*************************************************************************

          @RISK: The Consensus Security Vulnerability Alert

Sept. 25, 2008                                            Vol. 7. Week 39

*************************************************************************

 

@RISK is the SANS community's consensus bulletin summarizing the most

important vulnerabilities and exploits identified during the past week

and providing guidance on appropriate actions to protect your systems

(PART I). It also includes a comprehensive list of all new

vulnerabilities discovered in the past week (PART II).

 

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities

- ------------------------        -------------------------------------

Other Microsoft Products                            1

Third Party Windows Apps                            8 (#5)

Linux                                               2

Mac OS X                                            1 (#2)

Solaris                                             2

Cross Platform                                     12 (#1, #3)

Web Application - Cross Site Scripting             15

Web Application - SQL Injection                    44

Web Application                                    43

Network Device                                      3 (#4)

 

*************************************************************************

 

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

 

Widely Deployed Software

(1) CRITICAL: Mozilla Products Multiple Vulnerabilities

(2) CRITICAL: Apple Mac OS X Java Plugin Multiple Vulnerabilities

(3) CRITICAL: Sun Java Runtime Environment Multiple Vulnerabilities

(4) HIGH: Cisco IOS Multiple Vulnerabilities

(5) HIGH: FLEXnet Connect ActiveX Control Buffer Overflow

 

*************************************************************************

 

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from

Qualys (www.qualys.com)

 

 -- Other Microsoft Products

08.39.1  - Microsoft Internet Explorer Malformed PNG File Remote Denial of Service

 -- Third Party Windows Apps

08.39.2  - Kantan WEB Server Unspecified Directory Traversal

08.39.3  - Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities

08.39.4  - Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities

08.39.5  - InstallShield Update Service Agent ActiveX Control Buffer Overflow

08.39.6  - ISC BIND Windows UDP Client Handler Denial of Service

08.39.7  - DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities

08.39.8  - Foxmail Email Client "mailto" Buffer Overflow

08.39.9  - Chilkat XML ActiveX Control Multiple Vulnerabilities

 -- Linux

08.39.10 - Openswan IPsec Livetest Insecure Temporary File Creation

08.39.11 - strongSwan "mpz_export()" Remote Denial of Service

 -- Solaris

08.39.12 - Sun Solaris Text Editors Local Privilege Escalation

08.39.13 - Sun Solaris UFS Filesystem "acl(2)" Local Denial of Service

 -- Cross Platform

08.39.14 - G DATA InternetSecurity/AntiVirus/TotalCare 2008 "GDTdiIcpt.sys" Memory Corruption

08.39.15 - Apple QuickTime/iTunes QuickTime Type Remote Buffer Overflow

08.39.16 - FAAD2 Frontend "decodeMP4file()" Heap-Based Buffer Overflow

08.39.17 - Mercurial hgweb "allowpull" Information Disclosure

08.39.18 - FFmpeg "lavf_demux" Animated GIF Processing Remote Denial of Service

08.39.19 - Emacspeak "extract-table.pl" Insecure Temporary File Creation

08.39.20 - fhttpd Basic Authorization Remote Denial of Service

08.39.21 - ProFTPD Long Command Handling Security

08.39.22 - JBoss Enterprise Application Platform Class Files Information Disclosure

08.39.23 - Multiple Vendors IMAP Servers Denial of Service

08.39.24 - BitlBee Unspecified Security Bypass Variant

08.39.25 - Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities

 -- Web Application - Cross Site Scripting

08.39.26 - Sama Educational Management System "Error.asp" Cross-Site Scripting

08.39.27 - Kantan WEB Server Unspecified Cross-Site Scripting

08.39.28 - Quick.Cms.Lite "admin.php" Cross-Site Scripting

08.39.29 - Quick.Cart "admin.php" Cross-Site Scripting

08.39.30 - Parallels H-Sphere "login.php" Multiple Cross-Site Scripting Vulnerabilities

08.39.31 - LooYu Web IM Cross-Site Scripting

08.39.32 - eXtrovert software Thyme "add_calendars.php" Cross-Site Scripting

08.39.33 - fuzzylime (cms) "usercheck.php" Cross-Site Scripting

08.39.34 - BLUEPAGE CMS "index.php" Multiple Cross-Site Scripting Vulnerabilities

