*****************************************************************************
@RISK: The Consensus Security
Vulnerability Alert
October 2nd, 2008 Vol. 7. Week 40
*****************************************************************************
@RISK is the SANS
community's consensus bulletin summarizing the most
important vulnerabilities
and exploits identified during the past week
and providing guidance on
appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all
new
vulnerabilities discovered
in the past week (PART II).
Summary of Updates and
Vulnerabilities in this Consensus
Platform Number of Updates and
Vulnerabilities
-
-----------------------
------------------------------------
Other Microsoft
Products 2
Third Party Windows
Apps 13 (#1, #3,
#4, #5)
Mac Os 2
Linux 1
Cross Platform 15 (#2)
Web Application - Cross
Site Scripting 15
Web Application - SQL
Injection 29
Web Application 59
Network Device 13
*****************************************************************************
Table Of Contents
Part I -- Critical
Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: RealFlex/DATAC RealWin Buffer
Overflow
(2) HIGH: Trend Micro OfficeScan Multiple Vulnerabilities
(3) HIGH: Nokia PC Suite
Buffer Overflow
(4) HIGH: Autodesk LiveUpdate and Express Viewer ActiveX Controsl
Multiple
Vulnerabilities
(5) HIGH: Novell ZENworks Desktop Management ActiveX Control Buffer Overflow
*****************************************************************************
Part II -- Comprehensive
List of Newly Discovered Vulnerabilities from Qualys
08.40.1 - Microsoft WordPad ".doc" File Remote
Denial of Service
08.40.2 - Microsoft GDI+ "GDIPLUS.dll" ICO
File Divide-By-Zero Denial of Service
-- Third Party Windows Apps
08.40.3 - NMS DVD Burning SDK "NMSDVDX.dll"
ActiveX Control Arbitrary File Overwrite
08.40.4 - K-Lite Mega Codec
Pack "vsfilter.dll" Denial of Service
08.40.5 - CCProxy Server
HTTP "CONNECT" Request Buffer Overflow
08.40.6 - DATAC RealWin
SCADA Server Remote Stack Buffer Overflow
08.40.7 - Microsoft Windows Mobile Overly Long
Bluetooth Device Name Denial of Service
08.40.8 - Win FTP Server "LSTR" Command
Remote Denial of Service
08.40.9 - ZoneAlarm HTTP Proxy Remote Denial of
Service
08.40.10 - Novell ZENworks Desktop Management ActiveX Control "CanUninstall()" Buffer Overflow
08.40.11 - WinZip
"gdiplus.dll" Microsoft Module Unspecified Security
08.40.12 - Autodesk DWF
Viewer Control "AdView.dll" Arbitrary File Download
08.40.13 - Autodesk
"LiveUpdate16.DLL" ActiveX Control Arbitrary Program Execution
08.40.14 - GdPicture Pro "gdpicture4s.ocx" ActiveX Control
Arbitrary File Overwrite
08.40.15 - Flip4Mac WMV
Vulnerability
-- Mac Os
08.40.16 - Apple Mac OS X
Java Applet HMAC Provider Handling Remote Code Execution
08.40.17 - Apple Mac OS X
Java Plug-in "file://" URL Handling Remote Code Execution
-- Linux
08.40.18 - Linux Kernel
"truncate()" Local Privilege Escalation
-- Cross Platform
08.40.19 - Mozilla
Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow
08.40.20 - PHP "create_function()" Code Injection Weakness
08.40.21 - Symantec Veritas NetBackup Java
Administration GUI Remote Privilege Escalation
08.40.22 - Google Chrome
Carriage Return Remote Denial of Service
08.40.23 - Fedora initscripts Arbitrary File Deletion
08.40.24 - ABB PCU400
Unspecified Remote Buffer Overflow
08.40.25 - Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling
Buffer Overflow
08.40.26 - Lighttpd Duplicate Request Header Denial of Service
08.40.27 - Wireshark Packet Capture File Denial of Service
08.40.28 - JasPer 1.900.1 Multiple Vulnerabilities
08.40.29 - MPlayer "stream_read"
Function Remote Heap-Based Buffer Overflow
08.40.30 - FileAlyzer Version Information Remote Stack-Based Buffer
Overflow
08.40.31 - Mozilla Firefox
