters in a URL.
Upgrades available at: RedHat: http://rhn.redhat.com/
Ubuntu: Mandriva: Fedora: Slackware: SGI: Conectiva: Fedora: TurboLinux: Slackware: Mandriva: Ubuntu: Debian: http://security.debian.org/ There is no exploit code required; however, a Proof of Concept exploit has been published. | Mozilla Browser/Firefox Arbitrary Command Execution | High | Security Focus Bugtraq ID: 14888, September 21, 2005 Security Focus Bugtraq ID: 14888, September 22, 2005 RedHat Security Advisories, RHSA-2005:785-9 & 789-11, September 22, 2005 Ubuntu Security Notices, USN-USN-186-1 & 186-2, September 23 & 25, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:169, September 26, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 SGI Security Advisory, 20050903-02-U, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005 Fedora Update Notifications, Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005 Slackware Security Advisory, SSA:2005-278-01, October 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005 Ubuntu Security Notice, USN-200-1, October 11, 2005 Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005 |
Netscape 8.0.3.3, 7.2;
| A buffer overflow vulnerability has been reported due to an error when handling IDN URLs that contain the 0xAD character in the domain name, which could let a remote malicious user execute arbitrary code. Patches available at: RedHat: http://rhn.redhat.com/ Fedora: Ubuntu: Gentoo: Slackware: Gentoo: Conectiva: Fedora: Debian: TurboLinux: Mandriva: HPSBUX01231 Rev1: Netscape: Debian: http://security.debian.org/ A Proof of Concept exploit script has been published. | Mozilla/Netscape/ Firefox Browsers Domain Name Buffer Overflow | High | Security Focus, Bugtraq ID: 14784, September 10, 2005 RedHat Security Advisories, 769-8 & RHSA-2005:768-6, September 9, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-181-1, September 12, 2005 Gentoo Linux Security Advisory GLSA 200509-11, September 18, 2005 Security Focus, Bugtraq ID: 14784, September 22, 2005 Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 Gentoo Linux Security Advisory [UPDATE], GLSA 200509-11:02, September 29, 2005 Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 837-1, October 2, 2005 Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005 HP Security Bulletin, Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005 HP Security Bulletin, Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005 |
Mozilla Firefox 1.0-1.0.6; Mozilla Browser 1.7-1.7.11; Netscape Browser 8.0.3.3 | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when processing malformed XBM images, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when unicode sequences contain 'zero-width non-joiner' characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported due to a flaw when making XMLHttp requests, which could let a remote malicious user spoof XMLHttpRequest headers; a vulnerability was reported because a remote malicious user can create specially crafted HTML that spoofs XML objects to create an XBL binding to execute arbitrary JavaScript with elevated (chrome) permissions; an integer overflow vulnerability was reported in the JavaScript engine, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a remote malicious user can load privileged 'chrome' pages from an unprivileged 'about:' page, which could lead to unauthorized access; and a window spoofing vulnerability was reported when a blank 'chrom' canvas is obtained by opening a window from a reference to a closed window, which could let a remote malicious user conduct phishing type attacks. Firefox: Mozilla Browser: RedHat: Ubuntu: Mandriva: Fedora: Slackware: SGI: Conectiva: Gentoo: SUSE: Fedora: Debian: TurboLinux: Mandriva: Ubuntu: Netscape: Debian: http://security.debian.org/ Currently we are not aware of any exploits for these vulnerabilities. | Mozilla Browser / Firefox Multiple Vulnerabilities CVE-2005-2701 | High | Mozilla Foundation Security Advisory, 2005-58, September 22, 2005 RedHat Security Advisory, RHSA-2005:789-11, September 22, 2005 Ubuntu Security Notices, USN-186-1 & 186-2, September 23 & 25, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:169 & 170, September 26, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 SGI Security Advisory, 20050903-02-U, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005 Gentoo Linux Security Advisory [UPDATE], September 29, 2005 SUSE Security Announcement, SUSE-SA:2005:058, September 30, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 838-1, October 2, 2005 Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005 Ubuntu Security Notice, USN-200-1, October 11, 2005 Security Focus, Bugtraq ID: 14916, October 19, 2005 Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005 |
