*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
September 4, 2008
Vol. 7. Week 36
*************************************************************************
@RISK is the SANS
community's consensus bulletin summarizing the most
important vulnerabilities
and exploits identified during the past week
and providing guidance on
appropriate actions to protect your systems
(PART I). It also includes a
comprehensive list of all new
vulnerabilities discovered
in the past week (PART II).
Summary of Updates and
Vulnerabilities in this Consensus
Platform
Number of Updates and Vulnerabilities
-
------------------------
-------------------------------------
Third Party Windows
Apps
10 (#5)
Linux
15
Solaris
1
Novell
3 (#1, #3, #4)
Cross Platform
52 (#2, #6, #7)
Web Application - Cross Site
Scripting
9
Web Application - SQL
Injection
14
Web Application
18
Network Device
2
Table Of
Contents
Part I -- Critical
Vulnerabilities from TippingPoint (http://www.tippingpoint.com/)
Widely Deployed
Software
(1) CRITICAL: Novell eDirectory Multiple Vulnerabilities
(2) CRITICAL: Red Hat
Directory Server Multiple Vulnerabilities
(3) HIGH: Novell Forum
Arbitrary Tcl Command Injection
(4) HIGH: Novell iPrint Client ActiveX Control Buffer
Overflow
(5) HIGH: Ultra Office
ActiveX Control Multiple Vulnerabilities
(6) MODERATE: Multiple
VMware Products Multiple Vulnerabilities
(7) MODERATE: libpurple Multiple Vulnerabilities
*************************************************************************
Part II -- Comprehensive
List of Newly Discovered Vulnerabilities from Qualys
(http://www.qualys.com/)
-- Third Party Windows
Apps
08.36.1 - PureMessage
for Microsoft Exchange RTF Multiple Denial of Service
Vulnerabilities
08.36.2 - Ultra Office Control "Save()" Method
Arbitrary File Overwrite
08.36.3 - Ultra Office Control "HttpUpload()" Method Buffer Overflow
08.36.4 - Friendly Technologies
"fwRemoteCfg.dll" ActiveX Control Arbitrary Command
Execution
08.36.5 - Friendly Technologies
"fwRemoteCfg.dll" ActiveX Control Remote Buffer Overflow
08.36.6 - Najdi.si Toolbar "najdisitoolbar.dll"
ActiveX Control Remote Buffer Overflow
08.36.7 - LogMeIn
"RACtrl.dll" ActiveX Control Multiple Remote Stack-Based Buffer Overflow
Vulnerabilities
08.36.8 - VMware Multiple ActiveX Controls
Multiple Unspecified Security Vulnerabilities
08.36.9 - Friendly Technologies
"fwRemoteCfg.dll" ActiveX Control Information Disclosure
08.36.10 - Friendly
Technologies "fwRemoteCfg.dll" ActiveX Control Registry Key
Manipulation
-- Linux
08.36.11 - APTonCD Insecure Temporary File
Creation
08.36.12 - Aegis "aegis.cgi"
Insecure Temporary File Creation
08.36.13 - Red Hat Directory
Server Crafted Search Pattern Denial of Service
08.36.14 - Red Hat Directory
Server LDAP Memory Leak Multiple Remote Denial of Service
Vulnerabilities
08.36.15 - Red Hat Directory
Server Accept Language HTTP Headers Buffer Overflow
08.36.16 - gdrae Insecure Temporary File Creation
08.36.17 - cman "fence_egenera" Insecure
Temporary File Creation
08.36.18 - Debian Feta "to-upgrade" Plugin Insecure Temporary File
Creation
08.36.19 - Debian dhis-server Insecure
Temporary File Creation
08.36.20 - Debian FML "libexec/mead.pl"
Insecure Temporary File Creation
08.36.21 - LinuxTrade Insecure Temporary File Creation
Vulnerabilities
08.36.22 - Debian "linux-patch-openswan" Insecure Temporary File Creation
Vulnerabilities
08.36.23 - Dreambox Web Interface URI Remote Denial of
Service
08.36.24 - Ogle DVD Player
Insecure Temporary File Creation Vulnerabilities
08.36.25 - Postfix "epoll" Linux Event Handler Local Denial of
Service
-- Solaris
08.36.26 - Sun Solaris
