Summary of Security Items from October 26 through November 1, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
| ASP Fast Forum | A vulnerability has been reported in ASP Fast Forum that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | ASP Fast Forum Cross Site Scripting | Medium | Secunia, Advisory: SA17387, October 31, 2005 |
VideoSecurity Online 3.5 | A vulnerability has been reported in VideoSecurity Online that could let remote malicious users traverse directories or disclose information. No workaround or patch available at time of publishing. There is no exploit code required. | Asus VideoSecurity Online Directory Traversal or Information Disclosure | Medium | Security Focus, ID: 15281, November 2, 2005 |
BackOffice | Multiple input validation vulnerabilities have been reported in BackOffice that could let remote malicious users disclose sensitive information, perform SQL injection, or conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Comersus BackOffice Multiple Vulnerabilities | Medium | Security Focus, ID: 15251, October 31, 2005 |
Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40, 6.41, 6.42 | A vulnerability has been reported in F-Secure Anti-Virus for Microsoft Exchange and Internet Gatekeeper that could let local malicious users traverse directories. Vendor fix available: There is no exploit code required. | F-Secure Anti-Virus for Exchange and Internet Gatekeeper Directory Traversal | Medium | Secunia, Advisory: SA17361, November 2, 2005 |
A buffer overflow vulnerability has been reported in GraphOn GoGlobal for Windows that could let a remote malicious user execute arbitrary code or cause a Denial of Service. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | GraphOn GO-Global For Windows Denial of Service or Arbitrary Code Execution | High | Security Focus, ID: 15285, November 2, 2005 | |
| Hyper Estraier 1.0, 1.0.1 | A vulnerability has been reported in Hyper Estraier that could let remote malicious users disclose information. Upgrade to version 1.0.2: There is no exploit code required. | Hyper Estraier Information Disclosure | Medium | Security Focus, ID: 15236, October 28, 2005 |
Internet Explorer | A memory corruption vulnerability has been reported in Internet Explorer COM Object instantiation that could let remote malicious users execute arbitrary code. Vendor fix available: V1.3 Issues discovered in in the security update: Microsoft Knowledge Base Article 906294. A Proof of Concept exploit has been published. | Microsoft Internet Explorer Arbitrary Code Execution | High | Microsoft Security Bulletin MS05-038, August 9, 2005 Microsoft Security Bulletin MS05-038 V1.3, November 2, 2005 |
Internet Explorer 5.01, 5.5, 6.0 | A vulnerability has been reported in Internet Explorer that could let remote malicious users execute arbitrary code. Vendor fix available: V1.3 Issues discovered in in the security update: Microsoft Knowledge Base Article 909889. Avaya: An exploit has been published. | Microsoft Internet Explorer Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-052, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 Avaya, ASA-2005-214, October 11, 2005 USCERT, VU#680526, VU#959049, VU#740372, VU#898241 Microsoft, Security Bulletin MS05-052 V1.3, November 2, 2005 |
Real Networks RealPlayer 10.5, v6.0.12.1053, v6.0.12.1040, 10.5 Beta v6.0.12.1016, | A buffer overflow vulnerability has been reported in DynaZip that could let remote malicious users execute arbitrary code. RealPlayer/RealOne: DynaZip: DynaZip Max: CheckMark Software: An exploit has been published. | InnerMedia DynaZip Arbitrary Code Execution | High | Security Focus, ID: 11555, October 27, 2005 |
Serv-U FTP Server | A vulnerability has been reported in Serv-U FTP Server that could let remote malicious users cause a Denial of Service. Vendor upgrade available: There is no exploit code required. | Serv-U FTP Server Denial of Service | Low | Secunia, Advisory: SA17409, November 2, 2005 |
Mailsite Express WebMail prior to 6.1.22 | Multiple vulnerabilities have been reported in MailSite Express WebMail that could let remote malicious users disclose information, arbitrary file control, or execute arbitrary code. A vendor fix is available: There is no exploit code required. | RockLiffe MailSite Express WebMail Multiple Vulnerabilities | Medium | Security Focus, ID: 15231, 15230, October 28, 2005 |
Announcement, Guest Book, Mailing List, Web Directory | A vulnerability has been reported in Techno Dreams Announcement, Guest Book, Mailing List, and Web Directory that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Techno Dreams Multiple Product SQL Injection | Medium | Secunia, Advisory: SA17354, October 27, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Apple Mac OS X Server 1-.4-10.4.2, Server 10.3-10.3.9, 10.2-10.2.8, 10.0-10.1.5, Mac OS X 1-.4-10.4.2, 10.3-10.3.9, 10.2-10.2.8, 10.1-10.1.5, 10.0-10.0.4 | Multiple vulnerabilities have been reported: a misleading file ownership display vulnerability was reported, which could result in a false sense of security; a software update failure vulnerability was reported, which could potentially result in a failure to install critical security fixes; a group membership alteration issue was reported, which could result in unauthorized access; an information disclosure vulnerability was reported in Keychain, which could let a malicious user obtain sensitive information; and multiple information disclosure vulnerabilities were reported in the kernel, which could potentially let malicious users obtain sensitive information. Update information available at: Currently we are not aware of any exploits for these vulnerabilities. | Apple Mac OS X Security Update CVE-2005-2749 | Medium | Apple Security Advisory, APPLE-SA-2005-10-31, October 31, 2005 |
