*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
August 28, 2008
Vol. 7. Week 35
*************************************************************************
@RISK is the SANS
community's consensus bulletin summarizing the most
important vulnerabilities
and exploits identified during the past week
and providing guidance on
appropriate actions to protect your systems
(PART I). It also includes a
comprehensive list of all new
vulnerabilities discovered
in the past week (PART II).
Summary of Updates and
Vulnerabilities in this Consensus
Platform
Number of Updates and Vulnerabilities
-
------------------------
-------------------------------------
Windows
1
Third Party Windows
Apps
6 (#1, #2, #3)
Linux
3 (#6)
BSD
1
Solaris
3
Unix
1
Cross Platform
13 (#4, #5)
Web Application - Cross Site
Scripting
14
Web Application - SQL
Injection
32
Web Application
32
Network Device
1
@RISK is the SANS
community's consensus bulletin summarizing the most
important vulnerabilities
and exploits identified during the past week
and providing guidance on
appropriate actions to protect your systems
(PART I). It also includes a
comprehensive list of all new
vulnerabilities discovered
in the past week (PART II).
Table Of
Contents
Part I -- Critical
Vulnerabilities from TippingPoint (http://www.tippingpoint.com/)
Widely Deployed
Software
(1) HIGH: JustSystems Ichitaro Remote Code Execution
Vulnerability
(2) HIGH: Novell iPrint Client ActiveX Control Multiple
Vulnerabilities
(3) HIGH: Anzio Web Print
Object Buffer Overflow
(4) MODERATE: LibTIFF Decoding Buffer Underflow
(5) MODERATE: OpenOffice.org
Memory Allocation Remote Code Execution
(6) LOW: Red Hat Enterprise
and Fedora Linux Distributions Possible Package Compromise
*************************************************************************
Part II -- Comprehensive
List of Newly Discovered Vulnerabilities from
Qualys (http://www.qualys.com/)
-- Windows
08.35.1 - Microsoft Windows Media Services
"nskey.dll" ActiveX Control Remote Buffer Overflow
-- Third Party Windows
Apps
08.35.2 - RhinoSoft
Serv-U SFTP Remote Denial of
Service
08.35.3 - Anzio Web Print Object ActiveX Control
Remote Buffer Overflow
08.35.4 - Novell iPrint Client ActiveX Control Multiple Remote
Vulnerabilities
08.35.5 - SoftArtisans
XFile FileManager ActiveX
Control Multiple Buffer Overflow Vulnerabilities
08.35.6 - JustSystems
Ichitaro Document Handling Unspecified Code Execution
08.35.7 - HP OpenVMS "SMGSHR.EXE" Local Buffer
Overflow
-- Linux
08.35.8 - Red Hat OpenSSH Backdoor
08.35.9 - Samba Group Mappings File Insecure
Permissions Local Security Issue
08.35.10 - Linux Kernel
"sctp_setsockopt_auth_key()" Remote Denial of
Service
-- BSD
08.35.11 - NetBSD PPPoE Discovery Packet
Remote Denial of Service
-- Solaris
08.35.12 - Sun Solaris NFSv4
Client Kernel Module Local Denial of Service
08.35.13 - Sun Solaris NFS
Kernel Module Local Denial of Service
08.35.14 - Sun Solaris NFS
RPC Local Denial of Service
-- Unix
08.35.15 - LibTIFF "tif_lzw.c" Remote Integer
Underflow
-- Cross Platform
08.35.16 - Avaya SES
Authentication Bypass Vulnerability and Information Disclosure
Weakness
08.35.17 - Opera Web Browser
9.51 Multiple Security Vulnerabilities
08.35.18 - llcon Protocol Message Remote Denial of