08.39.35 - xt:Commerce Session Fixation and Cross-Site Scripting Vulnerabilities

08.39.36 - DataSpade "index.asp" Multiple Cross-Site Scripting Vulnerabilities

08.39.37 - Achievo "dispatch.php" Cross-Site Scripting

08.39.38 - Achievo "atknodetype" Parameter Cross-Site Scripting

08.39.39 - phpMyAdmin Cross-Site Scripting

08.39.40 - Datalife Engine CMS "admin.php" Cross-Site Scripting

 -- Web Application - SQL Injection

08.39.41 - SoftAcid Hotel Reservation System "city.asp" SQL Injection

08.39.42 - Cars & Vehicle "page.php" SQL Injection

08.39.43 - Add a link Security Bypass and SQL Injection Vulnerabilities

08.39.44 - Drupal Mailhandler Module Multiple SQL Injection Vulnerabilities

08.39.45 - ProArcadeScript "random" Parameter SQL Injection

08.39.46 - Diesel Joke Site "picture_category.php" SQL Injection

08.39.47 - TYPO3 Simple Random Objects Extension Unspecified SQL Injection

08.39.48 - TYPO3 auto BE User Registration "autobeuser" Component SQL Injection

08.39.49 - TYPO3 My Quiz and Poll Extension Unspecified SQL Injection

08.39.50 - TYPO3 Swigmore institute Extension Unspecified SQL Injection

08.39.51 - TYPO3 FE address edit for tt_address & direct mail Extension Unspecified SQL Injection

08.39.52 - TYPO3 Diocese of Portsmouth Church Search Extension Unspecified SQL Injection

08.39.53 - TYPO3 HBook Extension Unspecified SQL Injection

08.39.54 - PHP Pro Bid Multiple SQL Injection Vulnerabilities

08.39.55 - TYPO3 Random Prayer Version 2 Extension Unspecified SQL Injection

08.39.56 - TYPO3 Another Backend Login Extension Unspecified SQL Injection

08.39.57 - MyFWB Page Variable SQL Injection

08.39.58 - jPortal "humor.php" SQL Injection

08.39.59 - Plaincart "index.php" SQL Injection

08.39.60 - Diesel Pay "index.php" SQL Injection

08.39.61 - Oceandir "show_vote.php" SQL Injection

08.39.62 - Mevin Productions Basic PHP Events Lister "id" Parameter SQL Injection