Kernel Covert Channel Creation Security Bypass
-- Novell
08.36.27 - Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting
Vulnerabilities
08.36.28 - Novell iPrint Client "IppCreateServerRef()" Remote Buffer
Overflow
-- Cross Platform
08.36.29 - Honeyd Insecure Temporary File
Creation
08.36.30 - HP Enterprise
Discovery Unspecified Remote Privilege Escalation
08.36.31 - OpenOffice "rtl_allocateMemory()"
Remote Code Execution
08.36.32 - IBM DB2 CLR
Stored Procedures Deployment Unspecified Security Issue
08.36.33 - Sharity Unspecified Security Issue
08.36.34 - Tiger "genmsgidx" Insecure Temporary File
Creation
08.36.35 - Citadel Insecure
Temporary File Creation
08.36.36 - R "javareconf" Insecure Temporary File
Creation
08.36.37 - Acoustica Mixcraft ".mx4" Image
File Name Buffer Overflow
08.36.38 - aview "asciiview" Insecure
Temporary File Creation
08.36.39 - AudioLink Insecure Temporary File
Creation
08.36.40 - Amanda CDRW-Taper
Insecure Temporary File Creation
08.36.41 - CDcontrol Insecure Temporary File
Creation
08.36.42 - Crossfire
crossfire-maps Insecure Temporary File Creation
08.36.43 - The ARB software
Multiple Insecure Temporary File Creation Vulnerabilities
08.36.44 - Apertium Multiple Insecure Temporary File Creation
Vulnerabilities
08.36.45 - Caudium Insecure Temporary File
Creation
08.36.46 - DigitalDJ Insecure Temporary File
Creation
08.36.47 - GpsDrive Insecure Temporary File
Creation
08.36.48 - NetCitadel Firewall Builder Insecure Temporary File
Creation
08.36.49 - Debian dist Insecure Temporary File Creation
Vulnerabilities
08.36.50 - Debian lustre-tests Insecure
Temporary File Creation
08.36.51 - Liquidsoap Insecure Temporary File
Creation
08.36.52 - LMbench Insecure Temporary File Creation
Vulnerabilities
08.36.53 - Debian konwert-filters
"filters/any-UTF8" Insecure Temporary File Creation
08.36.54 - MAFFT Insecure
Temporary File Creation
08.36.55 - Debian lazarus-src
"create_lazarus_export_tgz.sh" Insecure Temporary File
Creation
08.36.56 - OpenOffice "senddoc" Insecure
Temporary File Creation
08.36.57 - Mgetty "faxspool" Insecure
Temporary File Creation
08.36.58 - Plait Insecure
Temporary File Creation
08.36.59 - MySpell Insecure Temporary File
Creation
08.36.60 - NetMRG "rrdedit" Insecure
Temporary File Creation
08.36.61 - QEMU "qemu-make-debian-root" Insecure
Temporary File Creation
08.36.62 - newsgate "mkmailpost" Insecure
Temporary File Creation
08.36.63 - VMware ISAPI
Extension Remote Denial of Service
08.36.64 - VMware OpenProcess Local Privilege Escalation
08.36.65 - VMware
Consolidated Backup (VCB) User Password Information
Disclosure
08.36.66 - HP TCP/IP
Services for OpenVMS Finger Client Format String
08.36.67 - Radiance Insecure
Temporary File Creation Vulnerabilities
08.36.68 - Debian rancid-util "getipacctg" Insecure Temporary File
Creation
08.36.69 - Debian rccp Insecure Temporary
File Creation
08.36.70 - Parallels Plesk Shortnames Open Email
Relay
08.36.71 - WordNet Multiple Buffer Overflow
Vulnerabilities
08.36.72 - Newsbeuter Crafted URI Remote Arbitrary Shell Command
Injection
08.36.73 - SNG Insecure
Temporary File Creation
08.36.74 - Cadsoft Video Disk Recorder Insecure Temporary File
Creation
08.36.75 - Debian realtimebattle-common
Insecure Temporary File Creation
08.36.76 - Debian scilab-bin Insecure
Temporary File Creation Vulnerabilities
08.36.77 - Debian scratchbox2 Insecure Temporary File Creation
Vulnerabilities
08.36.78 - Siemens Gigaset WLAN Camera Insecure Default
Password
08.36.79 - Google Chrome
Remote Denial of Service
08.36.80 - AVTECH PageR Enterprise Directory Traversal
-- Web Application - Cross Site
Scripting