User Interface Dispatcher Null Pointer Dereference Denial of Service
08.40.32 - Hewlett-Packard
Insight Diagnostics Unspecified Unauthorized Access
08.40.33 - Xen XenStore Domain Configuration
Data Unsafe Storage
-- Web Application - Cross Site Scripting
08.40.34 - Bitweaver Multiple Cross-Site Scripting Vulnerabilities
08.40.35 - Connectra NGX "index.php" Cross-Site Scripting
08.40.36 - TYPO3 freeCap CAPTCHA Unspecified Cross-Site Scripting
Vulnerability
08.40.37 - FlatPress Multiple Cross-Site Scripting Vulnerabilities
08.40.38 - OpenNMS Multiple Cross-Site Scripting Vulnerabilities
08.40.39 - Computer
Associates Service Desk Web Forms Multiple Cross-Site Scripting Vulnerabilities
08.40.40 - WhoDomLite "wholite.cgi" Cross-Site Scripting
08.40.41 - Lyrics Script
"search_results.php" Cross-Site Scripting
08.40.42 - Clickbank Portal "search.php" Cross-Site
Scripting
08.40.43 - Siteman "search.php" Cross-Site Scripting
08.40.44 - Membership
Script Multiple Cross-Site Scripting Vulnerabilities
08.40.45 - Recipe Script
"search.php" Cross-Site Scripting
08.40.46 - XAMPP for
Windows "adodb.php" Multiple Cross-Site Scripting Vulnerabilities
08.40.47 - CAcert "analyse.php" Cross-Site Scripting
08.40.48 - Wordpress MU "wp-admin/wp-blogs.php"
Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.40.49 - InterTech WCMS "etemplate.php" SQL Injection
08.40.50 - Jetik.net ESA
"KayitNo" Parameter Multiple SQL Injection
Vulnerabilities
08.40.51 - AJ Auction Pro
Platinum Skin #2 "detail.php" SQL Injection
08.40.52 - Jadu CMS for Government "recruit_details.php" SQL
Injection
08.40.53 - Drupal Ajax Checklist Module Multiple SQL Injection
Vulnerabilities
08.40.54 - Drupal Brilliant Gallery Module Multiple SQL Injection
Vulnerabilities
08.40.55 - EasyRealtorPRO "site_search.php" Multiple SQL
Injection Vulnerabilities
08.40.56 - RPG.Board "index.php" SQL Injection
08.40.57 - Ultimate Webboard "webboard.php" SQL Injection
08.40.58 - PromoteWeb MySQL
"go.php" SQL Injection
08.40.59 - 212cafe Board
"view.php" SQL Injection
08.40.60 - Conkurent Real Estate Manager "cat_id"
Parameter SQL Injection
08.40.61 - Joovili "id" Parameter Multiple SQL Injection
Vulnerabilities
08.40.62 - E-Uploader Pro "id" Parameter Multiple SQL
Injection Vulnerabilities
08.40.63 - BitmixSoft PHP-Lance "show.php" SQL Injection
08.40.64 - MyCard "gallery.php" SQL Injection
08.40.65 - ZEEWAYS ZEELYRICS
"bannerclick.php" SQL Injection
08.40.66 - ParsaGostar ParsaWeb Multiple SQL
Injection Vulnerabilities
08.40.67 - PHPcounter "index.php" SQL Injection
08.40.68 - VBGooglemap Hotspot Edition Multiple SQL Injection
Vulnerabilities
08.40.69 - Pilot Group eTraining "news_read.php" SQL Injection
08.40.70 - Pro Chat Rooms
Multiple SQL Injection Vulnerabilities
08.40.71 - PHP-Fusion Freshlinks Module "linkid"
Parameter SQL Injection
08.40.72 - PG Matchmaking
"id" Parameter Multiple SQL Injection Vulnerabilities
08.40.73 - SG Real Estate
Portal Local File Include and SQL Injection Vulnerabilities
08.40.74 - Rianxosencabos CMS "id" Parameter SQL Injection
08.40.75 - QuidaScript BookMarks Favourites Script "id" Parameter SQL Injection
08.40.76 - Freeway
Multiple SQL Injection Vulnerabilities
08.40.77 - eZoneScripts Adult Banner Exchange Website
"click.php" SQL Injection
-- Web Application
08.40.78 - Vikingboard "upload/index.php" Local File Include
08.40.79 - osCMax "test.html" Arbitrary File Upload
08.40.80 - WebPortal CMS "index.php" Remote Code Execution
08.40.81 - web-cp
"sendfile.php" Information Disclosure
08.40.82 - emergecolab "index.php" Local File Include
08.40.83 - PHPcounter "defs.php" Local File Include
08.40.84 - Drupal Simplenews
"Newsletter Categories" HTML Injection
08.40.85 - MailWatch "docs.php" Local File Include
08.40.86 - Observer