08.39.63 - PHPKB Multiple SQL Injection Vulnerabilities

08.39.64 - NetArt Media Real Estate Portal "index.php" SQL Injection

08.39.65 - NetArt Media Jobs Portal Multiple SQL Injection Vulnerabilities

08.39.66 - 6rbScript "singerid" Parameter SQL Injection

08.39.67 - AvailScript Article Script "view.php" SQL Injection

08.39.68 - Diesel Job Site "job-info.php" SQL Injection

08.39.69 - e107 my_gallery Plugin "image_gallery.php" SQL Injection

08.39.70 - Invision Power Board "name" parameter SQL Injection

08.39.71 - rgb72 WCMS "index.php" SQL Injection

08.39.72 - WSN Links "comments.php" SQL Injection

08.39.73 - MapCal "id" Parameter SQL Injection

08.39.74 - WSN Links "vote.php" SQL Injection

08.39.75 - BuzzScripts BuzzyWall "search.php" SQL Injection

08.39.76 - E-Php Shopping Cart Script "search_results.php" SQL Injection

08.39.77 - Agares Media Arcadem Pro "articleblock.php" SQL Injection

08.39.78 - BlueCUBE CMS "tienda.php" SQL Injection

08.39.79 - University of Queensland Fez "list.php" SQL Injection

08.39.80 - 6rbScript "cat.php" SQL Injection

08.39.81 - CJ Ultra Plus "SID" Cookie Parameter SQL Injection

08.39.82 - iGaming CMS Multiple SQL Injection Vulnerabilities

08.39.83 - JETIK-WEB "sayfa.php" SQL Injection

08.39.84 - Greatclone Hotscripts Clone "showcategory.php" SQL Injection

 -- Web Application

08.39.85 - Attachmax Multiple Security Vulnerabilities

08.39.86 - osCommerce 'create_account.php" Information Disclosure

08.39.87 - phpRealty "view.php" Remote File Include

08.39.88 - PHP-Crawler "footer.php" Remote File Include

08.39.89 - Technote "twindow_notice.php" Remote File Include

08.39.90 - Drupal Link to Us "Link page header" Field HTML Injection

08.39.91 - x10 Automatic MP3 Script "web_root" Parameter Multiple Remote File Include Vulnerabilities

08.39.92 - Gallery Prior to 2.2.6 Multiple Vulnerabilities

08.39.93 - Drupal Mailsave Module MIME Type HTML Injection

08.39.94 - Denora IRC Stats CTCP String Handling Remote Denial of Service

08.39.95 - Drupal Talk Module Multiple Remote Vulnerabilities

08.39.96 - Cyask "collect.php" Information Disclosure

08.39.97 - AssetMan "search_inv.php" Session Fixation

08.39.98 - HyperStop WebHost Directory Database Disclosure

08.39.99 - phpShop Unspecified Session Fixation

08.39.100 - TYPO3 "kw_secdir" Extension Unspecified Remote Code Execution

08.39.101 - TYPO3 File List Extension Unspecified Information Disclosure

08.39.102 - Advanced Electron Forum BBCode "preg_replace" PHP Code Injection Vulnerabilities

08.39.103 - Explay CMS Cookie Authentication Bypass

08.39.104 - Explay CMS Multiple HTML Injection Vulnerabilities

08.39.105 - Epic Games Unreal Tournament 3 UT3 WebAdmin Directory Traversal

08.39.106 - Drupal Insecure Cookie Disclosure Weakness

08.39.107 - Rianxosencabos CMS Cookie Authentication Bypass

08.39.108 - ClanSphere Multiple Information Disclosure Vulnerabilities

08.39.109 - MyBB Prior to 1.4.2 Multiple Security Vulnerabilities

08.39.110 - Rianxosencabos CMS "useradmin.php" Access Validation

08.39.111 - AvailScript Job Portal Script Remote File Upload

08.39.112 - 6rbScript "section.php" Local File Include

08.39.113 - UNAK-CMS Cookie Authentication Bypass

08.39.114 - openElec "form.php" Local File Include

08.39.115 - MyBlog "add.php" Cookie Authentication Bypass

08.39.116 - rgb72 WCMS "change_password.asp" Account Creation Access Validation

08.39.117 - BLUEPAGE CMS "PHPSESSID" Session Fixation

08.39.118 - PHP iCalendar Cookie Authentication Bypass

08.39.119 - SquirrelMail Insecure Cookie Disclosure Weakness

08.39.120 - Vignette Content Management Unspecified Security Bypass

08.39.121 - BaseBuilder "main.inc.php" Remote File Include

08.39.122 - pfSense DHCPREQUEST Hostname HTML Injection

08.39.123 - Omnicom Content Platform "browser.asp" Parameter Directory Traversal

08.39.124 - OpenRat "insert.inc.php" Remote File Include

08.39.125 - Sofi WebGUI "modstart.php" Remote File Include

08.39.126 - Mantis Insecure Cookie Disclosure Weakness

08.39.127 - Ol' Bookmarks Multiple Input Validation Vulnerabilities

 -- Network Device

08.39.128 - Cisco 871 Integrated Services Router Cross-Site Request Forgery

08.39.129 - Xerox WorkCentre/WorkCentre Pro Network Controller Remote Code Execution

08.39.130 - Multiple Sagem F@st Routers DHCP Hostname HTML Injection

 

______________________________________________________________________

 

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a

division of 3Com, as a by-product of that company's continuous effort

to ensure that its intrusion prevention products effectively block

exploits using known vulnerabilities. TippingPoint's analysis is

complemented by input from a council of security managers from twelve

large organizations who confidentially share with SANS the specific

actions they have taken to protect their systems. A detailed description

of the process may be found at

http://www.sans.org/newsletters/cva/#process

 