Service
08.35.19 - PowerDNS Source Port Randomization Remote Cache
Poisoning
08.35.20 - libxml2 Recursive
Entity Remote Denial of Service
08.35.21 - Vim Insufficient
Shell Escaping Multiple Command Execution Vulnerabilities
08.35.22 - xine-lib 1.1.14 and Prior Multiple Remote
Vulnerabilities
08.35.23 - libmodplug "s3m" Remote Buffer
Overflow
08.35.24 - Ruby REXML Remote
Denial of Service
08.35.25 - Multiple Vendor
"inet_net_pton()" Function Integer Overflow
Weakness
08.35.26 - VLC Media Player
"mmstu.c" MMS Protocol Handling Buffer
Overflow
08.35.27 - DriveCrypt Incorrect BIOS API Usage
Security
08.35.28 - GPicView Multiple Local Security
Vulnerabilities
-- Web Application - Cross Site
Scripting
08.35.29 - NOAH Unspecified
Cross-Site Scripting
08.35.30 - vBulletin "$newpm[title]"
Parameter Cross-Site Scripting
08.35.31 - BandSite CMS Cross Site Scripting and Information Disclosure
Vulnerabilities
08.35.32 - TimeTrex Time and Attendance Module Multiple Cross-Site
Scripting Vulnerabilities
08.35.33 - DxShopCart "search.php" Cross-Site
Scripting
08.35.34 - Accellion File Transfer Multiple Cross-Site Scripting
Vulnerabilities
08.35.35 - PicturesPro Photo Cart Search Cross-Site
Scripting
08.35.36 - GMOD GBrowse Unspecified Cross-Site
Scripting
08.35.37 - AN Guestbook
Unspecified Cross-Site Scripting Vulnerabilities
08.35.38 - Civic Website
Manager Multiple Cross-Site Scripting Vulnerabilities
08.35.39 - mysql-lists Unspecified Cross Site
Scripting
08.35.40 - Smart Survey
"surveyresults.asp" Cross Site Scripting
08.35.41 - MatterDaddy Market "admin/login.php" Cross Site
Scripting
08.35.42 - Educe ASP Search
Engine "search.asp" Cross-Site Scripting
-- Web Application - SQL
Injection
08.35.43 - Active PHP
Bookmarks "id" Parameter SQL Injection
08.35.44 - YourFreeWorld Programs Rating Script "id" Parameter SQL
Injection
08.35.45 - YourFreeWorld Forced Matrix Script
08.35.46 - YourFreeWorld Classifieds Script "category" Parameter SQL
Injection
08.35.47 - YourFreeWorld Ad-Exchange Script "id" Parameter SQL
Injection
08.35.48 - YourFreeWorld Viral Marketing Script "id" Parameter SQL
Injection
08.35.49 - YourFreeWorld URL Rotator Script "id" Parameter SQL
Injection
08.35.50 - YourFreeWorld Stylish Text Ads Script "id" Parameter SQL
Injection
08.35.51 - YourFreeWorld Short Url &
Url Tracker Script "id" Parameter SQL
Injection
08.35.52 - itMedia Multiple SQL Injection
Vulnerabilities
08.35.53 - SFS Affiliate
Directory "id" Parameter SQL Injection
08.35.54 - YourFreeWorld Ad Board Script "id" Parameter SQL
Injection
08.35.55 - K Web CMS
"sayfala.asp" SQL Injection
08.35.56 - SunShop Shopping Cart "class.ajax.php" Multiple SQL Injection
Vulnerabilities
08.35.57 - Papoo "suchanzahl" Parameter SQL
Injection
08.35.58 - YourFreeWorld Banner Management Script "id" Parameter SQL
Injection
08.35.59 - Scripts4Profit
DXShopCart "pid" Parameter
SQL Injection
08.35.60 - phpBazar "adid" Parameter SQL
Injection
08.35.61 - Simasy CMS "id" Parameter SQL
Injection
08.35.62 - QuidaScript FAQ Management Script "catid" Parameter SQL Injection
08.35.63 - webEdition CMS "we_objectID"
Parameter SQL Injection
08.35.64 - PicturesPro Photo Cart Multiple SQL Injection
Vulnerabilities
