*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
August 7, 2008 Vol. 7. Week 32
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Third Party Windows Apps 8 (#2)
Mac Os 5 (#1)
Linux 3
HP-UX 1
Solaris 3
Aix 1
Novell 1
OpenVMS 1 (#4)
Cross Platform 27 (#3)
Web Application - Cross Site Scripting 15
Web Application - SQL Injection 26
Web Application 29
Network Device 3
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Multiple Apple Mac OS X Vulnerabilities (Security Update 2008-005)
(2) CRITICAL: CA ARCserve Backup Buffer Overflow
(3) CRITICAL: Blue Coat K9 Web Protection Multiple Vulnerabilities
(4) MODERATE: HP OpenVMS Finger Server Buffer Overflow
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Third Party Windows Apps
08.32.1 - BlazeVideo HDTV Player PLF File Stack Buffer Overflow
08.32.2 - Citrix Presentation Server "icabar.exe" Local Privilege Escalation
08.32.3 - Multiple Kaspersky Products "kl1.sys" Local Stack-Based Buffer Overflow
08.32.4 - MailEnable 3.52 IMAP Remote Denial of Service
08.32.5 - RealVNC 4.1.2 "vncviewer.exe" Remote Denial of Service
08.32.6 - Sun xVM VirtualBox "VBoxDrv.sys" Local Privilege Escalation
08.32.7 - Winamp "NowPlaying" Unspecified Security Vulnerability
08.32.8 - Aurigma Image Uploader Multiple ActiveX Controls Multiple Unspecified Security Vulnerabilities
-- Mac Os
08.32.9 - Apple Mac OS X CarbonCore Stack-Based Buffer Overflow
08.32.10 - Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
08.32.11 - Apple Mac OS X CoreGraphics Heap-Based Buffer Overflow
08.32.12 - Apple Mac OS X Data Detectors Engine Denial Of Service
08.32.13 - Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities
-- Linux
08.32.14 - "nfs-utils" Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass
08.32.15 - Linux Kernel "uvc_driver.c " Format Descriptor Parsing Buffer Overflow
08.32.16 - Linux Kernel "snd_seq_oss_synth_make_info()" Information Disclosure
-- HP-UX
08.32.17 - HP-UX System Administration Manager NFS Configuration Security Bypass
-- Solaris
08.32.18 - Sun Solaris Platform Information and Control Library picld(1M) Local Denial of Service
08.32.19 - Sun Solaris "namefs" Kernel Local Privilege Escalation
08.32.20 - Sun Solaris "snoop(1M)" Utility Remote Command Execution
-- Aix
08.32.21 - IBM AIX "scsidiskdd" Uninitialized "DRVR_PVT" Structure Local Denial Of Service
-- Novell
08.32.22 - Novell iManager Property Book Page Deletion Security Bypass
-- Cross Platform
08.32.23 - Condor Wild Card Authorization Policy Security Bypass
08.32.24 - IBM WebSphere Application Server SOAP Security Header Unspecified
08.32.25 - VMware vmware-authd Daemon Local Privilege Escalation
08.32.26 - Sun Java ASP Server File Creation Remote Code Execution
08.32.27 - Sun Java ASP Server Remote Arbitrary Shell Command Injection Vulnerabilities
08.32.28 - Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass
08.32.29 - Acronis True Image Echo Server Information Disclosure Weakness
08.32.30 - Blue Coat K9 Web Protection "Referer" Header Stack-Based Buffer Overflow
08.32.31 - Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow
08.32.32 - libxslt RC4 Encryption and Decryption Functions Buffer Overflow
08.32.33 - Hitachi JP1/Cm2/Network Node Manager Unspecified Denial of Service
08.32.34 - Computer Associates ARCserve Backup for Laptops and Desktops Remote Buffer Overflow
08.32.35 - OpenSC CardOS M4 Smart Cards Insecure Permissions
08.32.36 - SAP MaxDB "dbmsrv" Process "PATH" Environment Variable Local Privilege Escalation
08.32.37 - Hitachi JP1/HIBUN Advanced Edition Multiple Unspecified Local Information Disclosure Vulnerabilities
08.32.38 - Hitachi JP1/Cm2/Network Node Manager Multiple Unspecified Remote Vulnerabilities
08.32.39 - Hitachi XMAP3 Printing Service Unspecified Denial of Service
08.32.40 - Mozilla Firefox Unspecified Denial of Service
08.32.41 - Python Multiple Buffer Overflow Vulnerabilities
08.32.42 - Apache Tomcat "RequestDispatcher" Information Disclosure
08.32.43 - IBM WebSphere Portal Server Remote Administration Authentication Bypass
08.32.44 - IrfanView ".IFF" File Handling Remote Buffer Overflow
08.32.45 - Ingres Database Multiple Local Vulnerabilities
08.32.46 - OpenVPN Client "lladdr" and "iproute" Configuration Directive Remote Code Execution
08.32.47 - JBoss Enterprise Application Platform Information Disclosure
08.32.48 - Git Pathname Multiple Buffer Overflow Vulnerabilities
08.32.49 - Sun Netra T5220 Server Local Denial of Service
-- Web Application - Cross Site Scripting
08.32.50 - MJGUEST "guestbook.js.php" Cross-Site Scripting
08.32.51 - Panasonic Network Cameras Error Page Multiple Cross-Site Scripting Vulnerabilities
08.32.52 - Concrete5 Contact Form Cross-Site Scripting
08.32.53 - Mono Multiple Cross-Site Scripting Vulnerabilities
08.32.54 - common solutions csphonebook "index.php" Cross-Site Scripting