*****************************

Widely Deployed Software

*****************************

 

(1) CRITICAL: Mozilla Products Multiple Vulnerabilities

Affected:

Mozilla Firefox versions 3.0.1 and prior

Mozilla Thunderbird versions 2.0.0.16 and prior

Mozilla SeaMonkey versions 1.1.11 and prior

Description: Several Mozilla products, including the popular Mozilla web

browser, contain multiple vulnerabilities in their handling of a variety

of inputs. Flaws in the handling of URLs, JavaScript, image files, and

other input can lead to vulnerabilities ranging in severity from remote

code execution to information disclosure and denials-of-service.

Technical details are available for some of these vulnerabilities, and

further technical details could be obtained via source code analysis.

Status: Vendor confirmed, updates available.

References:

Mozilla Security Advisories

http://www.mozilla.org/security/announce/2008/mfsa2008-45.html

http://www.mozilla.org/security/announce/2008/mfsa2008-44.html

http://www.mozilla.org/security/announce/2008/mfsa2008-43.html

http://www.mozilla.org/security/announce/2008/mfsa2008-42.html

http://www.mozilla.org/security/announce/2008/mfsa2008-41.html

http://www.mozilla.org/security/announce/2008/mfsa2008-40.html

http://www.mozilla.org/security/announce/2008/mfsa2008-39.html

http://www.mozilla.org/security/announce/2008/mfsa2008-38.html

http://www.mozilla.org/security/announce/2008/mfsa2008-37.html

Vendor Home Page

http://www.mozilla.org

SecurityFocus BID

http://www.securityfocus.com/bid/31346

 

****************************************************

(2) CRITICAL: Apple Mac OS X Java Plugin Multiple  Vulnerabilities

Affected:

Apple Mac OS X versions 10.5.5 and prior

Description: The Java Runtime Environment installed by default on Apple

Mac OS X contains multiple vulnerabilities. A flaw in the handling of

"file://" URLs by Java applets could allow an applet to execute

arbitrary commands with the privileges of the current user.

Additionally, a flaw in the handling of Hash-based Message

Authentication Codes (HMACs), used to validate applet origin, could lead

to a memory corruption vulnerability. Successfully exploiting this

vulnerability would allow an attacker to execute arbitrary code with the

privileges of the current user. It is believed that these

vulnerabilities are distinct from the vulnerabilities in the Sun Java

Runtime Environment discussed below.

Status: Vendor confirmed, updates available.

References:

Apple Security Advisoriy

http://support.apple.com/kb/HT3179

Apple Mac OS X Home Page

http://www.apple.com/macosx

SecurityFocus BIDs

http://www.securityfocus.com/bid/31380

http://www.securityfocus.com/bid/31379

 

****************************************************

(3) CRITICAL: Sun Java Runtime Environment Multiple Vulnerabilities

Affected:

Sun Java Runtime Environment versions prior to Java 6 update 7

Description: The Sun Java Runtime Environment is the standard

implementation of the Java Platform Runtime Environment. It contains

multiple vulnerabilities in its handling of scripting in applets. A

specially crafted applet could exploit one of these vulnerabilities to

escalate its privileges. This would allow the applet to access the

vulnerable system with the privileges of the current user. Additional

vulnerabilities would allow one applet to interact with another,

potentially unrelated, applet. The Sun Java Runtime Environment is

installed by default on all Apple Mac OS X systems, Sun Solaris systems,

most Unix and Linux-based operating systems, and is commonly installed

on Microsoft Windows. Some technical details are publicly available for

these vulnerabilities.  Note that applets are often executed immeditely

upon receipt, without first prompting the user.

Status: Vendor confirmed, updates available. Note that this update

includes fixes for other, previously-discussed vulnerabilities that were

addressed in earlier hotfixes.