News2Net 3.x | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'category' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | News2Net SQL Injection | Medium | Secunia Advisory: SA17396, November 2, 2005 |
CVS 1.12.7-1.12.12, 1.12.5, 1.12.2 , 1.12.1, 1.11.19, 1.11.17 | A vulnerability has been reported in the 'cvsbug.in' script due to the insecure creation of temporary files, which could let a malicious user cause data loss or a Denial of Service. Fedora: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> FreeBSD: SGI: Debian: http://security.debian. FreeBSD: NetBSD: There is no exploit code required. | CVS 'Cvsbug.In' Script Insecure Temporary File Creation | Low | Fedora Update Notifications Trustix Secure Linux Security Advisory, TSLSA-2005-0045, August 26, 2005 RedHat Security Advisory, RHSA-2005:756-3, September 6, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:20, September 7, 2005 Debian Security Advisories, DSA 802-1 & 806-1, September 7 & 9, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:20, September 9, 2005 NetBSD Security Update, November 1, 2005 |
IPSec AES-XCBC-MAC Algorithm V5.3, 5.4, 6.0Beta | A vulnerability has been reported in FreeBSD's IPSec AES-XCBC-MAC Algorithm, which could allow for incorrect key usage, and consequently allow remote malicious users to connect via unauthorized IPSec connections. A vendor patch is available: NetBSD: There is no exploit code required. | FreeBSD IPSec AES-XCBC-MAC Algorithm Unauthorized Connections | Medium | FreeBSD Security Advisory FreeBSD-SA-05:19, July 27, 2005 Security Focus, Bugtraq ID: 14394, November 1, 2005 |
AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1 | A buffer overflow vulnerability has been reported in the 'chcon' command. The impact was not specified Vendor patch available: Currently we are not aware of any exploits for this vulnerability. | IBM AIX 'chcon' Buffer Overflow | Not Specified | IBM, IY78241, IY78253, October 28, 2005 |
UnZip 5.52 | A vulnerability has been reported due to a security weakness when extracting an archive to a world or group writeable directory, which could let a malicious user modify file permissions. Fedora: SCO: Ubuntu: Trustix: Mandriva: There is no exploit code required. | Info-ZIP UnZip File Permission Modification | Medium | Security Focus, 14450, August 2, 2005 Fedora Update Notification, SCO Security Advisory, SCOSA-2005.39, September 28, 2005 Ubuntu Security Notice, USN-191-1, September 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0053, September 30, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:197, October 26, 2005 |
ntop 3.1 | A vulnerability has been reported in 'ntopinitparms' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files. Upgrade available at: There is no exploit code required. | NTop Insecure Temporary File Creation | Medium | Security Focus, Bugtraq ID: 15242, October 31, 2005 |
MailWatch for MailScanner 1.0.2 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of the 'authenticate()' function before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Directory Traversal vulnerability was reported in the ruleset view. The impact was not specified. Updates available at: There is no exploit code required. | MailWatch for MailScanner SQL Injection & Directory Traversal | Medium | Secunia Advisory: SA17405, November 2, 2005 |
Apache Mod_Auth_Shadow 1.0 to 1.4, 2.0 | A vulnerability has been reported in Apache, Mod_Auth_Shadow, that could let remote malicious users bypass authentication. Upgrades available at: Debian: Mandriva: There is no exploit code required. | Apache Authentication Bypassing | Medium | Security Focus, ID: 15224, October 27, 2005 Debian Security Advisory, DSA 844-1, October 5, 2005 Mandriva Linux Security Advisory MDKSA-2005:200, October 27, 2005
|
Linux Kernel Linux kernel 2.6- 2.6.14 | A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function. Fedora: Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPV6 Denial of Service | Low | Secunia Advisory: SA17261, October 21, 2005 Fedora Update Notifications, Security Focus, Bugtraq ID: 15156, October 31, 2005 |
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux; | A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code. Debian: FreeBSD: Gentoo: SUSE: Ubuntu: Mandriva: OpenBSD: OpenPKG: RedHat: Trustix: Slackware: TurboLinux: Fedora: zsync: Apple: SCO: IPCop: Debian: Trolltech: FedoraLegacy: Gentoo: Gentoo: Debian: Trustix: Sun: Mandriva: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Zlib Compression Library Buffer Overflow | High | Debian Security Advisory FreeBSD Security Advisory, Gentoo Linux Security Advisory, GLSA 200507- SUSE Security Announcement, SUSE-SA:2005:039, Ubuntu Security Notice, RedHat Security Advisory, RHSA-2005:569-03, Fedora Update Notifications, Mandriva Linux Security Update Advisory, OpenPKG Trustix Secure Slackware Security Turbolinux Security Fedora Update Notification, FEDORA-2005-565, July 13, 2005 SUSE Security Summary Security Focus, 14162, July 21, 2005 USCERT Vulnerability Note VU#680620, July 22, 2005 Apple Security Update 2005-007, SCO Security Advisory, SCOSA-2005.33, August 19, 2005 Security Focus, Bugtraq ID: 14162, August 26, 2005 Debian Security Advisory, DSA 797-1, September 1, 2005 Security Focus, Bugtraq ID: 14162, September 12, 2005 Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005 Gentoo Linux Security Advisory, GLSA 200509-18, September 26, 2005 Debian Security Advisory, DSA 797-2, September 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Sun(sm) Alert Notification Mandriva Linux Security Advisory MDKSA-2005:196, October 26, 2005 Ubuntu Security Notice, USN-151-3, October 28, 2005 |
zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64, | A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input. Zlib: Debian: Ubuntu: OpenBSD: Mandriva: Fedora: Slackware: FreeBSD: SUSE: Gentoo: http://security.gentoo. Trustix: Conectiva: Apple: TurboLinux: SCO: Debian: Trolltech: FedoraLegacy: Debian: Mandriva: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service | Low | Security Focus, Bugtraq ID 14340, July 21, 2005 Debian Security Advisory DSA 763-1, July 21, 2005 Ubuntu Security Notice, USN-151-1, July 21, 2005 OpenBSD, Release Errata 3.7, July 21, 2005 Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005 Secunia, Advisory: SA16195, July 25, 2005 Slackware Security Advisory, SSA:2005- FreeBSD Security Advisory, SA-05:18, July 27, 2005 SUSE Security Announce- Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005 Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005 Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005 Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005 Turbolinux Security Advisory, TLSA-2005-83, August 18, 2005 SCO Security Advisory, SCOSA-2005.33, August 19, 2005 Debian Security Advisory, DSA 797-1, September 1, 2005 Security Focus, Bugtraq ID: 14340, September 12, 2005 Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005 Debian Security Advisory, DSA 797-2, September 29, 2005 Mandriva Linux Security Advisory, MDKSA-2005:196, October 26, 2005 Ubuntu Security Notice, USN-151-3, October 28, 2005 |
Gentoo Linux; | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-15.xml"> Ubuntu: http://security.ubuntu. Mandriva: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> TurboLinux: RedHat: RedHat: http://rhn.redhat. Avaya: Fedora: Currently we are not aware of any exploits for these vulnerabilities. | GDB Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704">CVE-2005-1704 | High | Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005 Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005 RedHat Security Advisory, RHSA-2005:659-9, September 28, 2005 RedHat Security Advisory, RHSA-2005:673-5 & RHSA-2005:709-6, October 5, 2005 Avaya Security Advisory, ASA-2005-222, October 18, 2005 Fedora Update Notifications, |
Gnome-DB libgda 1.2.1; | Format string vulnerabilities have been reported in 'gda-log.c' due to format string errors in the 'gda_log_ Debian: Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | GNOME-DB | High | Security Focus, Bugtraq ID: 15200, October 25, 2005 Debian Security Advisory, Ubuntu Security Notice, USN-212-1, October 28, 2005 |
GNU gnump3d 2.9-2.9.5; | A vulnerability has been reported in GNUMP3d that could let remote malicious users conduct Cross-Site Scripting or traverse directories. Upgrade to version 2.9.6:
href="http://savannah.gnu.org/download/gnump3d/gnump3d-2.9.6.tar.gz"> Debian: There is no exploit code required; however, Proof of Concept exploits have been published. | GNUMP3d Cross-Site Scripting or Directory Traversal | Medium | Security Focus Bugtraq IDs: 15226 & 15228, October 28, 2005 Debian Security Advisory DSA 877-1, October 28, 2005 |
Linux kernel 2.6-2.6.14 | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/ Patches available at: Fedora: Trustix: RedHat: There is no exploit code required. | Linux Kernel Denial of Service & Information Disclosure | Medium | Secunia Advisory: SA17114, October 12, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005 |
Linux Kernel 2.6-2.6.14 | Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_ Ubuntu: Trustix: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel Denials of Service CVE-2005-3053 | Low | Ubuntu Security Notice, USN-199-1, October 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005 |
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10 | A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_ SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security. OpenSSL: FreeBSD: RedHat: Mandriva: Gentoo: Slackware: Fedora: Sun: Ubuntu: OpenPKG: SUSE: Trustix: SGI: Debian: NetBSD: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors OpenSSL Insecure Protocol Negotiation | Medium | OpenSSL Security Advisory, October 11, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005 RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005 Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005 Slackware Security Advisory, SSA:2005-286-01, October 13, 2005 Fedora Update Notifications, Sun(sm) Alert Notification Ubuntu Security Notice, USN-204-1, October 14, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005 SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 Debian Security Advisory DSA 875-1, October 27, 2005 NetBSD Security Update, November 1, 2005 |
RedHat Fedora Core4, Core3, | A vulnerability has been reported in Pluggable Authentication Modules that could let local malicious users to bypass security restrictions. Redhat: Fedora: Gentoo: There is no exploit code required. | Pluggable Authentication Modules Security Bypassing | Medium | RedHat Security Advisory, RHSA-2005:805-6, October 26, 2005 Fedora Update Notifications Gentoo Linux Security Advisory, GLSA 200510-22, October 28, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0 | A buffer overflow vulnerability has been reported in the 'PNMToPNG' conversion package due to insufficient bounds checking of user-supplied input before coping to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code. Ubuntu: RedHat: Gentoo: SUSE: Mandriva: Debian: Currently we are not aware of any exploits for this vulnerability. | NetPBM Buffer Overflow | High | Ubuntu Security Notice, USN-210-1, October 18, 2005 RedHat Security Advisory, RHSA-2005:793-6, October 18, 2005 Gentoo Linux Security Advisory, GLSA 200510-18, October 20, 2005 SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005 Mandriva Linux Security Advisory, MDKSA-2005:199, October 26, 2005 Debian Security Advisory, DSA 878-1, October 28, 2005 |