"query" Parameter Multiple Remote Command Execution Vulnerabilities
08.40.87 - Barcode
Generator "image.php" Local File Include
08.40.88 - ADN Forum
Cookie Authentication Bypass
08.40.89 - Drupal Plugin Manager Security Bypass
08.40.90 - Drupal Stock "stock quote" Page Authentication
Bypass
08.40.91 - AJ Auction Pro
SQL Injection and Cross Site Scripting Vulnerabilities
08.40.92 - phpOCS "index.php" Local File Include
08.40.93 - Lansuite "design" Parameter Local File Include
08.40.94 - Libra File
Manager "fileadmin.php" Local File Include
08.40.95 - PHP infoBoard Cookie Authentication Bypass
08.40.96 - PHP infoBoard "idcat"
Parameter SQL Injection and HTML Injection Vulnerabilities
08.40.97 - Mass Downloader
Malformed Executable Denial of Service
08.40.98 - Vikingboard "register.php" SQL Column Truncation
Unauthorized Access
08.40.99 - Atomic Photo
Album
08.40.100 - openEngine "cms/system/openengine.php"
Remote File Include
08.40.101 - IBM Tivoli Netcool/Webtop Privilege
Escalation
08.40.102 - Libra File
Manager Security Bypass
08.40.103 - Barcode
Generator "LSTable.php" Remote File Include
08.40.104 - Libra File
Manager Cookie Authentication Bypass
08.40.105 - openEngine "filepool.php" Remote File Include
08.40.106 - Atomic Photo
Album Cookie Authentication Bypass
08.40.107 - Esqlanelapse Cookie Authentication Bypass
08.40.108 - The Gemini
Portal Cookie Authentication Bypass
08.40.109 - Crux Gallery
"index.php" Cookie Authentication Bypass
08.40.110 - The Gemini
Portal "lang" Parameter Multiple Local File
Include Vulnerabilities
08.40.111 - Siteman "members.txt" Information Disclosure
08.40.112 - Yoxel "itpm_estimate.php" Multiple PHP Code Injection
Vulnerabilities
08.40.113 - PowerPortal 2 "path" Parameter Directory
Traversal
08.40.114 - Camera Life
Arbitrary File Upload
08.40.115 - PlugSpace "index.php" Local File Include
08.40.116 - Joomla Image Browser Component "index.php"
Directory Traversal
08.40.117 - LnBlog "showblog.php" Local File Include
08.40.118 - X7 Chat
"mini.php" Local File Include
08.40.119 - Concord
Consortium CoAST "header.php" Remote File
Include
08.40.120 - BbZL.PhP Cookie Authentication Bypass
08.40.121 - BbZL.PhP "lien_2" Parameter Directory Traversal
08.40.122 - RPG.Board Cookie Authentication Bypass
08.40.123 - PHPJabbers Post Comments Cookie Authentication Bypass
08.40.124 - Events
Calendar "header_setup.php" Multiple Remote File Include
Vulnerabilities
08.40.125 - Easy PHP
Calendar Add New Event HTML Injection
08.40.126 - ArabCMS "rss.php" Local File Include
08.40.127 - Marshal MailMarshal SMTP Spam Quarantine Management Multiple HTML
Injection Vulnerabilities
08.40.128 - MySQL Command Line Client HTML Special Characters HTML
Injection
08.40.129 - eFront Multiple Arbitrary File Upload Vulnerabilities
08.40.130 - MiNBank "minsoft_path"
Parameter Multiple Remote File Include Vulnerabilities
08.40.131 - moziloWiki Prior to 1.0.2 Multiple Vulnerabilities
08.40.132 - moziloCMS Prior to 1.10.3 Multiple Vulnerabilities
08.40.133 - SG Real Estate
Portal Cookie Authentication Bypass
08.40.134 - Hardkap Pritlog
"filename" Parameter File Disclosure
08.40.135 - A4Desk Event
Calendar "v" Parameter Remote File Include
08.40.136 - EC-CUBE SQL
Injection and Cross-Site Scripting Vulnerabilities
-- Network Device
08.40.137 - Cisco IOS AIC
HTTP Transit Packet Remote Denial of Service
08.40.138 - Cisco uBR10012
Router Default SNMP Community
08.40.139 - Cisco IOS
Protocol Independent Multicast (PIM) Multiple Denial of Service Vulnerablities
08.40.140 - Cisco IOS
Layer 2 Tunneling Protocol Denial of Service
08.40.141 - Cisco IOS NAT
Skinny Call Control Protocol Multiple Remote Denial of Service Vulnerabilities
08.40.142 - Cisco IOS MPLS
Forwarding Infrastructure Remote Denial of Service
08.40.143 - Cisco IOS SIP