Snort Project Snort 2.4.0-2.4.2; Nortel Networks Threat Protection System Intrusion Sensor 4.1, | A buffer overflow vulnerability has been reported in the Back Orifice processor due to a failure to securely copy network-derived data into sensitive process buffers, Upgrades available at: Nortel: Exploit scripts have been published. | Snort Back Orifice Preprocessor Remote Buffer Overflow | High | Internet Security Systems Protection Advisory, October 18, 2005 Technical Cyber Security Alert TA05-291A, October 18, 2005 Security Focus, Bugtraq ID: 15131, October 25, 2005 |
Gentoo Linux; | A remote Denial of Service vulnerability has been reported in the HTTP 'Range' header due to an error in the byte-range filter. Patches available at: Gentoo: RedHat: Ubuntu: Fedora: SGI: Debian: Trustix: Mandriva: SUSE: Avaya: Conectiva: TurboLinux: Trustix: There is no exploit code required. | Apache Remote Denial of Service | Low | Secunia Advisory: SA16559, August 25, 2005 Security Advisory, GLSA 200508-15, August 25, 2005 RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005 Ubuntu Security Notice, USN-177-1, September 07, 2005 Fedora Update Notifications, Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Debian Security Advisory, DSA 805-1, September 8, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 SUSE Security Summary Report, SUSE-SR:2005:020, September 12, 2005 Avaya Security Advisory, ASA-2005-204, September 23, 2005 Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005 Turbolinux Security Advisory, TLSA-2005-94, October 3, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 |
RedHat Fedora Core4, Core3; | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the ISAKMP, FC-FCS, RSVP, and ISIS LSP dissectors; a remote Denial of Service vulnerability was reported in the IrDA dissector; a buffer overflow vulnerability was reported in the SLIMP3, AgentX, and SRVLOC dissectors, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the BER dissector; a remote Denial of Service vulnerability was reported in the SigComp UDVM dissector; a remote Denial of service vulnerability was reported due to a null pointer dereference in the SCSI, sFlow, and RTnet dissectors; a vulnerability was reported because a remote malicious user can trigger a divide by zero error in the X11 dissector; a vulnerability was reported because a remote malicious user can cause an invalid pointer to be freed in the WSP dissector; a remote Denial of Service vulnerability was reported if the 'Dissect unknown RPC program numbers' option is enabled (not the default setting); and a remote Denial of Service vulnerability was reported if SMB transaction payload reassembly is enabled (not the default setting). Upgrades available at: Fedora: RedHat: Mandriva: An exploit script has been published. | Ethereal Multiple Protocol Dissector Vulnerabilities CVE-2005-3184 | High | Ethereal Security Advisory, enpa-sa-00021, October 19, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:809-6, October 25, 2005 Mandriva Linux Security Advisory, MDKSA-2005:193, October 25, 2005 |
Ukranian National Antivirus UNA; | A vulnerability has been reported in the scanning engine routine that determines the file type if the MAGIC BYTE of the EXE files is at the beginning, which could lead to a false sense of security and arbitrary code execution.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Multiple Vendors Anti-Virus Magic Byte Detection Evasion | High | Security Focus, Bugtraq ID: 15189, October 25, 2005 |
University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7; | A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code. University of Kansas Lynx: Gentoo: Ubuntu: RedHat: Fedora: Mandriva: Conectiva: Trustix: SGI: Mandriva: Debian: http://security.debian. A Proof of Concept Denial of Service exploit script has been published. | Lynx 'HTrjis()' NNTP Remote Buffer Overflow | High | Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005 Ubuntu Security Notice, USN-206-1, October 17, 2005 RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005 Fedora Update Notifications, Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005 Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005 Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005 |