XFree86 X11R6 4.3 .0, | A buffer overflow vulnerability has been reported in the pixmap processing code, which could let a malicious user execute arbitrary code and possibly obtain superuser privileges. Gentoo: RedHat: http://rhn.redhat.com/ Ubuntu: Mandriva: Fedora: Trustix: Debian: Sun: SUSE: Slackware: Sun: SUSE: Avaya: Sun 101926: Updated Contributing Factors, Relief/Workaround, and Resolution sections. NetBSD: Currently we are not aware of any exploits for this vulnerability. | XFree86 Pixmap Allocation Buffer Overflow | High | Gentoo Linux Security Advisory, GLSA 200509-07, September 12, 2005 RedHat Security Advisory, RHSA-2005:329-12 & RHSA-2005:396-9, September 12 & 13, 2005 Ubuntu Security Notice, USN-182-1, September 12, 2005 Mandriva Security Advisory, MDKSA-2005:164, September 13, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Debian Security Advisory DSA 816-1, September 19, 2005 Sun(sm) Alert Notification SUSE Security Announcement, SUSE-SA:2005:056, September 26, 2005 Slackware Security Advisory, SSA:2005-269-02, September 26, 2005 Sun(sm) Alert Notification SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Avaya Security Advisory, ASA-2005-218, October 19, 2005 Sun(sm) Alert Notification NetBSD Security Update, October 31, 2005 |
OpenVPN 2.0-2.0.2 | Several vulnerabilities have been reported: a format string vulnerability was reported in 'options.c' when handling command options in the 'foreign_option()' function, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error in the OpenVPN server when running in TCP mode. Updates available at: OpenPKG: Currently we are not aware of any exploits for these vulnerabilities. | OpenVPN Client Remote Format String & Denial of Service | High | Secunia Advisory: SA17376, November 1, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.023, November 2, 2005 |
UnixWare Portmapper | A vulnerability has been reported in UnixWare Portmapper that could let remote malicious users cause a Denial of Service. SCO: Currently we are not aware of any exploits for this vulnerability. | UnixWare Portmapper Denial of Service | Low | Security Focus, 14360, July 25, 2005 SCO Security Advisory, SCOSA-2005.43, October 27, 2005 |
Sun Solaris 8, 9, 10 | A vulnerability has been reported in Sun Solaris, Solaris Management Console, that could let local malicious users conduct Cross-Site Scripting. Vendor solution available: There is no exploit code required. | Sun Solaris Cross-Site Scripting | Medium | Sun, Alert ID: 102016, October 26, 2005 |
Sun Java System Communications Express | A vulnerability has been reported due to an unspecified error that can be exploited by local/remote malicious users to obtain sensitive information.
Patches available at: Currently we are not aware of any exploits for this vulnerability. | Sun Java System Communications Express Information Disclosure | Medium | Sun(sm) Alert Notification Sun Alert ID: 101948, November 1, 2005 |
Solaris 10.0, 9.0 _x86, 9.0 | A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges. Workaround and patch information available at: Avaya: An exploit script has been published. | Sun Solaris Runtime Linker 'LD_AUDIT' Elevated | High | Security Focus, 14074, June 28, 2005 Sun(sm) Alert Notification, 101794, June 28, 2005 Sun(sm) Alert Notification, 101794, Updated July 12, 13, 15, 2005 Avaya Security Advisory, ASA-2005-162, August 2, 2005 Sun(sm) Alert Notification, 101794, Updated October 31, 2005 |
Sudo 1.x | A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges. Debian: Mandriva: Ubuntu: There is no exploit code required. | Todd Miller Sudo Local Elevated Privileges | Medium | Debian Security Advisory, DSA 870-1, October 25, 2005 Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005 Ubuntu Security Notice, USN-213-1, October 28, 2005 |
Uim 0.5 .0, 0.4.9 | A vulnerability has been reported in 'uim/uim-custom.c' due to the incorrect use of several environment variables, which could let a malicious user obtain elevated privileges. Updates available at: Mandriva: There is no exploit code required. | Uim Elevated Privileges | Medium | Secunia Advisory: SA17043, October 4, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:198, October 26, 2005 |
xloadimage 4.1 | A buffer overflow vulnerability has been reported when handling the title of a NIFF image when performing zoom, reduce, or rotate functions, which could let a remote malicious user execute arbitrary code. Debian: http://security.debian. RedHat: Mandriva: SUSE: SGI: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Xloadimage NIFF Image Buffer Overflow | High | Debian Security Advisories, DSA 858-1 & 859-1, October 10, 2005 RedHat Security Advisory, RHSA-2005:802-4, October 18, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:191, October 21, 2005 SUSE Security Summary Report, SUSE-SR:2005:024, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 Gentoo Linux Security Advisory, GLSA 200510-26, October 31, 2005
|
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Simple PHP Blog 0.4.5 & prior | Cross-Site Scripting vulnerabilities have been reported in 'preview_cgi.php' and 'preview_static_cgi.php' due to insufficient sanitization of the 'entry parameter, in preview_cgi.php' due to insufficient sanitization of the 'blog_subject' and 'blog_text' parameters, in 'preview_static_ No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | Simple PHP Blog Cross-Site Scripting | Medium | Technical University of Vienna Security Advisory TUVSA-0511-001, November 2, 2005 |
ATutor 1.5.1-pl1, 1.5.1, 1.4.1-1.4.3 | Multiple vulnerabilities have been reported in ATutor that could let remote malicious users conduct Cross-Site Scripting, disclose sensitive information, or execute arbitrary code. Vendor patch available: There is no exploit code required; however, Proof of Concept exploits have been published. | ATutor Multiple Vulnerabilities | High | Secunia, Advisory: SA16915, October 27, 2005 |