References:

Sun Security Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1

Sun Java Home Page

http://java.sun.com

SecurityFocus BID

http://www.securityfocus.com/bid/30144

 

****************************************************

(4) HIGH: Cisco IOS Multiple Vulnerabilities

Affected:

Cisco IOS, multiple versions and featuresets, on multiple types of systems

Description: Cisco Internetwork Operating System (IOS) is Cisco's

operating system for most of its routing and switching products. It

contains multiple vulnerabilities in its handling of a variety of

network protocols. A specially crafted request in any one of these

protocols could result in a denial-of-service condition. This condition

may affect a subsystem on the affected device, or the entire device. In

some cases, technical details are publicly available. Affected protocols

include Protocol Independent Multicast, Cisco IPC, Session Initiation

Protocol, Multiprotocol Label Switching, Layer 2 Tunneling Protocol,

Secure Sockets Layer, DNS, and other protocols. Additionally, the Cisco

uBR10012 Router contains a default configuration weakness; a default

Simple Network Management Protocol (SNMP) community configuration. This

vulnerability could be leveraged to take complete control of the

vulnerable device.

Status: Vendor confirmed, updates available. Users are advised to

disable unnecessary protocol processing if possible.

References:

Cisco Security Advisories

http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01556.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml

Product Home Page

http://www.cisco.com/public/sw-center/sw-ios.shtml

SecurityFocus BIDs

http://www.securityfocus.com/bid/31355

http://www.securityfocus.com/bid/31359

http://www.securityfocus.com/bid/31354

http://www.securityfocus.com/bid/31364

http://www.securityfocus.com/bid/31365

http://www.securityfocus.com/bid/31358

http://www.securityfocus.com/bid/31360

http://www.securityfocus.com/bid/31361

http://www.securityfocus.com/bid/31363

http://www.securityfocus.com/bid/31356

 

****************************************************

(5) HIGH: FLEXnet Connect ActiveX Control Buffer Overflow

Affected:

FLEXnet Connect versions 6.x

Macromedia InstallShield 2008 Premier

Description: FLEXnet Connect is a component used by the Macromedia

InstallShield installation suite. It contains a buffer overflow in its

handling of certain input. A specially crafted web page that

instantiated this control could trigger this buffer overflow.

Successfully exploiting this buffer overflow would allow an attacker to

execute arbitrary code with the privileges of the current user. Some

technical details are publicly available for this vulnerability.

Status: Vendor confirmed, updates available. Users can mitigate the

impact of this vulnerability by disabling the affected control via

Microsoft's "kill bit" mechanism using CLSID

"E9880553-B8A7-4960-A668-95C68BED571E".

References:

Macromedia Security Advisory

http://kb.acresso.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q113020&sliceId=

Microsoft Knowledge Base Article (details the "kill bit" mechanism)

http://support.microsoft.com/kb/240797

Product Home Page

http://consumer.installshield.com/about_us.asp

SecurityFocus BID

http://www.securityfocus.com/bid/31235

 

 

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities

Week 39, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that

company's ongoing effort to ensure its vulnerability management web

service tests for all known vulnerabilities that can be scanned. As of

this week Qualys scans for 5549 unique vulnerabilities. For this special

SANS community listing, Qualys also includes vulnerabilities that cannot

be scanned remotely.

______________________________________________________________________

 

08.39.1 CVE: Not Available

Platform: Other Microsoft Products

Title: Microsoft Internet Explorer Malformed PNG File Remote Denial of

Service

Description: Microsoft Internet Explorer is a web browser available

for Microsoft Windows. Internet Explorer is exposed to a remote denial

of service issue when handling web pages containing a malformed PNG

file. The issue occurs in the "CDwnTaskExec::ThreadExec()" function of

the "msHhtml.dll" library when grabbing and running tasks

synchronously. Microsoft Internet Explorer 7 and 8 Beta 1 are

affected.

Ref: http://www.securityfocus.com/archive/1/496483

______________________________________________________________________

 

08.39.2 CVE: Not Available

Platform: Third Party Windows Apps

Title: Kantan WEB Server Unspecified Directory Traversal

Description: Kantan WEB Server is a web server application for

Microsoft Windows. The application is exposed to an unspecified

directory traversal issue because it fails to sufficiently sanitize

user-supplied input. Kantan WEB Server versions prior to 1.9 are

affected.