08.35.65 - CustomCMS CCMS Gaming "print.php" SQL
Injection
08.35.66 - MiaCMS "com_content" SQL
Injection
08.35.67 - Web Directory
Script "listing_view.php" SQL Injection
08.35.68 - Matterdaddy Market Multiple SQL Injection
Vulnerabilities
08.35.69 - BtiTracker and xbtit "scrape.php"
SQL Injection
08.35.70 - Calendarix Multiple SQL Injection
Vulnerabilities
08.35.71 - Crafty Syntax
Live Help Multiple SQL Injection Vulnerabilities
08.35.72 - Z-Breaknews "single.php" SQL Injection
08.35.73 - Kolifa.net
Download Script "indir.php" SQL Injection
08.35.74 - iFdate "members_search.php" SQL
Injection
-- Web Application
08.35.75 - Interleave
Information Disclosure Vulnerabilities
08.35.76 - Vanilla 1.1.4
HTML Injection and Cross-Site Scripting Vulnerabilities
08.35.77 - Aurora Password
Manager System Tray Icon Information Disclosure
08.35.78 - WordPress "get_edit_post_link()"
& "get_edit_comment_link()" Multiple Eavesdropping
Vulnerabilities
08.35.79 - GE Fanuc Proficy Information Portal HTTP Basic Authentication
Information Disclosure
08.35.80 - Folder Lock Weak
Password Encryption Local Information Disclosure
08.35.81 - Pars4U Videosharing SQL Injection and Cross Site Scripting
Vulnerabilities
08.35.82 - Fujitsu Web-Based
Admin View Directory Traversal
08.35.83 - FAR-PHP
"index.php" Local File Include
08.35.84 - EasySite Multiple Local File Include
Vulnerabilities
08.35.85 - tinyCMS "templater.php" Local File
Include
08.35.86 - LacoodaST and La!cooda WIZ
Multiple Remote Vulnerabilities
08.35.87 - Trend Micro Web
Management Authentication Bypass
08.35.88 - ACG-PTP
"index.php" Multiple HTML Injection Vulnerabilities
08.35.89 - One-News Multiple
Input Validation Vulnerabilities
08.35.90 - Five Star Review
SQL Injection and Cross Site Scripting Vulnerabilities
08.35.91 - GNU ed File Processing "strip_escapes()" Heap Overflow
08.35.92 - NoName Script Multiple Remote
Vulnerabilities
08.35.93 - AWStats Totals "sort" Parameter Remote Command Execution
Vulnerabilities
08.35.94 - Simple PHP Blog
0.5.0 Multiple Remote Vulnerabilities
08.35.95 - Pluck "index.php"
Multiple Local File Include Vulnerabilities
08.35.96 - ezContents CMS Multiple Local File Include
Vulnerabilities
08.35.97 - PHP-Ultimate
Webboard "admindel.php" Multiple Input Validation
Vulnerabilities
08.35.98 - Bluemoon inc. PopnupBlog
"index.php" Multiple Cross-Site Scripting Vulnerabilities
08.35.99 - Xen "XSM:Flask" Module Multiple
Local Buffer Overflow Vulnerabilities
08.35.100 - TIBCO Hawk
Multiple Remote Buffer Overflow Vulnerabilities
08.35.101 - K-Rate Multiple
Input Validation Vulnerabilities
08.35.102 - ZoneMinder Multiple Input Validation Security
Vulnerabilities
08.35.103 - HP System
Management Homepage (SMH) "message.php" Cross Site
Scripting
08.35.104 - Thickbox Gallery "conf/admins.php" Information
Disclosure
08.35.105 - CMME Multiple
Remote Security Vulnerabilities
08.35.106 - Kyocera Mita Scanner File Utility File Transfer Directory
Traversal
-- Network Device
08.35.107 - Intel System
Management Mode Local Privilege Escalation
**************************
Sponsored Links ****************************
1) Register for Control
Systems Cyber Security Training. SANS Process
Control and SCADA Summit
September 8-9 - Amsterdam, NL.