MyBulletinBoard 1.0 PR2, RC4 | An SQL injection vulnerability has been reported in 'Usercp.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | MyBulletinBoard SQL Injection | Medium | Security Focus, Bugtraq ID: 15204, October 26, 2005 |
Data ONTAP 7.0, 6.5, 6.4 | A vulnerability has been reported when handling iSCSI authentication requests, which could let a remote malicious user bypass authentication. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Network Appliance iSCSI Authentication Bypass | Medium | Secunia Advisory: SA17321, October 25, 2005 |
Nuked-Klan 1.7 | Several vulnerabilities have been reported: Cross-Site Scripting vulnerabilities have been reported in the 'search,' 'guestbook,' 'textbook,' and 'forum' modules due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and SQL injection vulnerabilities were reported due to insufficient sanitization of the 'forum_id,' 'thread_id,' 'link_id,' 'artid,' and 'dl_id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. | Nuked Klan Multiple Cross-Site Scripting & SQL Injection | Medium | Secunia Advisory: SA17304, October 25, 2005 |
JD Edwards EnterpriseOne 8.x, OneWorld 8.x; | 85 vulnerabilities have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to conduct SQL injection attacks, Cross-Site Scripting attacks, or potentially to compromise a vulnerable system. Patch information available at: Currently we are not aware of any exploits for these vulnerabilities. | Oracle October Security Update | High | Oracle Critical Patch Update, October 18, 2005 Technical Cyber Security Alert TA05-292A, October 19, 2005 US-CERT VU#865948, VU#890940, VU#376756, VU#171364, VU#512716, VU#150508, VU#609340, VU#265700, VU#449444 |
Paros 3.2.5 | A vulnerability has been reported in the built-in 'hsqldb' database due to a default password, which could let a remote malicious bypass authentication procedures. Upgrade available at: There is no exploit code required. | Paros 'HSQLDB' Remote Authentication Bypass | Medium | Security Focus, Bugtraq ID: 15141, October 19, 2005 |
PHP 5.0.5, 4.4.0 | A vulnerability has been reported in the 'open_basedir' directive due to the way PHP handles it, which could let a remote malicious user obtain sensitive information. Ubuntu: Trustix: There is no exploit code required. | PHP 'Open_BaseDir' Information Disclosure | Medium | Security Focus, Bugtraq ID: 14957, September 27, 2005 Ubuntu Security Notice, USN-207-1, October 17, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 |
PHP iCalendar 2.0.1, 2.0 c, 2.0 b, 2.0 a2 | A vulnerability has been reported in 'Default_View' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary remote PHP code.
No workaround or patch available at time of publishing. There is no exploit code required. | PHP ICalendar Remote File Include | Medium | Security Focus, Bugtraq ID: 15193, October 25, 2005 |
phpBB 2.0.17 | A vulnerability has been reported in avatar upload handling due to an input validation error, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Medium | Security Focus, Bugtraq ID: 15170, October 22, 2005 | |
NukeFix 3.1 for V7.8 | A Directory Traversal vulnerability has been reported in the NukeFixes Addon due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | PHP-Nuke Modules.PHP NukeFixes Addon Remote Directory Traversal | Medium | Secunia Advisory: SA17218, October 20, 2005 |
| Platinum DboardGear | SQL injection vulnerabilities have been reported in 'buddy.php,' 'u2a.php,' and 'Theme Import' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Platinum DBoardGear Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15174 & 15194, October 24 & 25, 2005 |
PunBB 1.1.2-1.1.5 | A vulnerability has been reported in 'common.php' which could let a remote malicious user include arbitrary files.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PunBB 'Common.PHP' Remote File Include | Medium | Security Focus, Bugtraq ID: 15175, October 24, 2005 |
Skype 1.4.0.83, 1.1.0.0 | Several buffer overflow vulnerabilities have been reported: a vulnerability was reported when handling Skype-specific URI types due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when handling VCARD imports due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when handling certain unspecified Skype client network traffic due to a boundary error, which could let a remote malicious user cause a remote Denial of Service. Upgrades available at: Currently we are not aware of any exploits for these vulnerabilities. | Skype Technologies Skype Multiple Buffer Overflows | High | Skype Technologies Security Advisory, SKYPE-SB/2005-002 & SKYPE-SB/2005-003, October 25, 2005 |