08.36.81 - IBM Lotus Quickr Multiple Unspecified Cross-Site Scripting
Vulnerabilities
08.36.82 - AbleSpace "adv_cat.php" Cross-Site
Scripting
08.36.83 - Red Hat Directory
Server Multiple Cross Site Scripting Vulnerabilities
08.36.84 - Advanced Electron
Forum "username" Parameter Cross Site Scripting
08.36.85 - Blogn Multiple Unspecified Cross-Site Scripting
Vulnerabilities
08.36.86 - vtiger CRM Multiple Cross-Site Scripting
Vulnerabilities
08.36.87 - GenPortal "buscarCat.php" Cross-Site
Scripting
08.36.88 - IDevSpot BizDirectory "page"
Parameter Cross-Site Scripting
08.36.89 - Open Media
Collectors Database Multiple Cross Site Scripting
Vulnerabilities
-- Web Application - SQL
Injection
08.36.90 - YourOwnBux "memberstats.php" SQL
Injection
08.36.91 - phpMyRealty Multiple SQL Injection
Vulnerabilities
08.36.92 - SourceWorkshop Web directory script "index.php" SQL
Injection
08.36.93 - MyioSoft EasyClassifields
"index.php" SQL Injection
08.36.94 - Websens CMSbright "page.php" SQL
Injection
08.36.95 - myPHPNuke "printfeature.php" SQL
Injection
08.36.96 - Reciprocal Links
Manager "site" Parameter SQL Injection
08.36.97 - PHP Coupon Script
"index.php" SQL Injection
08.36.98 - Full PHP Emlak Script "landsee.php" SQL
Injection
08.36.99 - AJ HYIP Acme
"comment.php" SQL Injection
08.36.100 - AJ HYIP Acme
"readarticle.php" SQL Injection
08.36.101 - CS-Cart
"core/user.php" SQL Injection
08.36.102 - Spice
Classifieds "index.php" SQL Injection
08.36.103 - eliteCMS "page" Parameter SQL
Injection
-- Web Application
08.36.104 - Mono "System.Web" HTTP Header Injection
08.36.105 - BitlBee Unspecified Security Bypass
08.36.106 - Ampache Insecure Temporary File
Creation
08.36.107 - Carmosa PHPCart "phpcart.php"
Multiple Cross-Site Scripting Vulnerabilities
08.36.108 - Carmosa PHPCart Order Modification
Data Integrity
08.36.109 - Debian freeradius-dialupadmin
Insecure Temporary File Creation Vulnerabilities
08.36.110 - impose+ Insecure
Temporary File Creation
08.36.111 - Novell Forum
Unspecified Tcl Command
Injection
08.36.112 - Invision Power Board Multiple Remote Security
Vulnerabilities
08.36.113 - dotProject Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
08.36.114 - Acoustica Beatcraft ".bcproj" Instrument Title Buffer
Overflow
08.36.115 - myPHPNuke "print.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
08.36.116 - Brim SQL
Injection and HTML Injection Vulnerabilities
08.36.117 - WeBid Multiple Input Validation
Vulnerabilities
08.36.118 - WeBid "config.php" Arbitrary File
Upload
08.36.119 - Novell IDM Cross
Site Scripting and HTML Injection Vulnerabilities
08.36.120 - AlcoveBook sgml2x Insecure Temporary File
Creation
08.36.121 - Kyocera Command
Center Directory Traversal
-- Network Device
08.36.122 - HP OpenView Network Node Manager Multiple Denial of Service
Vulnerabilities
08.36.123 - 3Com Wireless
8760 Dual-Radio 11a/b/g PoE HTTP POST Request Denial
of Service
______________________________________________________________________
PART I Critical
Vulnerabilities
Part I for this issue has
been compiled by Rob King at TippingPoint,
a
division of 3Com, as a
by-product of that company's continuous effort
to ensure that its intrusion
prevention products effectively block
exploits using known
vulnerabilities. TippingPoint's analysis
is
complemented by input from a
council of security managers from twelve
large organizations who
confidentially share with SANS the specific
actions they have taken to
protect their systems. A detailed description
of the process may be found
at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed
Software