http://www.sans.org/info/32248
***********************************************************************
PART I Critical
Vulnerabilities
Part I for this issue has
been compiled by Rob King at TippingPoint,
a
division of 3Com, as a
by-product of that company's continuous effort
to ensure that its intrusion
prevention products effectively block
exploits using known
vulnerabilities. TippingPoint's analysis
is
complemented by input from a
council of security managers from twelve
large organizations who
confidentially share with SANS the specific
actions they have taken to
protect their systems. A detailed description
of the process may be found
at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed
Software
*****************************
(1) HIGH: JustSystems Ichitaro Remote Code Execution
Vulnerability
Affected:
JustSystems
Ichitaro versions 2008 and possibly prior
Description: JustSystems Ichitaro is the second most popular
word
processing application in
Japan, and is popular throughout Asia. It
contains a remote code
execution vulnerability in its handling of
documents. A specially
crafted document could trigger this
vulnerability, allowing an
attacker to execute arbitrary code with the
privileges of the current
user. Depending upon configuration, such
documents may be opened by
the vulnerable application upon receipt,
without first prompting the
user. According to reports, this flaw is
being actively exploited in
the wild.
Status: Vendor confirmed, no
updates available.
References:
JustSystems
Advisory (Japanese)
http://www.justsystems.com/jp/info/pd8002.html
Product Home
Page
SecurityFocus
BID
http://www.securityfocus.com/bid/30828
********************************************************
(2) HIGH: Novell iPrint Client ActiveX Control Multiple
Vulnerabilities
Affected:
Novell iPrint Client ActiveX Control versions 5.06 and
prior
Description: Novell iPrint is a popular network document
printing
solution. Part of its
client's functionality is implemented as an
ActiveX control. This
control contains multiple vulnerabilities in its
handling of a variety of
parameters and methods. A specially crafted web
page that instantiates this
control could trigger one of these
vulnerabilities, allowing an
attacker to execute arbitrary code with the
privileges of the current
user. Additional vulnerabilities range from
arbitrary file overwrites to
information disclosure. Technical details
are publicly available for
these vulnerabilities.
Status: Vendor confirmed,
updates available. However, it is thought that
the available updates to not
address all issues. Users can mitigate the
impact of this vulnerability
by disabling the affected control via
Microsoft's "kill bit"
mechanism. Note that this will affect normal
application
functionality.
References:
Secunia
Security Advisories
http://secunia.com/secunia_research/2008-27/advisory/
http://secunia.com/secunia_research/2008-30/advisory/
Novell Download
Page
http://download.novell.com/Download?buildid=_BILqzyqc2g~
Microsoft Knowledge Base
Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus
BID
http://www.securityfocus.com/bid/30813
********************************************************
(3) HIGH: Anzio Web Print
Object Buffer Overflow
Affected:
Anzio Web Print Object
ActiveX Control versions prior to 3.2.30
Description: The Anzio Web
Print Object (WePO) is a popular
"push"
printing solution. Its
functionality is provided by an ActiveX control.
This control contains a
buffer overflow in its handling of its "mainurl"
parameter. A specially
crafted web page that instantiates this control
could trigger this buffer
overflow, allowing an attacker to execute
arbitrary code with the
privileges of the current user. Technical
details are publicly
available for this vulnerability. A simple
proof-of-concept is also
publicly available for this vulnerability.
Status: Vendor confirmed,
updates available. Users can mitigate the
impact of this vulnerability
by disabling the affected control using
Microsoft's "kill bit"
mechanism using CLSID
"4CE8026D-5DBF-48C9-B6E9-14A2B1974A3D". Note that this
will affect
normal application
functionality.
References:
Core Security
Advisory
http://www.coresecurity.com/content/anzio-web-print-object-buffer-overflow
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/30545.html
Product Home
Page
http://www.anzio.com/download-wepo.htm
Microsoft Knowledge Base
Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus
BID
http://www.securityfocus.com/bid/30545
********************************************************
(4) MODERATE: LibTIFF Decoding Buffer Underflow
Affected:
LibTIFF
versions 3.x
Description: LibTIFF is a decoding and manipulation library for
the
Tagged Image File Format
(TIFF), a popular image format. It contains a
flaw in its decoding of
compressed TIFF data. A specially crafted TIFF
file could trigger this
flaw, leading to a buffer underflow condition.