Ref: http://jvn.jp/en/jp/JVN79026329/index.html

______________________________________________________________________

 

08.39.3 CVE: Not Available

Platform: Third Party Windows Apps

Title: Acritum Femitter Server Information Disclosure and Denial of

Service Vulnerabilities

Description: Acritum Femitter Server is an FTP and HTTP server

application available for Microsoft Windows. Femitter Server is

exposed to multiple issues. Successfully exploiting these issues may

allow an attacker to disclose sensitive information or cause the

affected application to crash, denying service to legitimate users.

Femitter Server version 1.03 is affected.

Ref: http://www.securityfocus.com/bid/31226

______________________________________________________________________

 

08.39.4 CVE: Not Available

Platform: Third Party Windows Apps

Title: Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple

Insecure Method Vulnerabilities

Description: Data Dynamics ActiveReports is an addon for the Microsoft

Visual Studio development tool. Data Dynamics ActiveReports ActiveX

control is exposed to multiple insecure method issues. Data Dynamics

ActiveReports Professional Edition Build version 2.5.0.1314 is

affected.

Ref: http://vuln.sg/ddarviewer2501314-en.html

______________________________________________________________________

 

08.39.5 CVE: CVE-2008-2470

Platform: Third Party Windows Apps

Title: InstallShield Update Service Agent ActiveX Control Buffer

Overflow

Description: InstallShield Update Service ActiveX control is included

with some InstallShield Windows installers. The control is exposed to

a buffer overflow issue because it fails to perform adequate boundary

checks on user-supplied input to the "ExecuteRemote()" method of

"isusweb.dll".

Ref: http://www.kb.cert.org/vuls/id/630017

______________________________________________________________________

 

08.39.6 CVE: CVE-2007-2241

Platform: Third Party Windows Apps

Title: ISC BIND Windows UDP Client Handler Denial of Service

Description: ISC BIND (Berkley Internet Domain Name) is an

implementation of DNS protocols. ISC BIND for Windows is exposed to a

denial of service issue because it fails to handle certain UDP

packets. BIND versions 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 for

the Windows platform are affected.

Ref: http://marc.info/?l=bind-announce&m=122180376630150&w=2

______________________________________________________________________

 

08.39.7 CVE: Not Available

Platform: Third Party Windows Apps

Title: DESlock+ Local Buffer Overflow and Multiple Denial of Service

Vulnerabilities

Description: DESlock+ is a data protection software product available for

Windows platforms. The application is exposed to multiple local issues.

DESlock+ versions 3.2.7 and earlier are affected.

Ref: http://www.securityfocus.com/bid/31273

______________________________________________________________________

 

08.39.8 CVE: Not Available

Platform: Third Party Windows Apps

Title: Foxmail Email Client "mailto" Buffer Overflow

Description: Foxmail Email Client is a mail client application

available for Microsoft Windows. Foxmail Email Client is exposed to a

buffer overflow issue because it fails to perform adequate

boundary checks on user-supplied data. Foxmail Email Client version

6.5 is affected.

Ref: http://www.securityfocus.com/bid/31294

______________________________________________________________________

 

08.39.9 CVE: Not Available

Platform: Third Party Windows Apps

Title: Chilkat XML ActiveX Control Multiple Vulnerabilities

Description: The Chilkat XML ActiveX control is an XML parser

application. The Chilkat XML ActiveX control is exposed to multiple

issues. An attacker can exploit these issues by enticing an

unsuspecting user to view a malicious HTML page. The Chilkat XML

ActiveX control DLL "ChilkatUtil.dll" versions 3.0.3.0 and earlier are

affected.

Ref: http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS

______________________________________________________________________

 

08.39.10 CVE: Not Available

Platform: Linux

Title: Openswan IPsec Livetest Insecure Temporary File Creation

Description: Openswan is an implementation of IPsec for Linux. The

application creates temporary files in an insecure manner. The issue

occurs because the "/usr/libexec/ipsec/livetest" script creates files

in an insecure manner.

Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374

______________________________________________________________________

 

08.39.11 CVE: Not Available

Platform: Linux

Title: strongSwan "mpz_export()" Remote Denial of Service

Description: strongSwan is an open-source implementation of an IPSec

VPN for Linux. The application is exposed to a remote denial of

service issue. Specifically, the issue occurs due to a NULL-pointer

dereference in the "mpz_export()" function. strongSwan versions 4.2.6

and prior are affected.

Ref: http://labs.mudynamics.com/advisories/MU-200809-01.txt

______________________________________________________________________

 

08.39.12 CVE: Not Available

Platform: Solaris

Title: Sun Solaris Text Editors Local Privilege Escalation

Description: Sun Solaris text editors are exposed to a local privilege

escalation issue. Specifically, the issue occurs in the Solaris text

editors like vi(1), ex(1), vedit(1), view(1), and edit(1) when

handling tags. Sun Solaris versions 8, 9 and 10 are affected.

Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237987-1

______________________________________________________________________

 

08.39.13 CVE: Not Available

Platform: Solaris

Title: Sun Solaris UFS Filesystem "acl(2)" Local Denial of Service

Description: Sun Solaris is a UNIX-based operating system. Sun Solaris

is exposed to a local denial of service issue due to unspecified

errors in the Access Control Lists implementation for UFS file

systems. Sun Solaris versions 8, 9, 10 and OpenSolaris for SPARC and

x86 platforms are affected.

Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242267-1

______________________________________________________________________

 

08.39.14 CVE: Not Available

Platform: Cross Platform

Title: G DATA InternetSecurity/AntiVirus/TotalCare 2008

"GDTdiIcpt.sys" Memory Corruption

Description: G DATA InternetSecurity/AntiVirus/TotalCare 2008 are

computer security applications. The applications are exposed to an

issue that allows local attackers to corrupt kernel memory. This issue

occurs because the software fails to sufficiently validate IOCTL

requests.

Ref: http://www.trapkit.de/advisories/TKADV2008-008.txt

______________________________________________________________________

 

08.39.15 CVE: CVE-2008-4116

Platform: Cross Platform

Title: Apple QuickTime/iTunes QuickTime Type Remote Buffer Overflow

Description: Apple QuickTime is a media player that supports multiple

file formats. The application is exposed to a buffer overflow issue

because it fails to properly handle long strings in a file with a

recognized header but with a nonmatching filetype. QuickTime version

7.5.5 and iTunes version 8.0 are affected.

Ref: http://www.securityfocus.com/bid/31212

______________________________________________________________________

 

08.39.16 CVE: Not Available

Platform: Cross Platform

Title: FAAD2 Frontend "decodeMP4file()" Heap-Based Buffer Overflow

Description: FAAD2 (Freeware Advanced Audio Decoder) is an open source

MPEG-4 and MPEG-2 AAC decoder. FAAD2 is exposed to a heap-based buffer

overflow occurring in the "decodeMP4file()" function of the

"faad2/frontend/main.c" source file. The application's command-line

front end fails to adequately validate input from a buffer returned by

the decoder library. FAAD2 version 2.6 is affected.

Ref: http://www.audiocoding.com/index.html

______________________________________________________________________

 

08.39.17 CVE: Not Available

Platform: Cross Platform

Title: Mercurial hgweb "allowpull" Information Disclosure

Description: Mercurial is a source control system available for

multiple operating platforms. Mercurial is exposed to an

information disclosure issue because it fails to honor specific

configuration options. This issue occurs in the "hgweb" component used

to provide CGI access to a source repositiory. This component fails to

honor the "allowpull" configuration option. Mercurial version 1.0.1 is

affected.

Ref:

http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b

______________________________________________________________________

 

08.39.18 CVE: CVE-2008-3230

Platform: Cross Platform

Title: FFmpeg "lavf_demux" Animated GIF Processing Remote Denial of

Service

Description: FFmpeg is a media player. "lavf_demuxer" is a library

used to decode image files. FFmpeg is exposed to a remote denial of

service issue that occurs when processing specially-crafted animated

GIF media files. This error occurs in the source file

"libavformat/gifdec.c". FFmpeg version 0.4.9-pre1 is affected.

Ref: http://www.securityfocus.com/bid/31234

______________________________________________________________________