*****************************
(1) CRITICAL: Novell eDirectory Multiple Vulnerabilities
Affected:
Novell eDirectory versions prior to 8.8 SP3
Description: Novell eDirectory is Novell's Lightweight Directory
Access
Protocol (LDAP) directory
server. It contains multiple vulnerabilities
in its handling of user
input, including several buffer overflows and
memory corruption
vulnerabilities. A specially crafted request could
trigger one of these
vulnerabilities, allowing an attacker to execute
arbitrary code with the
privileges of the vulnerable process. Several
cross-site-scripting,
denials-of-service and other issues were addressed
in this update. Some
technical details are publicly available for these
vulnerabilities.
Status: Vendor confirmed, updates
available.
References:
Novell Changelog
http://www.novell.com/support/viewContent.do?externalId=3426981
Product Home
Page
http://www.novell.com/products/edirectory/
Wikipedia Article on
LDAP
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
SecurityFocus
BID
http://www.securityfocus.com/bid/30947
***********************************************************
(2) CRITICAL: Red Hat
Directory Server Multiple Vulnerabilities
Affected:
Red Hat Directory Server
versions prior to 7.1 service pack 7
Description: Red Hat
Directory Server is Red Hat's Lightweight Directory
Access Protocol (LDAP)
directory server. It contains multiple buffer
overflow and
cross-site-scripting vulnerabilities in its web interface.
Successfully exploiting one
of these vulnerabilities would allow an
attacker to execute
arbitrary code with the privileges of the vulnerable
process (usually root).
Additionally, several vulnerabilities in the
processing of LDAP requests
can lead to denial-of-service conditions.
Red Hat Directory Server is
the commercialized version of the Fedora
Directory Server, which is
open source. Therefore, technical details for
these vulnerabilities may be
publicly available via source code
analysis. Note that Red Hat
Directory Server is available for multiple
operating
systems.
Status: Vendor confirmed,
updates available.
References:
Red Hat Security
Advisory
http://rhn.redhat.com/errata/RHSA-2008-0596.html
Wikipedia Article on
LDAP
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
Product Home
Page
http://www.redhat.com/directory_server/
SecurityFocus
BIDs
http://www.securityfocus.com/bid/30869
http://www.securityfocus.com/bid/30870
***********************************************************
(3) HIGH: Novell Forum
Arbitrary Tcl Command Injection
Affected:
Novell Forum versions 8.0
and prior
Description: Novell Forum is
a popular team conferencing solution. It
contains an input validation
vulnerability in its handling of user
input. A specially crafted
request can bypass input validation and allow
the injection of arbitrary
Tcl programming language commands.
These
commands would be executed
within the context of the vulnerable process,
and allow arbitrary code
execution with the privileges of the vulnerable
process. Some technical
details are publicly available for this
vulnerability.
Status: Vendor confirmed,
updates available.
References:
Novell Patch
Information
http://download.novell.com/Download?buildid=6k-5X-UPnrM~
Product Home
Page
http://www.novell.com/promo/sitescape.html
Tcl Home
Page
SecurityFocus
BID
http://www.securityfocus.com/bid/30909
***********************************************************
(4) HIGH: Novell iPrint Client ActiveX Control Buffer
Overflow
Affected:
Novell iPrint Client versions prior to 5.08
Description: Novell iPrint is a popular enterprise printing
solution.
Part of its client's
functionality is provided by an ActiveX control.