CiscoWorks Management Center for IPS Sensors (IPSMC) 2.1 | A vulnerability has been reported due to an error in the Cisco IOS IPS (Intrusion Prevention System) configuration file that is generated by the IPS MC and deployed to IOS IPS devices, which could potentially allow malicious traffic to pass through. Patch information available at: There is no exploit code required. | Cisco Management Center for IPS Sensors Signature Disable | Medium | Cisco Security Advisory, 68065, November 1, 2005 |
ViArt Shop Enterprise 2.x | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'basket.php,' 'forum.php,' 'page.php,' 'reviews.php,' 'products.php,' and 'news_view.php' scripts due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-SIte Scripting vulnerability was reported in the 'forum_new_ ViArt Shop Enterprise 2.1.8 & prior versions are not affected by these issues. Please contact the vendor to obtain a fixed version. There is no exploit code required; however, Proofs of Concepts have been published. | High | Secunia Advisory, SA15181, May 2, 2005 Security Focus, Bugtraq ID: 13462, October 27, 2005 | |
eyeOS 0.8.4 -r1, 0.8.4, 0.8.3 -r2, 0.8.3 | Several vulnerabilities have been reported: a vulnerability was reported in 'desktop.php' due to insufficient sanitization of the 'motd' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because user credentials are stored in the file 'usrinfo.xml' inside the web root, which could let a remote malicious user obtain sensitive information. Update available at: There is no exploit code required. | eyeOS Script Insertion & Information Disclosure | Medium | Secunia Advisory: SA17105, November 1, 2005 |
XCP Content Management | A vulnerability has been reported in 'aries.sys' due to the device driver hiding all files, registry keys and processes on the system that have names that start with "$sys$", which could let a malicious user bypass security. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | First4Internet XCP Content Management Security Bypass | Medium | Secunia Advisory: SA17408, November 2, 2005 |
gCards 1.44 | An SQL injection vulnerability has been reported in 'news.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | gCards SQL Injection | Medium | Security Tracker, Alert ID: 1015106, October 25, 2005 |
Hasbani Web Server | A vulnerability has been reported in Hasbani Web Server that could let remote malicious users cause a Denial of Service. No workaround or patch available at time of publishing. An exploit has been published. | Hasbani Web Server Denial of Service | Low | Security Focus, ID: 15225, October 27, 2005 |
OpenVMS Integrity 8.2-1, 8.2, OpenVMS Alpha 7.3-2, 8.2 | A Denial of Service vulnerability has been reported due to an unspecified error. Patch available at: Currently we are not aware of any exploits for this vulnerability. | HP OpenVMS Denial of Service | Low | HP Security Bulletin, HPSBOV01239, October 31, 2005 |
Invision Gallery 2.0.3 | A vulnerability has been reported in the image upload handling due to an input validation error, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Invision Gallery Image Input Validation | Medium | Secunia Advisory: SA17393, November 2, 2005 |
Invision Gallery 2.0.3 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the the 'st' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Invision Gallery SQL Injection | Medium | Secunia Advisory: SA17375, November 1, 2005 |
CHM lib 0.35, 0.3- 0.33, 0.2, 0.1 | A buffer overflow vulnerability has been reported in '_chm_ Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Jed Wing CHM Lib '_chm_find_ | High | iDefense Security Advisory, October 28, 2005 |
Mantis 1.0.0RC2, 0.19.2 | Several vulnerabilities have been reported: a vulnerability was reported in 'bug_ Upgrades available at: Gentoo: There is no exploit code required; however, Proof of Concept exploits have been published. | Mantis Multiple Vulnerabilities CVE-2005-3335 | High | Secunia Advisory: SA16818, October 26, 2005 Gentoo Linux Security Advisory, GLSA 200510-24, October 28, 2005 |
ALT Linux | Two buffer overflow vulnerabilities have been reported in Telnet: a buffer overflow vulnerability has been reported in the 'slc_add_reply()' function when a large number of specially crafted LINEMODE Set Local Character (SLC) commands is submitted, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported in the 'env_opt_add()' function, which could let a remote malicious user execute arbitrary code. ALTLinux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> Apple: Debian:
href="http://security.debian.org/pool/updates/main/n/netkit-telnet/"> Fedora: FreeBSD: MIT Kerberos:
href="http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt"> Netkit:
href="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/"> Openwall:
href="http://www.openwall.com/Owl/CHANGES-current.shtml"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-327.html"> Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1"> SUSE: Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/"> OpenBSD: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-01.xml">http://security.gentoo.org/ Debian: Gentoo: SGI: SCO: Sun: Openwall: Avaya: Gentoo: TurboLinux: Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1"> OpenWall:
href="http://www.openwall.com/Owl/CHANGES-current.shtml"> SCO: SGI IRIX: Debian: Conectiva: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Avaya: FedoraLegacy: Slackware: Debian:
href="http://security.debian.org/pool/updates/main/k/krb4/"> NetBSD 2.0.3 is not vulnerable to this issue. Please contact the vendor for more information. Currently we are not aware of any exploits for these vulnerabilities. | Telnet Client 'slc_add_reply()' & 'env_opt_add()'