Multiple Denial of Service Vulnerabilities
08.40.144 - Cisco IOS
Remote IPC Denial of Service
08.40.145 - Cisco IOS IPS
SERVICE.DNS Remote Denial of Service
08.40.146 - Cisco IOS SSL
Session Termination Remote Denial of Service
08.40.147 - Cisco IOS MPLS
VPN Information Disclosure
08.40.148 - Cisco Unified
Communications Manager SIP Service Multiple Denial of Service Vulnerabilities
08.40.149 - Nokia PC Suite
Remote Buffer Overflow
______________________________________________________________________
PART I Critical
Vulnerabilities
Part I for this issue has
been compiled by Rob King at TippingPoint, a
division of 3Com, as a
by-product of that company's continuous effort to
ensure that its intrusion
prevention products effectively block exploits
using known
vulnerabilities. TippingPoint's analysis is
complemented by input
from a council of security
managers from twelve large organizations who
confidentially share with
SANS the specific actions they have taken to
protect their systems. A
detailed description of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: RealFlex/DATAC RealWin Buffer
Overflow
Affected:
RealFlex RealWin versions 2.0 and
prior
Description: RealFlex/DATAC RealWin is a
Supervisory Control And Data
Acquisition (SCADA)
management application that runs on Microsoft
Windows. SCADA protocols are used in industrial
control and monitoring
situations, including
manufacturing plants and power generation
facilities. RealWin contains a buffer overflow in its handling of
certain SCADA messages. A
specially crafted SCADA message sent to the
software could trigger
this buffer overflow, allowing an attacker to
execute arbitrary code
with the privileges of the vulnerable process.
This could be leveraged to
additionally compromise any SCADA client
devices controlled by the
server. Full technical details and a
proof-of-concept are
publicly available for this vulnerability.
Status: Vendor has not
confirmed, no updates available. Users are
advised to block all SCADA
ports at the network perimeter, if possible.
References:
Advisory from Reversemode
http://reversemode.com/index.php?option=com_content&task=view&id=55&Itemid=1
Video Presentation by Ganesh Devarajan of TippingPoint DVLabs on SCADA
Vulnerabilities
http://www.youtube.com/watch?v=jdnC2GtmkuQ
Wikipedia Article on SCADA
http://en.wikipedia.org/wiki/SCADA
Vendor Home Page
http://www.dataconline.com/software/realwin.php
SecurityFocus BID
http://www.securityfocus.com/bid/31418
*********************************************************
(2) HIGH: Trend Micro OfficeScan Multiple Vulnerabilities
Affected:
Trend Micro OfficeScan versions 8.0 Service Pack 1 Patch 1 and prior
Trend Micro Worry-Free
Business Security versions 5.0 and prior
Description: Trend Micro
Office Scan is a popular malware scanning tool
for businesses. Its web
interface contains multiple vulnerabilities in
its handling of a variety
of user inputs. A specially crafted request
could trigger one of these
vulnerabilities, allowing an attacker to
execute arbitrary code
with the privileges of the vulnerable process.
Some technical details are
publicly available for these vulnerabilities.
Status: Vendor confirmed,
updates available.
References:
Secunia Advisory
http://secunia.com/Advisories/32097/
Product Home Page
http://uk.trendmicro.com/uk/products/enterprise/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/31531
*********************************************************
(3) HIGH: Nokia PC Suite Buffer
Overflow
Affected:
Nokia PC Suite versions
7.0 and prior
Description: Nokia PC
Suite is a suite of applications designed to
provide connectivity
between systems running Microsoft Windows and
various Nokia mobile
devices. It contains a buffer overflow in its
handling of user requests.