It is believed that this
flaw could potentially lead to remote code
execution with the
privileges of the vulnerable process, though this is
not confirmed. Full
technical details for this vulnerability are
publicly available via
source code analysis.
Status: Vendor has not
confirmed, no updates available. Some
distributors have patched
their systems.
References:
Debian
Security Advisory
http://security-tracker.debian.net/tracker/CVE-2008-2327
Wikipedia Article on
TIFF
http://en.wikipedia.org/wiki/Tagged_Image_File_Format
LibTIFF Home
Page
SecurityFocus
BID
http://www.securityfocus.com/bid/30832
********************************************************
(5) MODERATE: OpenOffice.org
Memory Allocation Remote Code Execution
Affected:
OpenOffice.org versions
2.4.1 and prior
Description: OpenOffice.org
is a popular cross-platform free office
suite, installed by default
on numerous Linux- and Unix-based operating
systems. It is also
available for Microsoft Windows and Mac OS X. It
contains a flaw in its
handling of certain constructs in OpenOffice.org
documents. A specially
crafted document could trigger this flaw, leading
to a misallocation of
memory. Successfully exploiting this vulnerability
would allow an attacker to
execute arbitrary code with the privileges
of the current user. Note
that only OpenOffice.org on 64-bit
platforms
is vulnerable. Note that,
depending upon configuration, documents may
be opened by the vulnerable
application upon receipt, without first
prompting the user. Full
technical details for this vulnerability are
available via source code
analysis.
Status: Vendor confirmed,
updates available.
References:
OpenOffice.org Issue
Tracker
http://www.openoffice.org/issues/show_bug.cgi?id=92217
OpenOffice.org Home
Page
SecurityFocus
BID
http://www.securityfocus.com/bid/30866
********************************************************
(6) LOW: Red Hat Enterprise
and Fedora Linux Distributions Possible Package Compromise
Affected:
Red Hat Enterprise Linux
versions 4 and 5
Fedora
Linux
Description: Red Hat, a
major north American Linux vendor, and Fedora,
a popular free Linux
distribution sponsored by Red Hat, suffered a
security breach. The
attacker was able to sign and possibly modify
several packages for these
operating systems, including the OpenSSH
server package. It is not
currently believed that the attacker was able
to inject these packages
into the automated update stream, but Red Hat
is advising users to
double-check their systems to ensure that no
tainted packages were
installed. Details on how to verify systems is
available in the links
below.
Status: Vendor confirmed,
updates available.
References:
Fedora Infrastructure
Report
http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
Red Hat Security
Advisory
http://rhn.redhat.com/errata/RHSA-2008-0855.html
Red Hat Home
Page
OpenSSH Home
Page
*******************************************************
Part II: Weekly
Comprehensive List of Newly Discovered Vulnerabilities
Week 35,
2008
This list is compiled by
Qualys ( http://www.qualys.com/ ) as part of
that
company's ongoing effort to
ensure its vulnerability management web
service tests for all known
vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this
special
SANS community listing,
Qualys also includes vulnerabilities that
cannot
be scanned
remotely.
______________________________________________________________________
08.35.1 CVE: Not
Available
Platform:
Windows
Title: Microsoft Windows
Media Services "nskey.dll" ActiveX Control
Remote Buffer
Overflow
Description: Windows Media
Services (WMS) is a steaming media server
from Microsoft. The
Microsoft Windows Media Services ActiveX control
is exposed to a buffer
overflow issue because it fails to perform
adequate boundary checks on
user-supplied input. "nskey.dll" version
4.1.00.3917 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.35.2 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: RhinoSoft Serv-U SFTP Remote
Denial of Service
Description: RhinoSoft Serv-U is an FTP server
for Windows platform.
The application is exposed
to a remote denial of service issue that
arises when the application
creates directories and logs SFTP commands
during SFTP sessions. Serv-U versions prior to 7.2.0.1 are
affected.