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0468">CVE-2005-0468 | High | iDEFENSE Security Advisory, Mandrakelinux Security Update Advisory, MDKSA-2005:061, Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01, March 31 & Debian Security Advisory, DSA 703-1, April 1, 2005 Gentoo Linux Security Advisory, GLSA 200504-04, SGI Security Advisory, 20050401-01-U, April 6, 2005 Sun(sm) Alert Notification, 57761, SCO Security Advisory, SCOSA-2005.21, Avaya Security Advisory, ASA-2005-088, April 27, 2005 Gentoo Linux Security Advisory, GLSA 200504-28, April 28, 2005 Turbolinux Security Advisory, TLSA-2005-52, April 28, 2005 Sun(sm) Alert Notification, 57761, April 29, 2005 SCO Security Advisory, SCOSA-2005.23, May 17, 2005 SGI Security Advisory, 20050405-01-P, May 26, 2005 Debian Security Advisory, DSA 731-1, June 2, 2005 Conectiva Security Advisory, CLSA-2005:962, June 6, 2005 Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 Avaya Security Advisory, ASA-2005-132, June 14, 2005 Fedora Legacy Update Advisory, FLSA:152583, July 11, 2005 Slackware Security Advisory, SSA:2005-210-01, August 1, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 Security Focus, Bugtraq ID: 12919, November 1, 2005 |
Concurrent Versions System (CVS) 1.x;Gentoo Linux; SuSE Linux 8.2, 9.0, 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9, 8, Open-Enterprise-Server 9.0, School-Server 1.0, SUSE CORE 9 for x86, UnitedLinux 1.0 | Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to an unspecified boundary error, which could let a remote malicious user potentially execute arbitrary code; a remote Denial of Service vulnerability was reported due to memory leaks and NULL pointer dereferences; an unspecified error was reported due to an arbitrary free (the impact was not specified), and several errors were reported in the contributed Perl scripts, which could let a remote malicious user execute arbitrary code. Update available at: Gentoo: SuSE: Fedora:
href=" http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> FreeBSD: Peachtree:
href="http://peachtree.burdell.org/updates/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-387.html"> OpenBSD:
href="http://www.openbsd.org/errata.html#cvs"> TurboLinux: OpenBSD:
href="http://www.openbsd.org/errata35.html#"> Ubuntu: SGI: OpenBSD: Conectiva: Debian:
href="http://security.debian.org/pool/updates/main/n/netkit-telnet/"> NetBSD: Currently we are not aware of any exploits for these vulnerabilities. | High
| Gentoo Linux Security Advisory, GLSA 200504-16, April 18, 2005 SuSE Security Announcement, SUSE-SA:2005:024, April 18, 2005 Secunia Advisory, SA14976, April 19, 2005 Fedora Update Notification, Mandriva Linux Security Update Advisory, MDKSA-2005:073, April 21, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0013, April 21, 2005 Gentoo Linux Security Advisory [UPDATE], GLSA 200504-16:02, April 22, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:05, April 22, 2005 Peachtree Linux Security Notice, PLSN-0005, April 22, 2005 RedHat Security Advisory, RHSA-2005:387-06, April 25, 2005 Turbolinux Security Advisory, TLSA-2005-51, April 28, 2005 Ubuntu Security Notice, USN-117-1 May 04, 2005 SGI Security Advisory, 20050501-01-U, May 5, 2005 Conectiva Security Advisory, CLSA-2005:966, June 13, 2005 Debian Security Advisory, DSA 773-1, August 11, 2005 NetBSD Security Update, November 1, 2005 | |
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2; | A vulnerability has been reported in Ethereal, IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service. Mandriva: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Ethereal Denial of Service | Low | Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005 Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005 |
RedHat Fedora Core4, Core3; | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the ISAKMP, FC-FCS, RSVP, and ISIS LSP dissectors; a remote Denial of Service vulnerability was reported in the IrDA dissector; a buffer overflow vulnerability was reported in the SLIMP3, AgentX, and SRVLOC dissectors, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the BER dissector; a remote Denial of Service vulnerability was reported in the SigComp UDVM dissector; a remote Denial of service vulnerability was reported due to a null pointer dereference in the SCSI, sFlow, and RTnet dissectors; a vulnerability was reported because a remote malicious user can trigger a divide by zero error in the X11 dissector; a vulnerability was reported because a remote malicious user can cause an invalid pointer to be freed in the WSP dissector; a remote Denial of Service vulnerability was reported if the 'Dissect unknown RPC program numbers' option is enabled (not the default setting); and a remote Denial of Service vulnerability was reported if SMB transaction payload reassembly is enabled (not the default setting). Upgrades available at: Fedora: RedHat: Mandriva: Avaya: Gentoo: An exploit script has been published. | Ethereal Multiple Protocol Dissector Vulnerabilities CVE-2005-3184 | High | Ethereal Security Advisory, enpa-sa-00021, October 19, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:809-6, October 25, 2005 Mandriva Linux Security Advisory, MDKSA-2005:193, October 25, 2005 Avaya Security Advisory, ASA-2005-227, October 28, 2005 Gentoo Linux Security Advisory, GLSA 200510-25, October 30, 2005 Mandriva Linux Security Advisory, MDKSA-2005:193-2, October 31, 2005 |
Ukranian National Antivirus UNA; | A vulnerability has been reported in the scanning engine routine that determines the file type if the MAGIC BYTE of the EXE files is at the beginning, which could lead to a false sense of security and arbitrary code execution.