A specially crafted request sent to the
service could trigger this
vulnerability. Successfully exploiting this
vulnerability would allow
an attacker to execute arbitrary code with the
privileges of the
vulnerable process. Full technical details and a
proof-of-concept are
publicly available for this vulnerability.
Status: Vendor has not
confirmed, no updates available.
References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31475.c
Product Home Page
http://www.nokiausa.com/A4494165
SecurityFocus BID
http://www.securityfocus.com/bid/31475
*********************************************************
(4) HIGH: Autodesk LiveUpdate and Express Viewer ActiveX Controsl
Multiple
Vulnerabilities
Affected:
Autodesk Revit Architecture 2009
Autodesk Design Review
2009
Description: Autodesk LiveUpdate is an update component provided with
several Autodesk
applications. Autodesk DWF Viewer is a component used
to view Autodesk design
files. These components' functionality is
provided in ActiveX controls.
These controls fail to properly sanitize
their input, leading to
remote command execution and arbitrary file
download
vulnerabilities. A specially crafted web
page that
instantiated this control
could leverage these vulnerabilities to
execute arbitrary commands
with the privileges of the current user. Full
technical details and a
proof-of-concept are publicly available for this
vulnerability.
Status: Vendor has not
confirmed, no updates available. Users
can
mitigate the impact of
these vulnerabilities by disabling the affected
controls via Microsoft's
"kill bit" mechanism using CLSIDs
"89EC7921-729B-4116-A819-
DF86A4A5776B" and
"A662DA7E-CCB7-4743-B71A-D817F6D575DF".
Note that this may affect normal
application functionality.
References:
Advisory by rgod
http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html
Microsoft Knowledge Base
Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Vendor Home Page
SecurityFocus BIDs
http://www.securityfocus.com/bid/31490
http://www.securityfocus.com/bid/31487
*********************************************************
(5) HIGH: Novell ZENworks Desktop Management ActiveX Control Buffer Overflow
Affected:
Novell ZENworks
Desktop Management versions 6.5 and prior
Description: Novell ZENworks is a popular enterprise systems management
application. Part of its
functionality on Microsoft Windows is provided
by an ActiveX control.
This control contains a buffer overflow
vulnerability in its
"CanUninstall" method. A specially crafted
web page
that instantiated this
control could trigger this buffer overflow,
allowing an attacker to
execute arbitrary code with the privileges of
the current user. Full
technical details and a proof-of-concept are
publicly available for
this vulnerability.
Status: Vendor has not
confirmed, no updates available. Users can
mitigate the impact of
this vulnerability by disabling the affected
control via Microsoft's
"kill bit" mechanism using CLSID
"0F517994-A6FA-4F39-BD4B-
EC2DF00AEEF1". Note that this may affect
normal application
functionality.
References:
Posting by Satan_Hackers (includes proof-of-concept)
http://www.securityfocus.com/archive/1/496786
Product Home Page
http://www.novell.com/products/zenworks/configurationmanagement/
SecurityFocus BID
http://www.securityfocus.com/bid/31435
*******************************************************
Part II: Weekly
Comprehensive List of Newly Discovered Vulnerabilities
Week 40, 2008
This list is compiled by Qualys ( www.qualys.com
) as part of that
company's ongoing effort
to ensure its vulnerability management web
service tests for all
known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this
special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.40.1 CVE: Not Available
Platform: Other Microsoft
Products
Title: Microsoft WordPad
".doc" File Remote Denial of Service
Description: WordPad is a
simple text editor supplied with most
versions of Microsoft
Windows. WordPad is exposed to a remote denial
of service issue when
handling a specially crafted .doc file. The
problem occurs when
converting Word 97 format files for use in
Wordpad.
Ref: http://www.securityfocus.com/bid/31399
______________________________________________________________________
08.40.2 CVE: Not Available
Platform: Other Microsoft
Products
Title: Microsoft GDI+
"GDIPLUS.dll" ICO File Divide-By-Zero Denial of
Service
Description: Microsoft
GDI+ (graphics device interface) enables
applications to use
graphics and formatted text on the video display
and on printers. The GDI+
library "GDIPLUS.dll" is exposed to a denial
of service issue. When
processing a malformed ICO file, a
divide-by-zero exception
can occur, causing the affected application
to crash.