This control contains a
buffer overflow in its handling of several
methods. A specially crafted
web page that instantiates this control and
calls these methods could
trigger this buffer overflow. Successfully
exploiting this buffer
overflow would allow an attacker to execute
arbitrary code with the
privileges of the current user. Technical
details are publicly
available for this vulnerability.
Status: Vendor confirmed,
updates available. Users can mitigate the
impact of this vulnerability
by disabling the affected control via
Microsoft's "kill bit"
mechanism. Note that this will affect normal
application
functionality.
References:
Secunia
Security Advisory
http://secunia.com/secunia_research/2008-33/advisory/
Novell Changelog
http://download.novell.com/Download?buildid=dv_yn4TOPmQ~
Product Home
Page
http://www.novell.com/products/openenterpriseserver/iprint.html
Microsoft Knowledge Base
Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus
BID
http://www.securityfocus.com/bid/30986
***********************************************************
(5) HIGH: Ultra Office
ActiveX Control Multiple Vulnerabilities
Affected:
Ultra Office ActiveX Control
versions 2.x
Description: The Ultra
Office ActiveX control is used to integrate web
and other applications with
Microsoft Office. It contains multiple
vulnerabilities in its
handling of several methods. A specially crafted
web page that instantiates
this control could exploit one of these
vulnerabilities to overwrite
arbitrary files on a victim's system, or
execute arbitrary code with
the privileges of the current user. Full
technical details and
proofs-of-concept are available for these
vulnerabilities.
Status: Vendor has not
confirmed, no updates available.
References:
Proofs-of-Concept
http://www.shinnai.net/xplits/TXT_RvfuIrwypWLMaiVn33Iy.html
http://www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html
Product Home
Page
http://www.ultrashareware.com/Ultra-Office-Control.htm
SecurityFocus
BIDs
http://www.securityfocus.com/bid/30863
http://www.securityfocus.com/bid/30861
***********************************************************
(6) MODERATE: Multiple
VMware Products Multiple Vulnerabilities
Affected:
VMware ESX
Server
VMware
Fusion
VMware
ACE
VMware
Player
VMware
Server
VMware
Workstation
Description: Multiple
vulnerabilities have been discovered in multiple
VMware products. Several
products use ActiveX controls that have
potential remote code
execution vulnerabilities; a malicious web page
that instantiates one of
these controls could exploit one of these
vulnerabilities to
potentially execute arbitrary code with the
privileges of the current
user. Additionally, several products have been
shown to use older versions
of various libraries that are themselves
vulnerable to a variety of
attacks, most notably, libpng. Various
other
denial-of-service
vulnerabilities and information disclosure
vulnerabilities have been
discovered.
Status: Vendor confirmed,
updates available.
References:
VMware Security
Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
VMware Home
Page
SecurityFocus
BIDs
http://www.securityfocus.com/bid/30937
http://www.securityfocus.com/bid/30936
http://www.securityfocus.com/bid/30935
http://www.securityfocus.com/bid/30934
***********************************************************
(7) MODERATE: libpurple Multiple Vulnerabilities
Affected:
libpurple
versions prior to those distributed with Pidgin 2.4.3
Description: Libpurple is a library implementing the Microsoft
Network
(MSN) Messenger protocol,
which is used for instant messaging.
Libpurple's
implementation of this protocol is used by numerous
clients,
including Pidgin and Audium. The library contains multiple
integer
overflows in its processing
of messages; a specially crafted message
could trigger one of these
overflows, allowing an attacker to execute
arbitrary code with the
privileges of the current user. Note that Pidgin
is installed by default on
numerous Linux, Unix, and Unix-like operating
systems, and Audium is a popular instant messaging application for
Apple
Mac OS X. Other applications
using this library may also be vulnerable.
Because this library is open
source, full technical details are publicly
available via source code
analysis.
Status: Vendor confirmed,
updates available.