Ref: http://www.serv-u.com/releasenotes/
______________________________________________________________________
08.35.3 CVE:
CVE-2008-3480
Platform: Third Party
Windows Apps
Title: Anzio Web Print
Object ActiveX Control Remote Buffer Overflow
Description: Anzio Web Print
Object is an ActiveX object that allows
users to push print jobs
from files to a user's printer without
displaying it in HTML. Anzio
Web Print Object ActiveX control is
exposed to a heap-based
buffer overflow issue because the application
fails to perform adequate
boundary checks on user-supplied input.
Ref:
http://www.coresecurity.com/content/anzio-web-print-object-buffer-overflow
______________________________________________________________________
08.35.4 CVE: CVE-2008-2431,
CVE-2008-2432
Platform: Third Party
Windows Apps
Title: Novell iPrint Client ActiveX Control Multiple
Remote
Vulnerabilities
Description: Novell iPrint Client ActiveX control is a
client
application for printing
over the Internet. The control is exposed to
multiple remote buffer
overflow issues because it fails to properly
bounds check user-supplied
input. iPrint Client versions 4.36 and
5.04
are
affected.
Ref: http://secunia.com/secunia_research/2008-30/advisory/
______________________________________________________________________
08.35.5 CVE:
CVE-2007-1682
Platform: Third Party
Windows Apps
Title: SoftArtisans XFile FileManager ActiveX Control Multiple
Buffer
Overflow
Vulnerabilities
Description: SoftArtisans XFile is an
application that allows users to
transfer files. FileManager is an ActiveX component of XFile. The
application is exposed to
multiple buffer overflow issues because it
fails to perform adequate
boundary checks on user-supplied data.
SoftArtisans
XFile versions prior to 2.4.0 are
affected.
Ref: http://www.kb.cert.org/vuls/id/914785
______________________________________________________________________
08.35.6 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: JustSystems Ichitaro Document Handling Unspecified
Code
Execution
Description: Ichitaro is a
word processor available for Microsoft
Windows. The application is
exposed to an unspecified code execution
issue. Attackers may exploit
this issue by enticing a victim to open a
crafted ".JTD" document.
Ichitaro 2008 is affected.
Ref: http://www.securityfocus.com/bid/30828
______________________________________________________________________
08.35.7 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: HP OpenVMS
"SMGSHR.EXE" Local Buffer Overflow
Description: OpenVMS is a
mainframe-like operating system originally
developed by Digital. It is
maintained and distributed by HP. OpenVMS
is exposed to a local buffer
overflow issue because it fails to
perform adequate boundary
checks on user-supplied input.
Ref: http://mail.openvms.org:8100/Lists/alerts/Message/837.html
______________________________________________________________________
08.35.8 CVE: Not
Available
Platform:
Linux
Title: Red Hat OpenSSH Backdoor
Description: OpenSSH is a free implementation of the Secure
Shell
protocol suite. It is
available for various operating systems. OpenSSH
running on Red Hat operating
systems are exposed to a backdoor issue;
as the attackers have
managed to sign and deploy rogue OpenSSH
packages
to the software repository.
OpenSSH running on the following
operating
systems are affected: Red
Hat Enterprise Linux 4 i386, x86_64 and Red
Hat Enterprise Linux 5
x86_64.
Ref:
http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
______________________________________________________________________
08.35.9 CVE: Not
Available
Platform:
Linux
Title: Samba Group Mappings
File Insecure Permissions Local Security Issue
Description: Samba is
exposed to a local security issue because it
sets insecure permissions
for a certain configuration file.
Specifically, the
"group_mapping.tdb" file is recreated with the
permissions set to "0666" if
the file was previously deleted. Samba
version 3.2.0 is
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073
______________________________________________________________________
08.35.10 CVE:
CVE-2008-3526
Platform:
Linux
Title: Linux Kernel "sctp_setsockopt_auth_key()" Remote Denial
of
Service
Description: The Linux
kernel is exposed to a remote denial of service
issue because it fails to
properly handle user-supplied input. This
issue occurs because of
inadequate checks in the
"sctp_setsockopt_auth_key()" function of the "net/sctp/socket.c"
source file. Linux kernel
versions prior to 2.6.24-rc1 are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/861
______________________________________________________________________
08.35.11 CVE: Not
Available
Platform:
BSD
Title: NetBSD PPPoE Discovery Packet
Remote Denial of Service
Description: NetBSD is exposed to a remote denial of service
issue
that occurs because of
insufficient length checks to tags within PPPoE
(Point-to-Point Protocol
over Ethernet) discovery packets. An attacker
can exploit this issue to
crash the affected computer, denying service
to legitimate
users.