Ref: http://www.securityfocus.com/bid/31432
______________________________________________________________________
08.40.3 CVE: Not Available
Platform: Third Party
Windows Apps
Title: NMS DVD Burning SDK
"NMSDVDX.dll" ActiveX Control Arbitrary
File Overwrite
Description: Numedia Soft NMS DVD Burning SDK is exposed to an issue
that lets attackers
overwrite files. This issue affects the
"LogMessage()"
method of the "NMSDVDX.dll" ActiveX control library
because it fails to
sanitize user-supplied input. Numedia Soft NMS DVD
Burning SDK version 1.013C
is affected.
Ref: http://www.securityfocus.com/bid/31372
______________________________________________________________________
08.40.4 CVE: Not Available
Platform: Third Party
Windows Apps
Title: K-Lite Mega Codec Pack "vsfilter.dll" Denial of
Service
Description: K-Lite Mega Codec pack is a collection of codec and
related tools for playing
movie files. When the "vsfilter.dll" library
of the pack is installed
on the affected computer, Windows Explorer
will crash when processing
a malformed ".flv" file.
Ref: http://www.securityfocus.com/bid/31400
______________________________________________________________________
08.40.5 CVE: Not Available
Platform: Third Party
Windows Apps
Title: CCProxy
Server HTTP "CONNECT" Request Buffer Overflow
Description: CCProxy is a proxy server for Microsoft Windows. The
application is exposed to
a buffer overflow issue because it fails to
perform adequate boundary
checks on user-supplied data. Specifically,
the issue occurs when an
overly large string is provided as the
hostname with the
"CONNECT" HTTP request. CCProxy version
6.61 is
affected.
Ref: http://jbrownsec.blogspot.com/2008/09/ccproxy-near-stealth-patching.html
______________________________________________________________________
08.40.6 CVE: Not Available
Platform: Third Party
Windows Apps
Title: DATAC RealWin SCADA Server Remote Stack Buffer Overflow
Description: DATAC RealWin is a SCADA (Supervisory Control And Data
Acquisition) server for
Microsoft Windows platforms. RealWin is
exposed to a remote
stack-based buffer overflow issue because it fails
to perform adequate
boundary checks on user-supplied data. RealWin
SCADA server version 2.0
is affected.
Ref: http://www.securityfocus.com/archive/1/496759
______________________________________________________________________
08.40.7 CVE: Not Available
Platform: Third Party
Windows Apps
Title: Microsoft Windows
Mobile Overly Long Bluetooth Device Name
Denial of Service
Description: Microsoft
Windows Mobile is an operating system for smart
phones and PDAs. It
includes various embedded versions of
applications, including
Office and Internet Explorer. Windows Mobile
is exposed to a denial of
service issue because it fails to adequately
validate user-supplied
input. Windows Mobile version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/31420
______________________________________________________________________
08.40.8 CVE: Not Available
Platform: Third Party
Windows Apps
Title: Win FTP Server
"LSTR" Command Remote Denial of Service
Description: Win FTP
Server is an FTP server application for Windows.
The server is exposed to a
remote denial of service issue because it
fails to properly handle
malformed "LSTR" requests. An authenticated
attacker sending an
exceptionally long parameter to the "LSTR" command
may cause the server to
become unresponsive, creating a
denial of service
condition. Win FTP Server version 2.3.0 is affected.
Ref: http://www.securityfocus.com/bid/31421
______________________________________________________________________
08.40.9 CVE: Not Available
Platform: Third Party
Windows Apps
Title: ZoneAlarm HTTP
Proxy Remote Denial of Service
Description: ZoneAlarm
Internet Security Suite is a security suite for
Microsoft Windows
platforms. ZoneAlarm Internet Security Suite is
exposed to a remote denial
of service issue that occurs when
interacting with an HTTP
proxy server. ZoneAlarm Internet Security
Suite version 8.0.020 is
affected.
Ref: http://www.securityfocus.com/archive/1/496764
______________________________________________________________________
08.40.10 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Novell ZENworks Desktop Management ActiveX Control
"CanUninstall()"
Buffer Overflow
Description: Novell Zenworks Desktop Management is a framework for the
management of Desktop
workstations in enterprise environments. The
application is exposed to
a buffer overflow issue because it fails to
perform adequate boundary
checks on user-supplied input. ZENworks
Desktop Management version
6.5 is affected.