References:
Zero Day Initiative
Advisory
http://zerodayinitiative.com/advisories/ZDI-08-054/
Pidgin Security
Advisory
http://www.pidgin.im/news/security/?id=25
Pidgin Home
Page
Audium Home
Page
SecurityFocus
BID
http://www.securityfocus.com/bid/29956
*******************************************************
Part II: Weekly
Comprehensive List of Newly Discovered Vulnerabilities
Week 36,
2008
This list is compiled by
Qualys ( http://www.qualys.com/ ) as part of
that
company's ongoing effort to
ensure its vulnerability management web
service tests for all known
vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this
special
SANS community listing,
Qualys also includes vulnerabilities that
cannot
be scanned
remotely.
______________________________________________________________________
08.36.1 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: PureMessage for Microsoft Exchange RTF Multiple Denial
of
Service
Vulnerabilities
Description: PureMessage for Microsoft Exchange is an email
scanning
and filtering product for
Microsoft Exchange. PureMessage
for
Microsoft Exchange is
exposed to multiple remote denial of service
issues because it fails to
properly process certain
messages. PureMessage for Microsoft Exchange version 3.0 is
affected.
Ref: http://www.sophos.com/support/knowledgebase/article/44385.html
______________________________________________________________________
08.36.2 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Ultra Office Control
"Save()" Method Arbitrary File Overwrite
Description: Ultra Office
Control is an ActiveX control that allows
users to open, view and edit
Microsoft Office documents in a web
browser. Ultra Office
Control is exposed to an issue that lets
attackers overwrite files.
Ultra Office Control version 2.0.2008.501
is
affected.
Ref:
______________________________________________________________________
08.36.3 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Ultra Office Control
"HttpUpload()" Method Buffer
Overflow
Description: Ultra Office
Control is an ActiveX control that allows
users to open, view and edit
Microsoft Office documents in a web
browser. Ultra Office
Control is exposed to a buffer overflow issue
because the application
fails to perform adequate boundary checks on
user-supplied data. Ultra
Office Control version 2.0.2008.501 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.36.4 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Friendly Technologies
"fwRemoteCfg.dll" ActiveX Control Arbitrary Command
Execution
Description: Friendly
Technologies provides tools to facilitate
network connectivity between
Internet Service Providers and their
customers. Friendly
Technologies "fwRemoteCfg.dll" ActiveX control is
exposed to an issue that
lets attackers execute arbitrary commands.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.36.5 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Friendly Technologies
"fwRemoteCfg.dll" ActiveX Control Remote
Buffer
Overflow
Description: Friendly
Technologies provides tools to facilitate
network connectivity between
Internet Service Providers and their
customers. Friendly
Technologies "fwRemoteCfg.dll" ActiveX control is
exposed to a heap-based
buffer overflow issue because it fails to
perform adequate boundary
checks on user-supplied input.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.36.6 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Najdi.si Toolbar
"najdisitoolbar.dll" ActiveX Control Remote
Buffer
Overflow
Description: Najdi.si
Toolbar is an ActiveX control that contains a
built in search engine.
Najdi.si Toolbar is exposed to a buffer
overflow issue because it
fails to perform adequate
boundary checks on
user-supplied date. Najdi.si Toolbar version
2.0.4.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/495837
______________________________________________________________________
08.36.7 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: LogMeIn "RACtrl.dll" ActiveX Control Multiple Remote
Stack-Based
Buffer Overflow
Vulnerabilities
Description: LogMeIn "RACtrl.dll" ActiveX control is a remote
access
utility. LogMeIn "RACtrl.dll" ActiveX control is exposed to
multiple
stack-based buffer overflow
issues because it fails to perform
adequate boundary checks on
user-supplied data.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.36.8 CVE: CVE-2008-3691,
CVE-2008-3692, CVE-2008-3693,
CVE-2008-3694,
CVE-2008-3695, CVE-2008-3696
Platform: Third Party
Windows Apps
Title: VMware Multiple
ActiveX Controls Multiple Unspecified Security
Vulnerabilities
Description: Multiple VMware
ActiveX controls are exposed to multiple
unspecified vulnerabilities.