Ref: http://www.securityfocus.com/bid/30838
______________________________________________________________________
08.35.12 CVE: Not
Available
Platform:
Solaris
Title: Sun Solaris NFSv4
Client Kernel Module Local Denial of Service
Description: Sun Solaris is
an operating system developed by Sun
Microsystems. Sun Solaris is
exposed to a local denial of service
issue that affects the NFSv4
client kernel module.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240546-1
______________________________________________________________________
08.35.13 CVE: Not
Available
Platform:
Solaris
Title: Sun Solaris NFS
Kernel Module Local Denial of Service
Description: Sun Solaris is
a UNIX-based operating system. Sun Solaris
is exposed to a local denial
of service issue. A local unprivileged
attacker can exploit this
issue to cause a system panic that will
result in a denial of
service condition. Solaris 10 is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-241066-1
______________________________________________________________________
08.35.14 CVE: Not
Available
Platform:
Solaris
Title: Sun Solaris NFS RPC
Local Denial of Service
Description: Sun Solaris is
a UNIX-based operating system. Sun Solaris
is exposed to a local denial
of service issue in the NFS Remote
Procedure Calls (RPC) zones
implementation.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240866-1
______________________________________________________________________
08.35.15 CVE:
CVE-2008-2327
Platform:
Unix
Title: LibTIFF "tif_lzw.c" Remote Integer
Underflow
Description: LibTIFF is a library for reading and manipulating
Tag
Image File Format (TIFF)
files. It is freely available for UNIX and
UNIX-like operating systems
as well as Microsoft Windows. The library
is exposed to an integer
underflow issue because it fails to
bounds check user-supplied
input before copying it into an
insufficiently sized memory
buffer. LibTIFF versions 3.7.2 and
3.8.2
are
affected.
Ref: http://security-tracker.debian.net/tracker/CVE-2008-2327
______________________________________________________________________
08.35.16 CVE: Not
Available
Platform: Cross
Platform
Title: Avaya SES
Authentication Bypass Vulnerability and Information
Disclosure
Weakness
Description: SIP Enablement
Services server is a Session Initiation
Protocol (SIP) management
application for SIP routers produced by
Avaya. The application is
exposed to an authentication bypass issue
because it fails to protect
access to the router's system-update
section of the interface.
Avaya SES versions 5.0 and CM 5.0 on S8300C
with SES enabled are
affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm
______________________________________________________________________
08.35.17 CVE: Not
Available
Platform: Cross
Platform
Title: Opera Web Browser
9.51 Multiple Security Vulnerabilities
Description: Opera Web
Browser is a browser that runs on multiple
operating systems. Opera is
exposed to multiple security issues. Opera
versions prior to 9.52 are
affected.
Ref: http://www.opera.com/support/search/view/896/
______________________________________________________________________
08.35.18 CVE: Not
Available
Platform: Cross
Platform
Title: llcon Protocol Message Remote Denial of
Service
Description: llcon is a client/server communication application
that
enables musicians to play
together over the Internet. The application
is exposed to a denial of
service issue because the application fails
to handle malformed protocol
messages. llcon version 2.1.1 is
affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=158367&release_id=619929
______________________________________________________________________
08.35.19 CVE:
CVE-2008-3217
Platform: Cross
Platform
Title: PowerDNS Source Port Randomization Remote Cache
Poisoning
Description: A remote DNS
cache-poisoning issue affects PowerDNS
because it fails to use a
secure random number generator when
selecting UDP source ports.
Attackers may leverage this issue to
manipulate cache data,
potentially facilitating man in the middle,
site impersonation, or
denial of service attacks. PowerDNS
versions
prior to 3.1.6 are
affected.