Ref: http://www.securityfocus.com/archive/1/496786
______________________________________________________________________
08.40.11 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: WinZip "gdiplus.dll"
Microsoft Module Unspecified Security
Description: WinZip is
exposed to an unspecified issue that stems from
an error in the Microsoft
"gdiplus.dll" component included with the
application. WinZip
version 11.x (prior to 11.2 SR-1) on Windows 2000
systems is affected.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
______________________________________________________________________
08.40.12 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Autodesk DWF Viewer
Control "AdView.dll" Arbitrary File
Download
Description: Autodesk DWF
Viewer Control is exposed to an issue that
can allow malicious files
to be downloaded and saved to arbitrary
locations on an affected
computer. "AdView.dll" version 9.0.0.96 is
affected.
Ref: http://www.securityfocus.com/archive/1/496847
______________________________________________________________________
08.40.13 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Autodesk
"LiveUpdate16.DLL" ActiveX Control Arbitrary Program
Execution
Description: Autodesk
develops multiple applications related to
computer-aided design. The
Autodesk LiveUpdate Module
"LiveUpdate16.DLL"
ActiveX control is exposed to an issue that lets
attackers execute
arbitrary local programs. "LiveUpdate61.DLL" version
17.2.56 is affected.
Ref: http://www.securityfocus.com/archive/1/496847
______________________________________________________________________
08.40.14 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: GdPicture
Pro "gdpicture4s.ocx" ActiveX Control Arbitrary File
Overwrite
Description: GdPicture Pro SDK is prone to a vulnerability that lets
attackers overwrite files.
This issue affects the "SaveAsPDF()" method
of the
"gdpicture4s.ocx" ActiveX control library because it fails to
sanitize user-supplied
input.
Ref: http://www.securityfocus.com/bid/31504
______________________________________________________________________
08.40.15 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Flip4Mac WMV
Vulnerability
Description: Flip4Mac WMV
is a collection of components used for
handling Windows Media
files within QuickTime applications. The
application is exposed to
an unspecified vulnerability within
Filp4Mac's Importer.
Flip4Mac WMV versions prior to 2.2.1 are
affected.
Ref: http://www.securityfocus.com/bid/31505
______________________________________________________________________
08.40.16 CVE:
CVE-2008-3637
Platform: Mac Os
Title: Apple Mac OS X Java
Applet HMAC Provider Handling Remote Code
Execution
Description: Apple Mac OS
X is exposed to an issue that lets attackers
run arbitrary code because
the application fails to properly handle
Java applets containing
malicious values in the Hash-based Message
Authentication Code (HMAC)
provider. This issue arises as the
application fails to
properly handle errors and uses an uninitialized
variable in the HMAC
provider for generating MD5 and SHA-1 hashes. Mac
OS X versions 10.5.5 and
earlier, Mac OS X Server versions 10.5.5 and
earlier, Mac OS X 10.
versions 4.11 and earlier, and Mac OS X Server
versions 10.4.11 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/31379
______________________________________________________________________
08.40.17 CVE:
CVE-2008-3638
Platform: Mac Os
Title: Apple Mac OS X Java
Plug-in "file://" URL Handling Remote Code
Execution
Description: Apple Mac OS
X Java plug-in is exposed to a remote code
execution issue.
Specifically, the Java plug-in fails to block Java
applets from launching
"file://" URLs. Mac OS X versions 10.5.5 and
earlier, Mac OS X Server
versions 10.5.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31380
______________________________________________________________________
08.40.18 CVE:
CVE-2008-4210
Platform: Linux
Title: Linux Kernel
"truncate()" Local Privilege Escalation
Description: The Linux
kernel is exposed to a local privilege
escalation issue. This
issue is a result of the "truncate()" and
"ftruncate()"
functions not appropriately clearing the "suid" and
"sgid"
bits from files modified. The Linux kernel versions prior to
2.6.22-rc1 are affected.
Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
______________________________________________________________________
08.40.19 CVE:
CVE-2008-0016
Platform: Cross Platform
Title: Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow
Description: Mozilla
Firefox is a web browser available for multiple
platforms. SeaMonkey is an all-in-one application suite. Firefox and
SeaMonkey are exposed to a stack-based buffer overflow issue
that
affects URI parsing.
Firefox versions prior to 2.0.0.17 and prior to
SeaMonkey 1.1.12 are affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-37.html
______________________________________________________________________
08.40.20 CVE: Not
Available
Platform: Cross Platform
Title: PHP "create_function()" Code Injection Weakness
Description: PHP is a
scripting language commonly used for web
applications. PHP includes
the function "create_function()". This
function is used to create
anonymous functions from user-supplied
data. PHP is exposed to a
code injection weakness as it fails to
sufficiently sanitize
input to "create_function()". PHP version
5.2.6
is affected.