Please refer to the link below for
further
information.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.36.9 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Friendly Technologies
"fwRemoteCfg.dll" ActiveX Control
Information
Disclosure
Description: Friendly
Technologies provides tools to facilitate
network connectivity between
Internet Service Providers and their
customers. Friendly
Technologies "fwRemoteCfg.dll" ActiveX control is
exposed to an issue that
lets attackers read arbitrary local files.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.36.10 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Friendly Technologies
"fwRemoteCfg.dll" ActiveX Control
Registry Key
Manipulation
Description: Friendly
Technologies provides tools to facilitate
network connectivity between
Internet Service Providers and their
customers. Friendly
Technologies "fwRemoteCfg.dll" ActiveX control is
exposed to a
registry-key-manipulation issue.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.36.11 CVE: Not
Available
Platform:
Linux
Title: APTonCD Insecure Temporary File
Creation
Description: APTonCD is a tool for creating a removable repository
of
packages obtained with
APT-GET. APTonCD creates temporary files in
an
insecure manner. The issue
occurs because the
"/usr/share/aptoncd/xmlfile.py"
script creates files in an insecure
manner. APTonCD version 0.1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________
08.36.12 CVE: Not
Available
Platform:
Linux
Title: Aegis "aegis.cgi"
Insecure Temporary File Creation
Description: Aegis is a
transaction-based application for software
configuration management.
Aegis creates temporary files in an insecure
manner. The issue occurs
because the "aegis.cgi" script creates files
in an insecure manner. Aegis
version 4.2.4 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415
______________________________________________________________________
08.36.13 CVE:
CVE-2008-2930
Platform:
Linux
Title: Red Hat Directory
Server Crafted Search Pattern Denial of
Service
Description: Red Hat
Directory Server is an LDAPv3-compliant
identity-management
solution. Red Hat Directory Server is exposed to a
denial of service issue
because the server fails to handle specially
crafted search patterns. Red
Hat Directory Server versions 7.1 and 8
are
affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
______________________________________________________________________
08.36.14 CVE:
CVE-2008-3283
Platform:
Linux
Title: Red Hat Directory
Server LDAP Memory Leak Multiple Remote
Denial of Service
Vulnerabilities
Description: Red Hat
Directory Server is an LDAPv3-compliant
authentication solution.
Directory Server is exposed to multiple
remote denial of service
vulnerabilities due to memory leaks. An
attacker may exploit these
issues during the authentication / bind
phases of an LDAP session,
or by making LDAP search requests.
Directory Server versions
7.1, 8 EL4, and 8 EL5 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
______________________________________________________________________
08.36.15 CVE:
CVE-2008-2928
Platform:
Linux
Title: Red Hat Directory
Server Accept Language HTTP Headers Buffer
Overflow
Description: Red Hat
Directory Server is a centralization server based
on the Lightweight Directory
Access Protocol (LDAP). The server is
exposed to a buffer overflow
issue because it fails to perform
adequate boundary checks on
user-supplied data. Red Hat Directory
Server version 7.1 is
affected. It also affects adminutil
packages
shipped in Red Hat Directory
Server 8 and Fedora Directory
Server, prior to adminutil version 1.1.7.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
______________________________________________________________________
08.36.16 CVE: Not
Available
Platform:
Linux
Title: gdrae Insecure Temporary File Creation
Description: gdrae is a standalone graphical user interface
(GUI)
application that allows
users to query the Real Academia Espanola
dictionary. gdrae creates temporary files in an insecure manner.
The
issue occurs because the
"gdrae" script creates files in an
insecure
manner. gdrae version 0.1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________
08.36.17 CVE: Not
Available
Platform:
Linux
Title: cman "fence_egenera" Insecure
Temporary File Creation
Description: cman is a component of the cluster2 Cluster
Manager
system. cman creates temporary files in an insecure manner. The
issue
occurs because the "/usr/sbin/fence_egenera" script creates files in
an insecure manner. The
"cman" component of cluster2 2.03.07
is
vulnerable; other versions
may also be affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410
______________________________________________________________________
08.36.18 CVE: Not
Available
Platform:
Linux
Title: Debian Feta "to-upgrade" Plugin Insecure Temporary
File
Creation
Description: Debian Feta is a front end to multiple package
management
tools including dpkg, APT, and debconf. Feta
creates temporary files
in an insecure manner. The
issue occurs because the
"plugins/to-upgrade" script
creates files in an insecure manner.