Trend Micro PC-cillin 2006 is not affected by this issue. Please contact the vendor to obtain fixes. A Proof of Concept exploit has been published. | Multiple Vendors Anti-Virus Magic Byte Detection Evasion CVE-2005-3370 | High | Security Focus, Bugtraq ID: 15189, October 25, 2005 Security Focus, Bugtraq ID: 15189, October 31, 2005 |
University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7; | A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code. University of Kansas Lynx: Gentoo: Ubuntu: RedHat: Fedora: Mandriva: Conectiva: Trustix: SGI: Mandriva: Debian: http://security.debian. Ubuntu: A Proof of Concept Denial of Service exploit script has been published. | Lynx 'HTrjis()' NNTP Remote Buffer Overflow | High | Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005 Ubuntu Security Notice, USN-206-1, October 17, 2005 RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005 Fedora Update Notifications, Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005 Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005 Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005 Ubuntu Security Notice, USN-206-2, October 29, 2005 |
ZENworks Patch Management 6.0.0.52 | A vulnerability has been reported in ZENworks Patch Management that could let local malicious users perform SQL injection. Upgrade to version 6.2.2.181: There is no exploit code required; however, Proof of Concept exploits have been published. | Novell ZENworks Patch Management SQL Injection | Medium | Novell, TID10099318, October 27, 2005 |
OaBoard 1.0 | An SQL injection vulnerability has been reported in 'forum.php' due to insufficient sanitization of the 'channel' and 'topic' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | OaBoard SQL Injection | Medium | Secunia Advisory: SA17373, November 1, 2005 |
PBLang 4.65 | Multiple vulnerabilities have been reported in PBLang that could let remote malicious users conduct Cross-Site Scripting or execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | PBLang Multiple Cross-Site Scripting Vulnerabilities | High | Security Focus, ID: 15223, October 27, 2005 |
PHP Advanced Transfer Manager 1.30 | A vulnerability has been reported in PHP Advanced Transfer Manager that could let remote malicious users obtain unauthorized access. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | PHP Advanced Transfer Manager Unauthorized Access | Medium | Security Focus, ID: 15237, October 29, 2005 |
PHP 5.0.5, 4.4.0 | A vulnerability has been reported in the 'open_basedir' directive due to the way PHP handles it, which could let a remote malicious user obtain sensitive information. Ubuntu: Trustix: Upgrades available at: There is no exploit code required. | PHP 'Open_BaseDir' Information Disclosure | Medium | Security Focus, Bugtraq ID: 14957, September 27, 2005 Ubuntu Security Notice, USN-207-1, October 17, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Security Focus, Bugtraq ID: 14957, October 31, 2005 |
PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_ Upgrades available at: There is no exploit code required. | PHP Multiple Vulnerabilities CVE-2005-3388 | Medium | Secunia Advisory: SA17371, October 31, 2005 |
phpBB 2.0.17 & prior | Multiple vulnerabilities have been reported due to improper deregistration of global variables, which could let a remote malicious user conduct Cross-Site Scripting, execute arbitrary PHP code, or perform SQL injection. Upgrades available at: There is no exploit code required. | phpBB Deregistration Global Variables | Medium | Security Focus, Bugtraq ID: 15243, October 31, 2005 |
PHPCafe Tutorial Manager | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPCafe Tutorial Manager SQL Injection | Medium | Security Focus, Bugtraq ID: 15244, October 31, 2005 |
phpESP 1.7.5, -dev3, -dev2, -dev | A vulnerability has been reported in phpESP that could let remote malicious users conduct Cross-Site Scripting or SQL injection. Upgrade to version 1.8-rc1: There is no exploit code required. | phpESP Cross-Site Scripting & SQL Injection | Medium | Secunia, Advisory: SA17333, October 28, 2005 |
PHP-Nuke Search Enhanced Module 1.1, 2.0 | A vulnerability has been reported in PHP-Nuke Search Enhanced Module that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | PHP-Nuke Cross-Site Scripting | Medium | Secunia, Advisory: SA17296, October 27, 2005 |
CaseBook 6.x | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'login.asp' due to insufficient sanitization of the 'user' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because different error responses are returned depending on whether or not a valid username is supplied, which could let a remote malicious user obtain sensitive information. The vulnerabilities have reportedly been fixed in version 2005. Currently we are not aware of any exploits for these vulnerabilities. | Ringtail CaseBook Cross-Site Scripting & Information Disclosure | Medium | Secunia Advisory: SA17383, November 1, 2005 |
Snitz Forums 2000, 3.4 .05 | A Cross-Site Scripting vulnerability has been reported in 'post.asp' due to insufficient sanitization of the 'type' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Snitz Forum Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15241, October 31, 2005 |
Subdreamer 2.2.1 | Multiple vulnerabilities have been reported in Subdreamer that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Subdreamer SQL Injection | Medium | Security Focus, ID: 15238, October 29, 2005 |
MG2 0.5.1 | A vulnerability has been reported in MG2 that could let remote malicious users bypass authentication. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | MG2 Authentication Bypassing | Medium | Security Focus, ID: 15235, October 29, 2005 |
TikiWiki 1.9.1, 1.8.5 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified user-input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: There is no exploit code required. | TikiWiki Unspecified Cross-Site Scripting | Medium | Security Tracker Alert ID: 1015087, October 20, 2005 Gentoo Linux Security Advisory, GLSA 200510-23, October 28, 2005 |
Burning Board 2.5 | Multiple vulnerabilities have been reported in Woltlab Burning Board Database Module, that could let remote malicious users perform SQL Injection. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Woltlab Burning Board SQL Injection | Medium | Secunia Advisory: SA17347, October 27, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- IPTV Set For Massive Growth Spurt: Survey: According to a study by Analysis International, IPTV will become the next global growth industry. The China IPTV market, in particular, will skyrocket, reaching 16.7 billion RMB in revenue and nearly 17 million users by 2009.
The early stages of market cultivation may pose some threats and risks, the group says. Uncertain regulations, insufficient hardware platforms, an immature value chain and unclear business models are the main concerns right now. Source: http://www.networkingpipeline.com/showArticle.jhtml?articleID=173400478.
Wireless Vulnerabilities
- Nothing significant to report.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| November 2, 2005 | multispoof-0.7.0.tar.gz | N/A | An application that exploits weak, address based authentication that is frequently implemented by ISPs in Ethernet networks. |
| November 2, 2005 | snort_bo_overflow_ win32.pm.txt | Yes | Exploit for the Snort Back Orifice Preprocessor Remote Buffer Overflow vulnerability. |
| November 2, 2005 | up-imapproxy-exp.txt | Yes | Proof of Concept exploit for the Imapproxy Format String vulnerability. |
| November 2, 2005 | vubbXSS.txt | No | Exploit details for the VUBB VUBB Cross-Site Scripting & Path Disclosure vulnerabilities. |
| November 1, 2005 | 0510-exploits.tgz | N/A | New Packet Storm exploits for October, 2005. |
| October 31, 2005 | backoffice_mult_exp.pl | No | Proof of Concept exploit for the Comersus BackOffice Multiple Input Validation And Information Disclosure vulnerabilities. |
| October 31, 2005 | ethereal_slimp3_bof.py.txt | Yes | A Denial of Service exploit for the SLIMP3 protocol dissector vulnerability. |
| October 31, 2005 | VERITAS-Linux.pl.txt VERITAS-Win32.pl.txt VERITAS-OSX.pl.txt | Yes | Exploits for the VERITAS NetBackup Arbitrary Code Execution vulnerability. |
| October 31, 2005 | XH-Hasbani-HTTPD-DoS.c | No | Script that exploits the Hasbani Web Server Denial of Service vulnerability. |
| October 30, 2005 | cirt-39-advisory.pdf | Yes | Exploitation details for the Novell ZENworks Patch Management SQL Injection vulnerability. |
| October 30, 2005 | MS05-047-DoS.c | Yes | Remote Denial of Service exploit for the Microsoft Windows Plug and Play Arbitrary Code Execution vulnerability. |
| October 30, 2005 | PBLang465.txt | No | Exploitation details for the PBLang Multiple Cross-Site Scripting Vulnerabilities. |
| October 30, 2005 | vCard29.txt | No | Exploitation details for the Belchior Foundry VCard Remote File Include vulnerability. |
| October 29, 2005 | subdreamer_sql.pl | No | Proof of Concept exploit for the Subdreamer Multiple Remote SQL Injection vulnerabilities. |
| October 27, 2005 | advisory-103.txt | No | Proof of Concept exploit for the Techno Dreams Multiple Product SQL Injection vulnerability. |
| October 27, 2005 | flysprayXSS.txt | No | Exploitation details for the Flyspray Multiple Cross-Site Scripting vulnerability. |
| October 27, 2005 | msn-cap.c | N/A | A simple libpcap based MSN protocol sniffer. |
| October 27, 2005 | mybbpr2.pl.txt | No | Proof of Concept exploit script for the MyBulletinBoard SQL Injection vulnerability. |
| October 27, 2005 | nklan.pl | No | Exploit for the Nuked Klan Multiple Cross-Site Scripting & SQL Injection vulnerability. |
| October 27, 2005 | php.4.4.1.txt | Yes | Exploit for the php 4.4.1 .htaccess apache DOS vulnerability. |
| October 27, 2005 | php-iCalendar.txt | No | Exploitation details for the PHP ICalendar Remote File Include vulnerability. |
| October 27, 2005 | phpnuke78sql.txt | No | Proof of Concept exploit for the PHPNuke Multiple Modules SQL Injection Vulnerabilities. |
| October 27, 2005 | saphpLesson.txt | No | Exploit details for the SaphpLesson SQL Injection vulnerability. |
| October 26, 2005 | mwchat.txt | No | Exploit for the MWChat SQL Injection vulnerability. |
| October 26, 2005 | phpBB-IE-gif.txt | Yes | Exploit for the phpBB Cross-Site Scripting vulnerability. |
| October 26, 2005 | UMPNPMGR.c | Yes | Proof of Concept exploit for the Microsoft Windows Plug and Play Arbitrary Code Execution vulnerability. |
[back to
top]
name=trends>Trends
- US-CERT is aware of publicly available Proof of Concept code for an Oracle worm. Currently, US-CERT cannot confirm if this code works but they are working with Oracle to determine the threat posed by this code.
- US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in the Snort Back Orifice preprocessor. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with root or SYSTEM privileges.
- Your Next IM Could Be Your Network's Last: According to data that was collected by IMlogic, the number of instant messaging oriented attacks rose by 30 percent over September when compared to last year. October 2005 counted 1300 percent more threats than the same month in 2004. This will eventually lead to an automated worm that will strike hundreds of thousands of machines in seconds.
Source: http://www.techweb.com/wire/security/173401244 - Barrage of Viruses Hits in October: Sophos reports 1,685 new viruses and variants came out in October. Central Command also reports big numbers for October. There were a record number of viruses that hit the Internet in October but, but none of them were wide-spread and dangerous. Source: http://www.esecurityplanet.com/trends/article.php/3560696.
- Rootkit-Armed Worm Attacking AIM:
According to FaceTime, a worm spreading through America Online's Instant Messenger (AIM) network carries a dangerous rootkit, code designed to hide a hacker's work from anti-virus scanners. Sdbot.add includes the "lockx.exe" rootkit. Source: http://www.informationweek.com/story/showArticle.jhtml?articleID=172901455. - Anti-Spyware Group Publishes Guidelines: The Anti-Spyware Coalition has released guidelines to help consumers assess products designed to combat unwanted programs that sneak onto computers. Source: http://www.washingtonpost.com/wp-dyn/content/article/2005/10/27/AR2005102700819.html.
- Spammers exploit bird flu fears: Sophos has reported a large increase in emails that offer online purchases of Tamiflu, the only know medicine that deals with the human version of the avian flu. Source: http://www.itweek.co.uk/vnunet/news/2144878/spammers-bird-flu.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
2 | Mytob-BE | Win32 Worm | Increase | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data. |
3 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
4 | Mytob-GH | Win32 Worm | New | November 2005 | A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. |
5 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
6 | Netsky-Z | Win32 Worm | Increase | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
7 | Lovgate.w | Win32 Worm | Decrease | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
8 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
9 | Zafi-B | Win32 Worm | Decrease | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
10 | Mytob.C | Win32 Worm | Decrease | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
Table updated November 1, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.