08.32.55 - Apache Tomcat "HttpServletResponse.sendError()" Cross-Site Scripting
08.32.56 - freeForum "acuparam" Parameter Cross-Site Scripting
08.32.57 - Pligg "category" Parameter Cross-Site Scripting
08.32.58 - Homes 4 Sale "results.php" Cross-Site Scripting
08.32.59 - MRBS "area" Parameter Multiple Cross-Site Scripting Vulnerabilities
08.32.60 - XAMPP Linux Multiple Cross-Site Scripting Vulnerabilities
08.32.61 - Pluck 4.5.2 Multiple Cross-Site Scripting Vulnerabilities
08.32.62 - Crafty Syntax Live Help "livehelp_js.php" Cross-Site Scripting
08.32.63 - Softbiz Photo Gallery Multiple Cross-Site Scripting Vulnerabilities
08.32.64 - Apache "mod_proxy_ftp" Wildcard Characters Cross-Site Scripting
-- Web Application - SQL Injection
08.32.65 - Zee Reviews Opinions Rating Posting Engine PHP Script "comments.php" SQL Injection
08.32.66 - Joomla! and Mambo JoomRadio Component "id" Parameter SQL Injection
08.32.67 - ResearchGuide "guide.php" SQL Injection
08.32.68 - Demo4 CMS "index.php" SQL Injection
08.32.69 - Article Friendly Pro "authordetail.php" SQL Injection
08.32.70 - Article Friendly Standard "categorydetail.php" SQL Injection
08.32.71 - PozScripts Classified Ads "browsecats.php" SQL Injection
08.32.72 - PozScripts TubeGuru Video Sharing Script "ugroups.php" SQL Injection
08.32.73 - eNdonesia Calendar Module SQL Injection
08.32.74 - Symphony "class.admin.php" SQL Injection
08.32.75 - PHPX "PXL" Cookie Parameter SQL Injection
08.32.76 - phpMyRealty "location" Parameter SQL Injection
08.32.77 - PHPAuction GPL Enhanced "profile.php" SQL Injection
08.32.78 - eStoreAff "index.php" SQL Injection
08.32.79 - E-topbiz Online Dating "mail.php" SQL Injection
08.32.80 - iPost "go.php" SQL Injection
08.32.81 - iTGP "go.php" SQL Injection
08.32.82 - GreenCart PHP Shopping Cart "id" Parameter Multiple SQL Injection Vulnerabilities
08.32.83 - PHP-Nuke Book Catalog Module "catid" Parameter SQL Injection
08.32.84 - MagicScripts Multiple E-Store Scripts "viewdetails.php" SQL Injection
08.32.85 - Joomla! and Mambo EZ Store Component SQL Injection
08.32.86 - Keld PHP-MySQL News Script "login.php" SQL Injection
08.32.87 - Pcshey Portal "kategori.asp" SQL Injection
08.32.88 - E.Z.Poll "admin/login.asp" Multiple SQL Injection Vulnerabilities
08.32.89 - Plogger Multiple SQL Injection Vulnerabilities
08.32.90 - PowerGap Shopsystem "s03.php" SQL Injection
-- Web Application
08.32.91 - HIOX Random Ad "hioxRandomAd.php" Remote File Include Vulnerability
08.32.92 - HIOX Browser Statistics "hm" Parameter Multiple Remote File Include Vulnerabilities
08.32.93 - nzFotolog "action_file" Parameter Local File Include Vulnerability
08.32.94 - PHP Hosting Directory Cookie Authentication Bypass
08.32.95 - Hedgehog-CMS "header.php" Local File Include Vulnerability
08.32.96 - HomePH Design Multiple Administrator Scripts Multiple Input Validation Vulnerabilities
08.32.97 - DEV Web Management System Multiple Input Validation Vulnerabilities
08.32.98 - Slashcode Slash "Environment.pm" Multiple Input Validation Vulnerabilities
08.32.99 - Multiple HIOX Products "admin/passwo.php" Authentication Bypass
08.32.100 - Pligg Multiple Remote Vulnerabilities
08.32.101 - ImpressCMS Unspecified Remote Vulnerabilities
08.32.102 - phpFreeChat "nickid" Parameter Session Hijacking
08.32.103 - H0tturk Panel "gizli.php" Remote File Include Vulnerability
08.32.104 - Coppermine Photo Gallery "lang" Cookie Parameter Local File Include Vulnerability
08.32.105 - LetterIt "wysiwyg.php" Local File Include Vulnerability
08.32.106 - e-Vision CMS 2.0 Multiple Remote Vulnerabilities
08.32.107 - Max File Upload File Extension Arbitrary File Upload
08.32.108 - Pligg "CAPTCHA" Registration Automation Security Bypass Weakness
08.32.109 - K-Link SQL Injection and Cross-Site Scripting Vulnerabilities
08.32.110 - IntelliTamper HTML Parser "IMG" Tag Buffer Overflow
08.32.111 - HydraIRC Remote Denial of Service
08.32.112 - moziloCMS "download.php" File Disclosure Vulnerability
08.32.113 - TGS Content Management Arbitrary Script Injection
08.32.114 - Syzygy CMS "index.php" Local File Include
08.32.115 - UNAK-CMS "connector.php" Local File Include Vulnerability
08.32.116 - Dayfox Blog "index.php" Multiple Local File Include Vulnerabilities
08.32.117 - IGES CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.32.118 - Pidgin NSS plugin SSL Certificate Validation Security Bypass
08.32.119 - LiteNews Administrator Cookie Authentication Bypass
- - -- Network Device 08.32.120 - Cisco PIX and Cisco ASA Multiple Denial
of Service and Unauthorized Access Vulnerabilities 08.32.121 - Xerox
Phaser 8400 Empty UDP Packet Remote Denial of Service 08.32.122 - 8E6
Technologies R3000 Host Header Internet Filter Security Bypass
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Multiple Apple Mac OS X Vulnerabilities (Security Update 2008-005)
Affected:
Apple Mac OS X versions 10.5 and prior
Description: Apple Mac OS X contains multiple vulnerabilities addressed
in this security update. The previously-discussed DNS flaw has been
patched, as well as multiple vulnerabilities in the handling of PDF,
Microsoft Office, graphics, and message files. Additionally, some
remotely-exploitable flaws in third-party included software have been
addressed. Various other flaws have been addressed, as well as various
denial-of-service and local privilege escalation vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Apple Security Bulletin
http://support.apple.com/kb/HT2647
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730
n.runs Security Advisory
Previous @RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=7&i=28#widely3
SecurityFocus BID
http://www.securityfocus.com/bid/30483
****************************************************
(2) CRITICAL: CA ARCserve Backup Buffer Overflow
Affected:
CA ARCserve Backup for Laptops and Desktops versions 11.5 and prior
CA ARCserve Desktop Management Suite versions 11.2 and prior
CA ARCserve Protection Suites versions 3.1 and prior
Description: CA ARCserve Backup is a popular enterprise backup solution.
Part of its functionality is provided by a process, called "LGServer".
This process contains a buffer overflow in its handling of user input.
A specially crafted request to this service could trigger this buffer
overflow. Successfully exploiting this buffer overflow would allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process (often SYSTEM). Some technical details are publicly available
for this vulnerability.
Status: Vendor confirmed, updates available.
References:
CA Security Advisory
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721
Vendor Home Page
SecurityFocus BID
http://www.securityfocus.com/bid/30472
****************************************************
(3) CRITICAL: Blue Coat K9 Web Protection Multiple Vulnerabilities
Affected:
Blue Cot K9 Web Protections versions 3.2.44 and prior
Description: Blue Coat K9 Web Protector is a popular web proxying and
filtering solution. It contains multiple buffer overflows in its
handling of HTTP headers. A malicious web site that sends specially
crafted HTTP headers could trigger one of these vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of
the vulnerable process. Some technical details are publicly available
for these vulnerabilities.
Status: Vendor confirmed. A beta version of the software has been
released that has fixed these vulnerabilities. A full update will be
released in September of 2008.
References:
Blue Coat Security Advisory
http://www.bluecoat.com/support/security-advisories/k9_buffer_overflow
Secunia Security Advisory
http://secunia.com/advisories/25813/
SecurityFocus BIDs
http://www.securityfocus.com/bid/30464
http://www.securityfocus.com/bid/30463
****************************************************
(4) MODERATE: HP OpenVMS Finger Server Buffer Overflow
Affected:
HP OpenVMS MultiNet Finger Server, unknown versions
Description: OpenVMS is HP's minicomputer operating system for VAX,
Alpha, and Itanium architectures, and it widely deployed in industrial
control, accounting, and timesharing systems. Its MultiNet networking
package contains a server for the finger service. This service allows
users to query the status of other users on remote systems. This server
contains a buffer overflow vulnerability in its handling of usernames.
An overlong username would trigger this buffer overflow, allowing an
attacker to execute arbitrary code with the privileges of the vulnerable
process. A simple proof-of-concept is publicly available for this
vulnerability. As a note of historical interest, a flaw in the Unix
implementation of the finger protocol was one of the vectors used by the
infamous Morris worm, often considered the first true worm.
Status: Vendor has not confirmed, no updates available. Users are
advised to disable the finger service if it is unnecessary.
References:
Posting by Shaun Colley
http://www.securityfocus.com/archive/1/495207
Wikipedia Article on the Finger Protocol
http://en.wikipedia.org/wiki/Finger_protocol
Wikipedia Article on the Morris Worm
http://en.wikipedia.org/wiki/Morris_worm
MultiNet Home Page
http://www.process.com/tcpip/multinet.html
SecurityFocus BID
http://www.securityfocus.com/bid/30589
*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 32, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.32.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: BlazeVideo HDTV Player PLF File Stack-Based Buffer Overflow
Description: BlazeVideo HDTV Player is a high definition television
player for Microsoft Windows. The application is exposed to a
stack-based buffer overflow issue because the application fails to
properly handle malformed playlist files. BlazeVideo HDTV Player
version 3.5 is affected.