Debian Feta
version 1.4.16 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496397
______________________________________________________________________
08.36.19 CVE: Not
Available
Platform:
Linux
Title: Debian dhis-server Insecure
Temporary File Creation
Description: Debian dhis-server is an open
source server application.
It provides dynamic host
information services. dhis-server
creates
temporary files in an
insecure manner. The issue occurs because the
"dhis-dummy-log-engine" script creates files in an insecure
manner.
Debian dhis-server version 5.3 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496388
______________________________________________________________________
08.36.20 CVE: Not
Available
Platform:
Linux
Title: Debian FML "libexec/mead.pl"
Insecure Temporary File Creation
Description: Debian FML is a front end to multiple package
management
tools including dpkg, APT, and debconf. FML
creates temporary files in
an insecure manner. The
issue occurs because the "libexec/mead.pl"
script creates files in an
insecure manner. Debian FML version
4.0.3
is
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496360
______________________________________________________________________
08.36.21 CVE: Not
Available
Platform:
Linux
Title: LinuxTrade Insecure Temporary File Creation
Vulnerabilities
Description: LinuxTrade is a stock streamer application for
Linux.
LinuxTrade
creates temporary files in an insecure manner. The issues
affect the following
scripts: "bin/linuxtrade.bwkvol",
"bin/linuxtrade.wn" and "bin/moneyam.helper". LinuxTrade
version 3.65
is
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496372
______________________________________________________________________
08.36.22 CVE: Not
Available
Platform:
Linux
Title: Debian "linux-patch-openswan" Insecure Temporary File
Creation
Vulnerabilities
Description: Debian "linux-patch-openswan" is a package which contains
the patches for the Linux
kernel to implement necessary kernel support
to use Openswan. The issue occurs because the
"/usr/src/kernel-patches/all/openswan/packaging/utils/maysnap" and
"/usr/src/kernel-patches/all/openswan/packaging/utils/maytest" scripts
create files in an insecure
manner. Debian "linux-patch-openswan"
version 2.4.12+dfsg-1.1 is
affected.
Ref: http://packages.debian.org/sid/linux-patch-openswan
______________________________________________________________________
08.36.23 CVE: Not
Available
Platform:
Linux
Title: Dreambox Web Interface URI Remote Denial of
Service
Description: Dreambox is a Linux-based DVB satellite and digital
cable
decoder. Dreambox is exposed to a remote denial of service issue
that
occurs in the devices web
interface. This issue occurs when handling
URIs larger than 512 bytes.
Dreambox version DM500C is
affected.
Ref: http://www.securityfocus.com/archive/1/495837
______________________________________________________________________
08.36.24 CVE: Not
Available
Platform:
Linux
Title: Ogle DVD Player
Insecure Temporary File Creation
Vulnerabilities
Description: Ogle DVD Player
is a multimedia application for Linux.
Ogle creates temporary files
in an insecure manner. Ogle version 0.9.2
is
affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________
08.36.25 CVE: Not
Available
Platform:
Linux
Title: Postfix "epoll" Linux Event Handler Local Denial of
Service
Description: Postfix is an
open source mail transfer agent. The
application uses "epoll" input/output event handlers for the Linux
2.6
kernel. Postfix is exposed
to a local denial of service issue because
of an "epoll" file descriptor leak when it executes
non-Postfix
commands from a user's
"$HOME/.forward" file. Postfix versions 2.4 and
later for Linux kernel 2.6
platforms are affected.
Ref: http://www.securityfocus.com/archive/1/495894
______________________________________________________________________
08.36.26 CVE: Not
Available
Platform:
Solaris
Title: Sun Solaris Kernel
Covert Channel Creation Security Bypass
Description: Sun Solaris is
an enterprise-grade UNIX distribution. The
Solar