Snoopy 1.2 | A vulnerability has been reported in the '_httpsrequest()' function due to insufficient validation of user-supplied input before making a PHP exec() call, which could let a remote malicious user execute arbitrary commands. Update available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Snoopy Input Validation | Medium | SEC-CONSULT Security Advisory 20051025-0, October 25, 2005 |
Splatt Forum 3.0-3.2 | A vulnerability has been reported because the administrative logon process may be bypassed, which could let a remote malicious user bypass authentication procedures. The vendor has released version 4.0 to address this issue. There is no exploit code required. | Splatt Forums Remote Administrative Logon Bypass | Medium | Security Focus, Bugtraq ID: 15152, October 20, 2005 |
Java Web Start 1.x, | Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error which could let malicious untrusted applications execute arbitrary code; and a vulnerability was reported due to an unspecified error which could let a malicious untrusted applets execute arbitrary code.
Upgrades available at: http://java.sun.com/ Slackware: SUSE: HP: HP: Currently we are not aware of any exploits for these vulnerabilities. | Java Web Start / | High | Sun(sm) Alert Notification, 101748 & 101749, Slackware Security Advisory, SSA:2005-170-01, SUSE Security Announce- HP Security Bulletin, HPSBUX01214, August 29, 2005 HP Security Bulletin, HPSBMA01234, October 19, 2005
|
TikiWiki 1.9.1, 1.8.5 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified user-input, which could let la remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required. | TikiWiki Unspecified Cross-Site Scripting | Medium | Security Tracker Alert ID: 1015087, October 20, 2005 |
TClanPortal 3.0 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | TriggerTG TClanPortal SQL Injection | Medium | Security Focus, Bugtraq ID: 15173, October 24, 2005 |
XMail 1.21 | A buffer overflow vulnerability has been reported in the 'AddressFromAtPtr()' function due to a boundary error when copying the hostname portion of an e-mail address to a 256-byte buffer, which could let a malicious user execute arbitrary code. Upgrade available at: An exploit script has been published. | XMail Command Line Buffer Overflow | High | Security Tracker Alert ID: 1015055, October 13, 2005 Security Focus, Bugtraq ID: 15103, October 22, 2005 |
Xoops 2.0.12 JP & prior, 2.0.13.1 & prior, 2.2.3 RC1 & prior | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient sanitization of 'XOOPS Code' tags before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'newbb' forum module due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at: There is no exploit code required. | Xoops Arbitrary Script Execution | Medium | Secunia Advisory: SA17300, October 25, 2005 |
Yiff Sound Systems 2.14.5 | A vulnerability has been reported in the 'yplay' application due to a failure to verify file permissions before playing back user-specified files, which could let a malicious user bypass certain security restrictions. No workaround or patch available at time of publishing. There is no exploit code required. | Yiff-Server File Permission Bypass | Medium | Secunia Advisory: SA17242, October 19, 2005 |
Zomplog 3.4, 3.3 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'detail.php' due to insufficient sanitization of the 'id' parameter, and in 'get.php' and 'index.php' due to insufficient sanitization of the 'catid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'detail.php' due to insufficient sanitization of the 'name' parameter, in the 'get.php' parameter due to insufficient sanitization of the 'username' parameter, and in 'index.php' due to insufficient sanitization of the 'search' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Zomplog Cross-Site Scripting | Medium | Nightmare TeAmZ Advisory 011, October 20, 2005 |
[back to top]
Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- VoIP security threats defined: The VoIP Security Alliance (VoIPSA) has published their first document that contains a laundry list of security threats. The document, which defines security threats facing VoIP deployments, raises awareness on a technology that is becoming more and more mainstream. While threats such as caller ID spoofing, Denial of Service attacks and eavesdropping attacks have been known for some time, the VoIPSA public report identifies many additional areas where VoIP technology remains vulnerable. Source: http://www.securityfocus.com/brief/23.
- Face recognition security comes to mobiles: Oki Electric Industry has developed Face Sensing Engine software that decodes facial images and restricts phone access to everyone except the registered user. Source: http://www.vnunet.com/vnunet/news/2144460/face-recognition-mobiles.
- US firms rush to embrace VoIP: According to a poll by Qwest Communications of US-based IT professionals. US companies anticipate saving 40 per cent on telecommunication costs as a result of implementing voice over IP (VoIP). They found that 100 per cent of respondents plan to install new or additional VoIP services within the next year. Source: http://www.vnunet.com/vnunet/
news/2144654/firms-rush-roll-voip. - Voice Over WLAN To Triple In By 2007: Report: According to a report from Infonetics Research, voice over wireless local area network (VoWLAN) adoption will triple over the next two years. This reflects the overall trend of WLAN adoption. By 2007, 31% of companies surveyed for the study will have implemented the technology, compared to 10% today. Source: http://www.mobilepipeline.com
/news/172303117;jsessionid=3XKESATIGIDGQQSNDBGCKH0CJUMEKJVN.
Wireless Vulnerabilities
- Linux Kernel Bluetooth Signed Buffer Index vulnerability: Another exploit script has been published.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Trends
- Extortion virus makes rounds in Russia: According to a weblog published by Kaspersky Lab Ltd., two new versions of a virus first reported in May are staging renewed attacks against computers in Russia, encrypting files and then extorting money from victims to decode the files. The viruses, called JuNy.A and JuNy.B, search for more than 100 file types by extension. Source: http://www.computerworld.com/ securitytopics/security/virus/story/0,10801,105706,00.html
?source=NLT_PM&nid=10570. - GAO: Agencies face collaboration barriers: According to a report issued from the Government Accountability Office, agencies face several barriers to collaboration, such as competing missions, incompatible systems and concerns over turf and resources. GAO has outlined eight practices which evolved from the agencies review of a federal programs, that would improve coordination among federal agencies. Source: http://www.fcw.com/article91199-10-25-05-Web
- According to F-Secure, a new botnet, Mocbot, is circulating. This botnet client has been spread using the MS05-047 vulnerability. The vulnerability can be exploited via 139/TCP and 445/TCP. The existence of a file called wudpcom.exe in the SYSTEM directory is a symptom of an infection. Source: http://www.f-secure.com/weblog/archives/archive-102005.html#00000685.
- Hackers, Scammers Hide Malicious JavaScript On Web Sites: According to a the senior directory of security and research at Websense, hackers and scammers are using a new technique to hide malicious JavaScript on compromised or criminal sites. A family of obfuscation routines with the umbrella name of "JS/Wonka" has spread wildly in the last few weeks. Source: http://informationweek.com/story/showArticle.jhtml?articleID=172302840.
- Robot Wars – How Botnets Work: One of the most common and efficient DDoS attack methods is based on using hundreds of zombie hosts. Zombies are usually controlled and managed via IRC networks, using so-called botnets. Source: http://www.windowsecurity.com/articles/Robot-Wars-How-Botnets-Work.html
Viruses/Trojans
Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank | Common Name | Type of Code | Trend | Date | Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. |
| 2 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
| 3 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 4 | Mytob-BE | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 5 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
| 6 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
| 7 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 8 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 9 | Netsky-Q | Win32 Worm | Stable | March 2004 | A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
| 10 | Netsky-Z | Win32 Worm | Stable | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
Table updated October 24, 2005
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.