Ref: http://www.securityfocus.com/bid/30442
______________________________________________________________________
08.32.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Citrix Presentation Server "icabar.exe" Local Privilege
Escalation
Description: Citrix Presentation Server (formerly Citrix MetaFrame
Server) is an application server built on the Independent Computing
Architecture (ICA). The server is exposed to a privilege escalation
issue. The issue can be leveraged by attackers who can write to a
specified directory or subdirectory that is scanned before the
directory where the file is located. Citrix MetaFrame Presentation
Server versions 3.0 and earlier and Citrix MetaFrame XP versions 1.0
and earlier are affected.
Ref: http://seclists.org/fulldisclosure/2008/Jul/0561.html
______________________________________________________________________
08.32.3 CVE: CVE-2008-1518
Platform: Third Party Windows Apps
Title: Multiple Kaspersky Products "kl1.sys" Local Stack-Based Buffer
Overflow
Description: Kaspersky Anti-Virus and Internet Security are security
applications for Microsoft Windows. Multiple Kaspersky products are
exposed to a local stack-based buffer overflow issue because they fail
to perform adequate boundary checks on user-supplied data.
Ref: http://www.securityfocus.com/archive/1/493090
______________________________________________________________________
08.32.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: MailEnable 3.52 IMAP Remote Denial of Service
Description: MailEnable is a commercially available mail server for
the Microsoft Windows platform. The application is exposed to a denial
of service issue that occurs when handling multiple IMAP connections
to the same folder. MailEnable version 3.62 Professional Edition and
Enterprise Edition are affected.
Ref: http://www.mailenable.com/hotfix/
______________________________________________________________________
08.32.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: RealVNC 4.1.2 "vncviewer.exe" Remote Denial of Service
Description: RealVNC (Virtual Network Computing) allows users to
access remote computers for administration purposes. The application
is exposed to a remote denial of service issue because it fails to
perform adequate boundary checks on user-supplied data. RealVNC
version 4.1.2 is affected.
Ref: http://www.securityfocus.com/bid/30499
______________________________________________________________________
08.32.6 CVE: CVE-2008-3431
Platform: Third Party Windows Apps
Title: Sun xVM VirtualBox "VBoxDrv.sys" Local Privilege Escalation
Description: Sun xVM VirtualBox is an open source virtualization
application. The application is exposed to a local privilege
escalation issue in the "VBoxDrv.sys" driver. The problem occurs
because the driver allows unauthorized users to load the ".VBOxDrv"
device and issue IOCTLs with buffer mode "METHOD_NEITHER" without
performing sufficient validation on the user-supplied data. Sun xVM
VirtualBox versions 1.6.0 and 1.6.2 running on Microsoft Windows are
affected.
Ref: http://www.securityfocus.com/archive/1/495095
______________________________________________________________________
08.32.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Winamp "NowPlaying" Unspecified Security Vulnerability
Description: Winamp is a media player from Nullsoft. The application
is exposed to an unspecified vulnerability that affects the
"NowPlaying" functionality. Winamp versions prior to 5.541 are
affected.
Ref: http://forums.winamp.com/showthread.php?threadid=295505
______________________________________________________________________
08.32.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Aurigma Image Uploader Multiple ActiveX Controls Multiple
Unspecified Security Vulnerabilities
Description: Aurigma Image Uploader ActiveX Control lets users manage
and upload images to a server. Multiple Aurigma Image Uploader ActiveX
controls are exposed to multiple unspecified issues.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434
______________________________________________________________________
08.32.9 CVE: CVE-2008-2320
Platform: Mac Os
Title: Apple Mac OS X CarbonCore Stack-Based Buffer Overflow
Description: Apple Mac OS X is exposed to a buffer overflow issue that
affects the CarbonCore component. A stack-based buffer overflow issue
occurs in the CarbonCore component when handling overly long file
names.
Ref: http://www.securityfocus.com/archive/1/495040
______________________________________________________________________
08.32.10 CVE: CVE-2008-2321
Platform: Mac Os
Title: Apple Mac OS X CoreGraphics Multiple Memory Corruption
Vulnerabilities
Description: Apple Mac OS X is exposed to multiple memory corruption
issues. Multiple memory corruption issues occur in the CoreGraphics
component when parsing untrusted arguments from applications such as a
web browser.
Ref: http://www.securityfocus.com/bid/30490
______________________________________________________________________
08.32.11 CVE: CVE-2008-2322
Platform: Mac Os
Title: Apple Mac OS X CoreGraphics Heap-Based Buffer Overflow
Description: Apple Mac OS X is exposed to a buffer overflow issue. An
integer overflow issue occurs in the CoreGraphics component.
Specifically, the issue can be triggered when the application parses a
maliciously crafted PDF file with Type 1 fonts.
Ref: http://www.securityfocus.com/bid/30488
______________________________________________________________________
08.32.12 CVE: CVE-2008-2323
Platform: Mac Os
Title: Apple Mac OS X Data Detectors Engine Denial Of Service
Description: Apple Mac OS X is exposed to a denial of service issue
that affects the Data Detectors Engine. Data Detectors are used to
extract reference information from text or archives. The issue is
caused by resource exhaustion when handling maliciously crafted
textual content.
Ref: http://www.securityfocus.com/bid/30490
______________________________________________________________________
08.32.13 CVE: CVE-2008-2325
Platform: Mac Os
Title: Apple Mac OS X QuickLook Multiple Memory Corruption
Vulnerabilities
Description: Apple Mac OS X is exposed to multiple memory corruption
issues that arise because the application fails to perform boundary
checks before copying user-supplied data into process buffers.
Ref: http://www.securityfocus.com/bid/30493
______________________________________________________________________
08.32.14 CVE: CVE-2008-1376
Platform: Linux
Title: "nfs-utils" Package for Red Hat Enterprise Linux 5 TCP Wrappers
Security Bypass
Description: The "nfs-utils" package provides a daemon for the kernel
NFS server and related tools. The application is exposed to a security
bypass issue because it was not properly built with TCP Wrappers
support. This issue can cause a false sense of security because an
administrator may believe access restrictions are in place, when they
are not actually enabled. "nfs-utils" package built with Red Hat
Enterprise Linux 5 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=440114
______________________________________________________________________
08.32.15 CVE: Not Available
Platform: Linux
Title: Linux Kernel "uvc_driver.c" Format Descriptor Parsing Buffer
Overflow
Description: The Linux kernel is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. This issue affects the "uvc_parse_format()" function of the
"drivers/media/video/uvc/uvc_driver.c" source file. Linux kernel
versions prior to 2.6.26.1 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1
______________________________________________________________________
08.32.16 CVE: CVE-2008-3272
Platform: Linux
Title: Linux Kernel "snd_seq_oss_synth_make_info()" Information
Disclosure
Description: The Linux kernel is exposed to an information disclosure
issue because the "snd_seq_oss_synth_make_info()" function reports
information back to user space without sufficiently checking the
validity of the device number. Linux kernel versions prior to
2.6.27-rc2 are affected.
Ref:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2
______________________________________________________________________
08.32.17 CVE: CVE-2008-1662
Platform: HP-UX
Title: HP-UX System Administration Manager NFS Configuration Security
Bypass
Description: HP-UX is a Unix-based operating system. HP-UX is exposed
to a security bypass issue because the System Administration Manager
(SAM) application can provide an unintended configuration for NFS.
HP-UX versions B.11.11 and B.11.23 are affected.
Ref: http://www.securityfocus.com/archive/1/494973
______________________________________________________________________
08.32.18 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Platform Information and Control Library picld(1M)
Local Denial of Service
Description: Sun Solaris is an enterprise grade UNIX distribution. The
Sun Solaris Platform Information and Control Library daemon
"picld(1M)" is exposed a local denial of service issue. Solaris 8, 9,
10 and OpenSolaris for SPARC and x86 platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239728-1
______________________________________________________________________
08.32.19 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "namefs" Kernel Local Privilege Escalation
Description: Sun Solaris is a UNIX-based operating system. The
application is exposed to a local privilege escalation issue that
occurs in the "namefs" kernel module.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237986-1
______________________________________________________________________
08.32.20 CVE: CVE-2008-0964, CVE-2008-0965
Platform: Solaris
Title: Sun Solaris "snoop(1M)" Utility Remote Command Execution
Description: "snoop(1M)" is a network utility for capturing and
analyzing network traffic. Solaris "snoop(1M)" is exposed to a command
execution issue when displaying SMB packets. An attacker can exploit
this issue by supplying a malicious capture file or by supplying
malicious data through a network where an instance of "snoop(1M)" is
being used to monitor traffic.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240101-1
______________________________________________________________________
08.32.21 CVE: Not Available
Platform: Aix
Title: IBM AIX "scsidiskdd" Uninitialized "DRVR_PVT" Structure Local
Denial Of Service
Description: AIX is a UNIX operating system from IBM. IBM AIX is
exposed to a denial of service issue that occurs in the SCSI disk
device ("scsidiskdd"). This issue occurs when handling an
uninitialized "DRVR_PVT" structure. IBM AIX versions 5.2 and 5.3 are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ19199
______________________________________________________________________
08.32.22 CVE: Not Available
Platform: Novell
Title: Novell iManager Property Book Page Deletion Security Bypass
Description: Novell iManager is a web-based management portal for
various Novell products. Property books are lists of role-dependent
attributes that an administrator can manage with the iManager
application. The application is exposed to a security bypass issue
because if fails to properly verify access to property book pages.
Arbitrary users can delete property book pages created with Plug-in
Studio. iManager versions prior to 2.7 Support Pack 1 are affected.
Ref:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5031820.html
______________________________________________________________________
08.32.23 CVE: Not Available
Platform: Cross Platform
Title: Condor Wild Card Authorization Policy Security Bypass
Description: Condor is a workload management system for Unix and
Windows operating platforms. Condor is exposed to a security bypass
issue because if fails to properly process wildcard characters (*)
specified in authorization policies. Condor versions prior to 7.0.4
are affected.
Ref:
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4
______________________________________________________________________
08.32.24 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server SOAP Security Header
Unspecified
Description: IBM WebSphere Application Server is a utility designed to
facilitate the creation of various enterprise web applications. The
application is exposed to an unspecified issue that affects the SOAP
security header in Web Services applications. WebSphere Application
Server versions prior to 6.1.0.17 are affected.
Ref:
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#61017
______________________________________________________________________
08.32.25 CVE: CVE-2008-0967
Platform: Cross Platform
Title: VMware vmware-authd Daemon Local Privilege Escalation
Description: VMware is a set of server emulation applications that are
available for several platforms. The "vmware-authd" application is
prone to a privilege escalation issue because it uses an insecure
library path. VMware on the Linux platform, VMware ESX, and VMware
ESXi are affected.
Ref: http://www.securityfocus.com/archive/1/493147
______________________________________________________________________
08.32.26 CVE: CVE-2008-2401
Platform: Cross Platform
Title: Sun Java ASP Server File Creation Remote Code Execution
Description: Sun Java ASP Server provides Active Server Pages
functionality for web servers. The server is available for multiple
operating platforms. The application is exposed to a remote code
execution issue because of a file creation issue in the affected
application. Sun Java ASP Server versions prior to 4.0.3 are affected.
Ref: http://www.securityfocus.com/archive/1/493064
______________________________________________________________________
08.32.27 CVE: CVE-2008-2405
Platform: Cross Platform
Title: Sun Java ASP Server Remote Arbitrary Shell Command Injection
Vulnerabilities
Description: Sun Java ASP Server is an application server for hosting
ASP-based applications with servers other than their native Microsoft
IIS. The application is exposed to multiple remote command injection
issues because it fails to adequately sanitize user-supplied input
data. Sun Java ASP Server versions prior to 4.0.3 are affected.
Ref: http://www.securityfocus.com/archive/1/493067
______________________________________________________________________
08.32.28 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote
Authentication Bypass
Description: Sun's N1 Service Provisioning System is a utility for
server administration. Sun Java System Web Server 7.0 plugin is a
plugin for N1SPS which enables administration of the Java System Web
Server 7.0. The application is exposed to a remote authentication
bypass issue. Sun N1 Service Provisioning System versions 5.2 and 6.0
with the Java System Web Server 7.0 plugin installed are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239566-1
______________________________________________________________________
08.32.29 CVE: Not Available
Platform: Cross Platform
Title: Acronis True Image Echo Server Information Disclosure Weakness
Description: Acronis True Image Echo Server is a disk imaging and
disaster recovery application. The application is exposed to an
information disclosure weakness. This issue is caused by a failure to
properly encrypt data when the information is being backed up to an
FTP server. Acronis True Image Echo Server version 9.5 build 8072 is
affected.
Ref: http://www.acronis.com/enterprise/products/ATISWin/
______________________________________________________________________
08.32.30 CVE: CVE-2007-2952
Platform: Cross Platform
Title: Blue Coat K9 Web Protection "Referer" Header Stack-Based Buffer
Overflow
Description: Blue Coat K9 Web Protection is an Internet filtering
application used to restrict children from accessing certain web
sites. K9 web Protection is exposed to a stack-based buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. Blue Coat K9 Web Protection version 3.2.44 with
Filter version 3.2.3 is affected.
Ref: http://www.securityfocus.com/archive/1/494975
______________________________________________________________________
08.32.31 CVE: CVE-2007-2952
Platform: Cross Platform
Title: Blue Coat K9 Web Protection Centralized Server HTTP Responses
Buffer Overflow
Description: Blue Coat K9 Web Protection is an Internet filtering
application used to restrict children from accessing certain web
sites. Blue Coat K9 Web Protection is exposed to a stack-based buffer
overflow issue because it fails to perform adequate boundary checks
when receiving data from the centralized server "sp.cwfservice.net".
Blue Coat K9 Web Protection version 3.2.44 with Filter version 3.2.3
is affected.
Ref: http://www.securityfocus.com/archive/1/494984
______________________________________________________________________
08.32.32 CVE: CVE-2008-2935
Platform: Cross Platform
Title: libxslt RC4 Encryption and Decryption Functions Buffer Overflow
Description: The "libxslt" library is for converting XML files to
other textual formats. The library is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. The issue occurs when the library processes XSL
style sheet files containing overly long input strings. libxslt
versions 1.1.8 to 1.1.24 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0649.html
______________________________________________________________________
08.32.33 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/Cm2/Network Node Manager Unspecified Denial of
Service
Description: Hitachi JP1/Cm2/Network Node Manager is exposed to an
unspecified denial of service issue. Successful exploits will deny
service to legitimate users.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-006/index.html
______________________________________________________________________
08.32.34 CVE: CVE-2008-3175
Platform: Cross Platform
Title: Computer Associates ARCserve Backup for Laptops and Desktops
Remote Buffer Overflow
Description: Computer Associates ARCserve Backup for Laptops and
Desktops is an application for backing up data. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/archive/1/495020
______________________________________________________________________
08.32.35 CVE: CVE-2008-2235
Platform: Cross Platform
Title: OpenSC CardOS M4 Smart Cards Insecure Permissions
Description: OpenSC is a smart card management. OpenSC insecurely
initializes Seimens CardOS M4 based smart cards and USB crypto tokens.
The application assigns "00" (all access allowed) access rights to the
"ADMIN" file control information contained in the "5015" directory of
the smart cards. OpenSC versions prior to 0.11.5 are affected.
Ref: http://www.securityfocus.com/bid/30473
______________________________________________________________________
08.32.36 CVE: CVE-2008-1810
Platform: Cross Platform
Title: SAP MaxDB "dbmsrv" Process "PATH" Environment Variable Local
Privilege Escalation
Description: SAP MaxDB is a database application. It is available for
multiple platforms. The application is exposed to a local privilege
escalation issue that occurs in the "dbmsrv" process. SAP MaxDB
version 7.6.03.15 on Linux is affected.
Ref: http://www.securityfocus.com/archive/1/494990
______________________________________________________________________
08.32.37 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/HIBUN Advanced Edition Multiple Unspecified Local
Information Disclosure Vulnerabilities
Description: JP1/HIBUN Advanced Edition is a modular security
application for securing data transfer, encrypting data, and providing
access control. The application is exposed to multiple information
disclosure issues that affect encryption, decryption, and data
reproduction functions.
Ref: http://jvndb.jvn.jp/contents/en/2008/JVNDB-2008-001150.html
______________________________________________________________________
08.32.38 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/Cm2/Network Node Manager Multiple Unspecified
Remote Vulnerabilities
Description: Hitachi JP1/Cm2/Network Node Manager is exposed to
multiple unspecified remote issues. These issues affect the Web
coordinated function.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-008/index.html#id
______________________________________________________________________
08.32.39 CVE: Not Available
Platform: Cross Platform
Title: Hitachi XMAP3 Printing Service Unspecified Denial of Service
Description: Hitachi XMAP3 is exposed to a denial of service issue
when the printing service receives unexpected data.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-011/index.html
______________________________________________________________________
08.32.40 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox Unspecified Denial of Service
Description: Mozilla Firefox is a browser available for multiple
platforms. The browser is exposed to a remote unspecified denial of
service issue which is caused by a NULL-pointer dereference when the
browser opens a maliciously crafted HTML web page. Firefox versions
3.0 and 3.0.1 are affected.
Ref: http://www.radware.com/newsevents/pressrelease.aspx?id=6459
______________________________________________________________________
08.32.41 CVE: CVE-2008-2315, CVE-2008-2316, CVE-2008-3142,
CVE-2008-3143, CVE-2008-3144
Platform: Cross Platform
Title: Python Multiple Buffer Overflow Vulnerabilities
Description: Python is an interpreted dynamic object oriented
programming language that is available for many operating systems. The
application is exposed to multiple issues. Python versions prior to
2.5.2-r6 are affected.
Ref: http://www.securityfocus.com/bid/30491
______________________________________________________________________
08.32.42 CVE: CVE-2008-2370
Platform: Cross Platform
Title: Apache Tomcat "RequestDispatcher" Information Disclosure
Description: Apache Tomcat is a Java-based web server application for
multiple operating systems. The application is exposed to a remote
information disclosure issue because it fails to sufficiently sanitize
user-supplied input.
Ref: http://www.securityfocus.com/archive/1/495022
______________________________________________________________________
08.32.43 CVE: CVE-2008-3423
Platform: Cross Platform
Title: IBM WebSphere Portal Server Remote Administration
Authentication Bypass
Description: IBM WebSphere Portal Server is a framework for developing
websites. The application is exposed to an authentication bypass issue
caused by an unspecified error in the "Authorization/Authentication
(login/logout)" module.
Ref:
http://www-1.ibm.com/support/docview.wss?rs=688&ca=portall2&uid=swg1PK67104
______________________________________________________________________
08.32.44 CVE: Not Available
Platform: Cross Platform
Title: IrfanView ".IFF" File Handling Remote Buffer Overflow
Description: IrfanView is an image viewer that supports multiple file
formats. The application is exposed to a remote buffer overflow issue
because it fails to properly bounds check user-supplied input before
copying it to an insufficiently sized memory buffer. This issue occurs
when handling malformed ".IFF" files. IrfanView version 3.99 is
affected.
Ref: http://www.securityfocus.com/bid/30507
______________________________________________________________________
08.32.45 CVE: CVE-2008-3357, CVE-2008-3389, CVE-2008-3356
Platform: Cross Platform
Title: Ingres Database Multiple Local Vulnerabilities
Description: Ingres Database is a database server used in various
Computer Associates products. The application is exposed to multiple
local issues. Refer to the link below for further information.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732
______________________________________________________________________
08.32.46 CVE: Not Available
Platform: Cross Platform
Title: OpenVPN Client "lladdr" and "iproute" Configuration Directive
Remote Code Execution
Description: OpenVPN is an OpenSSL based tunneling application to
securely tunnel IP networks over the TCP and UDP protocols. The
OpenVPN client is exposed to a remote code execution issue that could
occur when it receives specially crafted "lladdr" or "iproute"
configuration directives. OpenVPN clients versions 2.1-beta14 through
2.1-rc8 are affected.
Ref:
http://openvpn.net/index.php/documentation/change-log/changelog-21.html
______________________________________________________________________
08.32.47 CVE: CVE-2008-3273
Platform: Cross Platform
Title: JBoss Enterprise Application Platform Information Disclosure
Description: JBoss is an open source Java Application server. It is
distributed and maintained by JBoss Group and is available for a
number of platforms including Microsoft Windows and Unix/Linux
variants. The application is exposed to a remote information
disclosure due to an unspecified error. JBoss Enterprise Application
Platform versions prior to 4.3.0.CP01 and 4.2.0.CP03 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0825.html
______________________________________________________________________
08.32.48 CVE: Not Available
Platform: Cross Platform
Title: Git Pathname Multiple Buffer Overflow Vulnerabilities
Description: Git is an open source application for version control of
source code. The application is exposed to multiple buffer overflow
issues because it fails to perform adequate boundary checks on
user-supplied input. Git version 1.5.6.3 is affected.
Ref: http://kerneltrap.org/mailarchive/git/2008/7/16/2529284
______________________________________________________________________
08.32.49 CVE: Not Available
Platform: Cross Platform
Title: Sun Netra T5220 Server Local Denial of Service
Description: Sun Netra T5220 Server is a server designed for
virtualization. Sun Netra T5220 Server is exposed to a local denial of
service issue. A local unprivileged attacker can exploit this issue to
cause a system panic which will result in a denial of service
condition. Sun Netra T5220 Server with firmware version 7.1.3 is
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239930-1
______________________________________________________________________
08.32.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MJGUEST "guestbook.js.php" Cross-Site Scripting
Description: MJGUEST is a guestbook application. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "link" parameter of the "guestbook.js.php"
script. MJGUEST version 6.8 GT is affected.
Ref: http://www.securityfocus.com/archive/1/494931
______________________________________________________________________
08.32.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Panasonic Network Cameras Error Page Multiple Cross-Site
Scripting Vulnerabilities
Description: Panasonic Network Cameras are cameras that can viewed and
controlled over a network. The application is exposed to multiple
cross-site scripting issues because it fails to properly sanitize
user-supplied input to unspecified parameters before using it in
dynamically generated content displayed on its error page.
Ref: http://jvn.jp/en/jp/JVN33706820/index.html
______________________________________________________________________
08.32.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Concrete5 Contact Form Cross-Site Scripting
Description: Concrete5 is a content manager. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the Contact form. Concrete5 version
5.0.0b2 is affected.
Ref: http://www.securityfocus.com/bid/30470
______________________________________________________________________
08.32.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mono Multiple Cross-Site Scripting Vulnerabilities
Description: Mono is a web server application. The application is
exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. These issues affect the "action"
attribute of HTML form submissions, and the
"HtmlInputRadioButton.Value", "HtmlImage.Src", and
"HtmlInputImage.Src" HTML attributes.
Ref: https://bugzilla.novell.com/show_bug.cgi?id=413534
______________________________________________________________________
08.32.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: common solutions csphonebook "index.php" Cross-Site Scripting
Description: The "csphonebook" program (from common solutions) is a
PHP based application for managing contacts. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "letter" parameter of the "index.php"
script. csphonebook version 1.02 is affected.
Ref: http://www.securityfocus.com/bid/30485
______________________________________________________________________
08.32.55 CVE: CVE-2008-1232
Platform: Web Application - Cross Site Scripting
Title: Apache Tomcat "HttpServletResponse.sendError()" Cross-Site
Scripting
Description: Apache Tomcat is a Java-based web server application for
multiple operating systems. Tomcat is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to the message argument of calls to the
"HttpServletResponse.sendError()" function.
Ref: http://www.securityfocus.com/archive/1/495021
______________________________________________________________________
08.32.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: freeForum "acuparam" Parameter Cross-Site Scripting
Description: freeForum is a PHP based bulletin board. The application
is exposed to a cross-site scripting issue because it fails to
properly sanitize user-supplied input to the "acuparam" parameter in
the "index.php" script. freeForum version 1.7 is affected.
Ref: http://www.securityfocus.com/bid/30509
______________________________________________________________________
08.32.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pligg "category" Parameter Cross-Site Scripting
Description: Pligg is a web-based content manager. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "category" parameter of the "index.php"
script. Pligg version 9.9.5 is affected.
Ref: http://www.securityfocus.com/archive/1/495058
______________________________________________________________________
08.32.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Homes 4 Sale "results.php" Cross-Site Scripting
Description: Homes 4 Sale is PHP based real estate application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "Keywords" parameter of
the "results.php" script.
Ref: http://www.securityfocus.com/archive/1/495059
______________________________________________________________________
08.32.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MRBS "area" Parameter Multiple Cross-Site Scripting
Vulnerabilities
Description: MRBS (Meeting Room Booking Software) is a PHP based
application for booking meeting rooms. The application is exposed to
multiple cross-site scripting issues because it fails to sanitize
user-supplied input. MRBS version 1.2.6 is affected.
Ref: http://www.securityfocus.com/bid/30531
______________________________________________________________________
08.32.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: XAMPP Linux Multiple Cross-Site Scripting Vulnerabilities
Description: XAMPP Linux is a package bundle containing the Apache
web server, MySQL, PHP, Perl, FTP server and phpMyAdmin. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. XAMPP Linux version 1.6.7 is
affected.
Ref: http://www.securityfocus.com/archive/1/495096
______________________________________________________________________
08.32.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pluck 4.5.2 Multiple Cross-Site Scripting Vulnerabilities