Ref: http://doc.powerdns.com/changelog.html
______________________________________________________________________
08.35.20 CVE:
CVE-2008-3281
Platform: Cross
Platform
Title: libxml2 Recursive
Entity Remote Denial of Service
Description: The libxml2
library is a freely available package that is
used to parse and create XML
content. The libxml2 library is exposed
to a denial of service issue
because it fails to handle recursive
entities contained in XML
files.
Ref: http://www.securityfocus.com/bid/30783
______________________________________________________________________
08.35.21 CVE: Not
Available
Platform: Cross
Platform
Title: Vim Insufficient
Shell Escaping Multiple Command Execution
Vulnerabilities
Description: Vim is a text
editor available for multiple operating
platforms. The application
is exposed to multiple command execution
issues because it fails to
sufficiently sanitize user-supplied data.
Vim version 7.2 is
affected.
Ref: http://www.securityfocus.com/archive/1/495703
______________________________________________________________________
08.35.22 CVE: Not
Available
Platform: Cross
Platform
Title: xine-lib 1.1.14 and Prior Multiple Remote
Vulnerabilities
Description: The "xine" application is a media player; xine-lib is the
core library for
applications that use xine. Attackers can
exploit
these issues to execute
arbitrary code in the context of applications
that use the library or
cause a denial of service condition. xine-lib
versions 1.1.14 and earlier
are affected.
Ref: http://www.ocert.org/analysis/2008-008/analysis.txt
______________________________________________________________________
08.35.23 CVE: Not
Available
Platform: Cross
Platform
Title: libmodplug "s3m" Remote Buffer
Overflow
Description: The libmodplug library allows various media players
to
play various media formats.
The library is exposed to a remote buffer
overflow issue that occurs
because it fails to perform adequate
boundary checks on
user-supplied data. libmodplug version 0.8.4
is
affected.
Ref: http://www.securityfocus.com/bid/30801
______________________________________________________________________
08.35.24 CVE: Not
Available
Platform: Cross
Platform
Title: Ruby REXML Remote
Denial of Service
Description: Ruby is an
object-oriented scripting language. REXML is a
module used to create and
parse XML content. Ruby is exposed to a
remote denial of service
issue in its REXML module. Ruby versions up
to and including 1.9.0-3 are
affected.
Ref:
http://weblog.rubyonrails.com/2008/8/23/dos-vulnerabilities-in-rexml
______________________________________________________________________
08.35.25 CVE: Not
Available
Platform: Cross
Platform
Title: Multiple Vendor
"inet_net_pton()" Function Integer
Overflow
Weakness
Description: The "inet_net_pton()" function is used to convert
a
string representation of an
IP addresses into a network-format binary
representation. OpenBSD version 4.3, Mac OS X version 10.5 and
ISC
BIND version 9.5.0-P2 is
affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064051.html
______________________________________________________________________
08.35.26 CVE: Not
Available
Platform: Cross
Platform
Title: VLC Media Player
"mmstu.c" MMS Protocol Handling Buffer
Overflow
Description: VLC is a
cross-platform media player that can be used to
serve streaming data. VLC is
exposed to a heap-based buffer overflow
issue because it fails to
perform adequate boundary checks on
user-supplied input. This
occurs within the "modulesaccessmmsmmstu.c"
source file when parsing MMS
protocol data. VLC media player version
0.8.6i is
affected.
Ref:
http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048504.html
______________________________________________________________________
08.35.27 CVE: Not
Available
Platform: Cross
Platform
Title: DriveCrypt Incorrect BIOS API Usage
Security
Description: DriveCrypt is an application that allows users to
encrypt
data contained in a storage
device. DriveCrypt is exposed to
a
security issue that may
allow attackers to cause a denial of service
condition, allowing
attackers to gain access to plain text passwords.
DriveCrypt
Plus Pack version 3.9 is affected.
Ref: http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html
______________________________________________________________________
08.35.28 CVE: Not
Available
Platform: Cross
Platform
Title: GPicView Multiple Local Security
Vulnerabilities
Description: GPicView is an open source image viewer. GPicView is
affected by multiple local
security issues. An attacker may leverage