Ref: http://www.securityfocus.com/archive/1/496728
______________________________________________________________________
08.40.21 CVE: Not
Available
Platform: Cross Platform
Title: Symantec Veritas NetBackup Java
Administration GUI Remote
Privilege Escalation
Description: Symantec Veritas NetBackup Server and
Symantec Veritas
NetBackup Enterprise Server are network-enabled backup
solutions that
are available for various
platforms. The applications are exposed to a
remote privilege
escalation issue that occurs in the Java
administration GUI (jnbSA).
Ref: http://www.symantec.com/avcenter/security/Content/2008.09.24a.html
______________________________________________________________________
08.40.22 CVE: Not
Available
Platform: Cross Platform
Title: Google Chrome
Carriage Return Remote Denial of Service
Description: Google Chrome
is a web browser. The application is
exposed to a remote denial
of service issue because it fails to handle
user-supplied input.
Google Chrome versions 0.2.149.29 and 0.2.149.30
are affected.
Ref: http://www.securityfocus.com/archive/1/496688
______________________________________________________________________
08.40.23 CVE:
CVE-2008-3524
Platform: Cross Platform
Title: Fedora initscripts Arbitrary File Deletion
Description: The initscripts package consists of scripts that are used
to boot and shutdown a
system cleanly. The Fedora initscripts package
is exposed to a file
deletion issue. Specifically, the issue occurs
because the "/etc/rc.sysinit" deletes all files present in the
"/var/lock"
and "/var/run" directory at the time of
booting a system.
initscripts version 8.76.3 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458652
______________________________________________________________________
08.40.24 CVE:
CVE-2008-2474
Platform: Cross Platform
Title: ABB PCU400
Unspecified Remote Buffer Overflow
Description: ABB PCU400 is
used to control Supervisory Control And
Data Acquisition (SCADA)
systems. ABB PCU400 is exposed to a remote
buffer overflow issue.
PCU400 versions 4.4, 4.5 and 4.6 are affected.
Ref: http://www.kb.cert.org/vuls/id/343971
______________________________________________________________________
08.40.25 CVE:
CVE-2008-4070
Platform: Cross Platform
Title: Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling
Buffer Overflow
Description: Mozilla SeaMonkey is an Internet application suite.
Thunderbird is an email
client. Both applications ship with a
newsgroup client. The
applications are exposed to a remote heap-based
buffer overflow issue
because they fail to properly bounds check
user-supplied data.
Mozilla Thunderbird versions prior to 2.0.0.17 and
Mozilla SeaMonkey versions prior to 1.1.12 are affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-46.html
______________________________________________________________________
08.40.26 CVE: Not
Available
Platform: Cross Platform
Title: Lighttpd
Duplicate Request Header Denial of Service
Description: The "lighttpd" program is a freely available webserver
application. The
application is exposed to a remote denial of service
issue. Specifically, the
issue is caused by a memory leak when
handling multiple
duplicate request headers. lighttpd versions prior
to 1.4.20 are affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=238180
______________________________________________________________________
08.40.27 CVE: Not
Available
Platform: Cross Platform
Title: Wireshark
Packet Capture File Denial of Service
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic;
it is available for Microsoft Windows and
UNIX-like operating
systems. Wireshark is exposed to a denial of
service issue which occurs
in the source file "wtap.c". Wireshark
version 1.0.3 is affected.
Ref: http://shinnok.evonet.ro/vulns_html/wireshark.html
______________________________________________________________________
08.40.28 CVE: CVE-2008-3520,
CVE-2008-3521, CVE-2008-3522
Platform: Cross Platform
Title: JasPer
1.900.1 Multiple Vulnerabilities
Description: JasPer is an implementation of the image codec specified
in the JPEG-2000 standard.
JasPer is exposed to multiple issues.
Successful exploits of the
temporary file race condition may allow the
attacker to overwrite or
corrupt files within the context of the
affected application. JasPer version 1.900.1 is affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=222819
______________________________________________________________________
08.40.29 CVE:
CVE-2008-3827
Platform: Cross Platform
Title: MPlayer
"stream_read" Function Remote Heap-Based
Buffer
Overflow
Description: