*************************************************************************

            @RISK: The Consensus Security Vulnerability Alert

October 16, 2008                                          Vol. 7. Week 42

*************************************************************************

 

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

 

Summary of Updates and Vulnerabilities in this Consensus

 

Platform                        Number of Updates and Vulnerabilities

------------------------        -------------------------------------

Windows                                       8 (#1, #2, #3, #6, #8, #9)

Microsoft Office                              3 (#7)

Other Microsoft Products                      8

Third Party Windows Apps                      9 (#11)

Mac Os                                       10 (#5)

Linux                                         3

Unix                                          2

Cross Platform                               29 (#4, #10)

Web Application - Cross Site Scripting        2

Web Application - SQL Injection              24

Web Application                              21

Network Device                                3

 

******************************************************************

 

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

(1) CRITICAL: Microsoft Active Directory Remote Code Execution (MS08-060)

(2) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-058)

(3) CRITICAL: Microsoft Host Integration Server RPC Service Remote Code Execution (MS08-059)

(4) CRITICAL: Apple CUPS Remote Code Execution Vulnerability

(5) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-007)

(6) CRITICAL: Computer Associates ARCServe Backup Multiple Vulnerabilities

(7) HIGH:  Microsoft Excel Multiple Vulnerabilities (MS08-057)

(8) HIGH: Microsoft Windows Internet Printing Service Remote Code Execution (MS08-062)

(9) HIGH: Microsoft Message Queueing Service Remote Code Execution (MS08-065)

(10) HIGH: Sun Java System Web Proxy Server Buffer Overflow

(11) MODERATE: Adobe CS3 SWF Parsing Multiple Vulnerabilities

 

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

- -- Windows

 

08.42.1  - Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution

 

08.42.2  - Microsoft Windows SMB Buffer Underflow Code Execution

 

08.42.3  - Microsoft Windows Kernel Window Creation Local Privilege Escalation

 

08.42.4  - Microsoft Windows Kernel Memory Corruption Local Privilege Escalation

 

08.42.5  - Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation

 

08.42.6  - Microsoft Windows AFD Driver Local Privilege Escalation

 

08.42.7  - Microsoft Windows VAD Local Privilege Escalation

 

08.42.8  - Microsoft Windows Internet Printing Service Integer Overflow

 

- -- Microsoft Office

 

08.42.9  - Microsoft Excel Calendar Object Validation Remote Code Execution

 

08.42.10 - Microsoft Excel BIFF File Format Parsing Remote Code Execution

 

08.42.11 - Microsoft Excel Formula Parsing Remote Code Execution

 

- -- Other Microsoft Products

 

08.42.12 - Microsoft PicturePusher "PipPPush.dll" ActiveX Control Arbitrary File Download

 

08.42.13 - Microsoft Internet Explorer HTML Element Cross-Domain Security Bypass

 

08.42.14 - Microsoft Internet Explorer Event Handling Cross-Domain Security Bypass

 

08.42.15 - Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption

 

08.42.16 - Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption

 

08.42.17 - Microsoft Host Integration Server RPC Remote Code Execution

 

08.42.18 - Microsoft Message Queuing Service RPC Query Heap Corruption

 

08.42.19 - Microsoft Internet Explorer Cross-Domain Information Disclosure

 

- -- Third Party Windows Apps

 

08.42.20 - PC Tools Spyware Doctor Unspecified Denial of Service

 

08.42.21 - Avaya one-X Desktop Edition SIP Remote Denial of Service

 

08.42.22 - Cisco Unity Remote Administration Authentication Bypass

 

08.42.23 - Cisco Unity 7.0 Multiple Remote Vulnerabilities

 

08.42.24 - WinFTP Server "NLIST" Command Remote Denial of Service

 

08.42.25 - Lenovo Rescue and Recovery "tvtumon.sys" Heap Overflow

 

08.42.26 - RaidenFTPD "MLST" Command Remote Denial of Service

 

08.42.27 - Husdawg System Requirements Lab ActiveX Control Unspecified Remote Code Execution

 

08.42.28 - Titan FTP Server "SITE WHO" Command Remote Denial of Service

 

- -- Mac Os

 

08.42.29 - Apple OS X QuickLook Excel File Integer Overflow

 

08.42.30 - Apple Mac OS X "hosts.equiv" Security Bypass

 

08.42.31 - Apple Mac OS X "configd" EAPOLController Plugin Local Heap Based Buffer Overflow

 

08.42.32 - Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow

 

08.42.33 - Apple Script Editor Unspecified Insecure Temporary File Creation

 

08.42.34 - Apple Mac OS X Server Weblog Access Control List Security Bypass

 

08.42.35 - Apple PSNormalizer PostScript Buffer Overflow

 

08.42.36 - Apple Finder Denial of Service

 

08.42.37 - Apple Mac OS X 10.5 Postfix Security Bypass

 

08.42.38 - Apple Mac OS X 10.5 "launchd" Unspecified Security Bypass

 

- -- Linux

 

08.42.39 - Gentoo "sys-apps/portage" Search Path Local Privilege Escalation

 

08.42.40 - Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service

 

08.42.41 - Debian chm2pdf Insecure Temporary File Creation

 

- -- Unix

 

08.42.42 - CUPS "HP-GL/2" Filter Remote Code Execution

 

08.42.43 - CUPS Multiple Heap Based Buffer Overflow Vulnerabilities

 

- -- Cross Platform

 

08.42.44 - HP OpenView Network Node Manager "ovtopmd" Variant Unspecified Denial of Service

 

08.42.45 - Hero DVD Player ".m3u" File Buffer Overflow

 

08.42.46 - Opera Web Browser Remote Code Execution and Security Bypass Vulnerabilities

 

08.42.47 - Nortel MCS 5100 UFTP Multiple Denial of Service Vulnerabilities

 

08.42.48 - Avaya IP Softphone Remote Denial of Service

 

08.42.49 - Avaya Communication Manager Web Server Configuration Unauthorized Access

 

08.42.50 - Opera Cached Java Applet Privilege Escalation

 

08.42.51 - DFFFrameworkAPI "DFF_config[dir_include]" Parameter Multiple Remote File Include Vulnerabilities

 

08.42.52 - Graphviz Graph Parser Remote Stack Buffer Overflow

 

08.42.53 - Drupal EveryBlog Module Multiple Unspecified Vulnerabilities

 

08.42.54 - YaCy Multiple Unspecified Vulnerabilities

 

08.42.55 - Computer Associates ARCserve Backup Multiple Remote Vulnerabilities

 

08.42.56 - Sun Java System Web Proxy Server FTP Subsystem Heap Based Buffer Overflow

 

08.42.57 - OpenSSL "zlib" Compression Memory Leak Remote Denial of Service

 

08.42.58 - KDE Konqueror JavaScript "load" Function Denial of Service

 

08.42.59 - NoticeWare Email Server NG "PASS" Command Remote Denial of Service

 

08.42.60 - Apache Tomcat "RemoteFilterValve" Security Bypass

 

08.42.61 - Ruby "resolv.rb" Predictable Transaction ID and Source Port DNS Spoofing

 

08.42.62 - Nokia Web Browser for S60 Infinite Array Sort Denial of Service

 

08.42.63 - GuildFTPd "LIST" Command Heap Overflow

 

08.42.64 - XM Easy Personal FTP Server "NSLT" Command Remote Denial of Service

 

08.42.65 - Oracle Database Server "CREATE ANY DIRECTORY" Privilege Escalation

 

08.42.66 - Websense Reporter "CreateDbInstall.log" Local Information Disclosure

 

08.42.67 - Mozilla Firefox ".url" Shortcut Processing Information Disclosure

 

08.42.68 - IBM ENOVIA Security Bypass

 

08.42.69 - Sun Solstice AdminSuite "sadmind" "adm_build_path()" Remote Stack Buffer Overflow

 

08.42.70 - Etype Eserv FTP "ABOR" Command Remote Stack-Based Buffer Overflow

 

08.42.71 - VLC Media Player XSPF Playlist Memory Corruption

 

08.42.72 - Oracle Weblogic Server Apache Connector Stack-Based Buffer Overflow

 

- -- Web Application - Cross Site Scripting

 

08.42.73 - Microsoft Office CDO Protocol Cross-Site Scripting

 

08.42.74 - EEB-CMS "index.php" Cross-Site Scripting

 

- -- Web Application - SQL Injection

 

08.42.75 - Pre News Manager "news_detail.php" SQL Injection

 

08.42.76 - GForge Multiple SQL Injection Vulnerabilities

 

08.42.77 - TorrentTrader Classic Edition "completed-advance.php" SQL Injection

 

08.42.78 - Built2Go Real Estate Listings "event_detail.php" SQL Injection

 

08.42.79 - Brain Book Software AdMan "editCampaign.php" SQL Injection

 

08.42.80 - HispaH Text Link ADS "index.php" SQL Injection

 

08.42.81 - Joomtracker "id" Parameter SQL Injection

 

08.42.82 - IranMC Arad Center "news.php" SQL Injection

 

08.42.83 - Stash "news.php" SQL Injection

 

08.42.84 - Ayco Okul Portali "default.asp" SQL Injection

 

08.42.85 - Easynet4u Forum Host "forum.php" SQL Injection

 

08.42.86 - Easynet4u Faq Host "faq.php" SQL Injection

 

08.42.87 - Joomla! and Mambo Mad4Joomla Mailforms Component SQL Injection

 

08.42.88 - Ignite Gallery "gallery" Parameter SQL Injection

 

08.42.89 - Easynet4u Link Host "directory.php" SQL Injection

 

08.42.90 - Real Estate Classifieds "index.php" SQL Injection

 

08.42.91 - Absolute Poll Manager "xlacomments.asp" SQL Injection

 

08.42.92 - OwnBiblio Joomla! Component "catid" Parameter SQL Injection

 

08.42.93 - NewLife Blogger "nlb3" Cookie SQL Injection

 

08.42.94 - "com_jeux" Joomla! Component "id" Parameter SQL Injection

 

08.42.95 - IndexScript "sug_cat.php" SQL Injection

 

08.42.96 - ParsBlogger "links.asp" SQL Injection

 

08.42.97 - XOOPS xhresim Module "index.php" SQL Injection

 

08.42.98 - Webscene eCommerce "productlist.php" SQL Injection

 

- -- Web Application

 

08.42.99 - Drupal Multiple Remote Access Validation Vulnerabilities and Weaknesses

 

08.42.100 - Proxim Tsunami MP.11 2411 Wireless Access Point "system.sysName.0" SNMP HTML Injection

 

08.42.101 - Kusaba "paint_save.php" Remote Code Execution

 

08.42.102 - Avaya Communication Manager Web Administration Multiple Security Vulnerabilities

 

08.42.103 - WebBiscuits Modules Controller Multiple Local and Remote File Include Vulnerabilities

 

08.42.104 - Drupal Multiple Modules Security Bypass Vulnerabilities

 

08.42.105 - HP System Management Homepage (SMH) for Linux and Windows Cross-Site Scripting

 

08.42.106 - ModSecurity Transformation Caching Security Bypass

 

08.42.107 - Kusaba "load_receiver.php" Remote Code Execution

 

08.42.108 - Camera Life SQL Injection and Cross-Site Scripting Vulnerabilities

 

08.42.109 - Scriptsez Easy Image Downloader "main.php" Local File Include

 

08.42.110 - Scriptsez Mini Hosting Panel "members.php" Local File Include

 

08.42.111 - My PHP Indexer "index.php" Directory Traversal

 

08.42.112 - Globsy "globsy_edit.php" Arbitrary File Overwrite

 

08.42.113 - LokiCMS "index.php" Information Disclosure

 

08.42.114 - mini-pub Multiple Information Disclosure Vulnerabilities

 

08.42.115 - mini-pub "cat.php" Remote Command Execution

 

08.42.116 - SlimCMS "redirect.php" Security Bypass

 

08.42.117 - LokiCMS "admin.php" Local File Include

 

08.42.118 - WP Comment Remix 1.4.3 SQL Injection and HTML Injection Vulnerabilities

 

08.42.119 - SezHoo "SezHooTabsAndActions.php" Parameter Remote File Include

 

- -- Network Device

 

08.42.120 - Nortel Networks Multimedia Communications Server Authentication Bypass

 

08.42.121 - Linksys WAP4400N Marvell Wireless Chipset Driver Remote Denial of Service

 

08.42.122 - Multiple Telecom Italia Routers Authentication Bypass

 

______________________________________________________________________

 

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

 

*****************************

Widely Deployed Software

*****************************

 

(1) CRITICAL: Microsoft Active Directory Remote Code Execution (MS08-060)

Affected:

Microsoft Windows 2000

 

Description: Active Directory is Microsoft's implementation of the Lightweight Directory Access Protocol (LDAP) and is an integral part of several Microsoft products and operating systems. It contains a buffer overflow vulnerability in its handling of LDAP requests. A specially crafted LDAP request could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process (SYSTEM). Some technical details are publicly available for this vulnerability. Note that only systems running Microsoft Windows 2000 and that are configured to be domain controllers are vulnerable.

 

Status: Vendor confirmed, updates available.

 

References:

Microsoft Security Bulletin

http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx

Wikipedia Article on LDAP

http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

Microsoft Active Directory Home Page

http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx

SecurityFocus BID

http://www.securityfocus.com/bid/31609

 

******************************************************

 

(2) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-058)

Affected:

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003

Microsoft Windows Vista

Microsoft Windows Server 2008

 

Description: Microsoft Internet Explorer contains multiple vulnerabilities in its handling of a variety of HTML and web scripting constructs. A specially crafted web page could trigger one of these vulnerabilities, leading to a variety of remote code execution vulnerabilities, cross-site scripting and information disclosure vulnerabilities, and information disclosure vulnerabilities. Any remote code execution would be with the privileges of the current user. Some technical details are publicly available for these vulnerabilities.

 

Status: Vendor confirmed, updates available.

 

References:

Microsoft Security Bulletin

http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx

TippingPoint Zero Day Initiative Advisory

http://zerodayinitiative.com/advisories/ZDI-08-069/

SecurityFocus BIDs

http://www.securityfocus.com/bid/31618

http://www.securityfocus.com/bid/31617

http://www.securityfocus.com/bid/31654

http://www.securityfocus.com/bid/31616

http://www.securityfocus.com/bid/31615

http://www.securityfocus.com/bid/29960

 

******************************************************

 

(3) CRITICAL: Microsoft Host Integration Server RPC Service Remote Code Execution (MS08-059)

Affected:

Microsoft Host Integration Server 2000

Microsoft Host Integration Server 2004

Microsoft Host Integration Server 2006

 

Description: The Microsoft Host Integration Server is a platform designed to aid in the integration of various applications and data sources on the Microsoft Windows platform. This product exports a Remote Procedure Call (RPC) interface. This interface contains an input validation error in its handling of RPC requests. A specially crafted request could execute arbitrary commands with the privileges of the vulnerable process. Technical details are publicly available for this vulnerability, and a proof-of-concept is publicly available.

 

Status: Vendor confirmed, updates available.

 

References:

Microsoft Security Bulletin

http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx

iDefense Security Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745

Proof-of-Concept

http://downloads.securityfocus.com/vulnerabilities/exploits/31620.rb

Wikipedia Article on Microsoft Remote Procedure Call

http://www.microsoft.com/hiserver/default.mspx

Product Home Page

http://www.microsoft.com/hiserver/default.mspx

SecurityFocus BID

http://www.securityfocus.com/bid/31620

 

******************************************************

 

(4) CRITICAL: Apple CUPS Remote Code Execution Vulnerability

Affected:

Apple CUPS versions prior to 1.3.9

 

Description: CUPS is the Common Unix Printing System, a cross-platform printer server and access system. The software was purchased by Apple, and it is an integral part of Apple Mac OS X, but it is available and installed by default on a number of Unix and Linux systems. It contains a flaw in its handling of certain input when processing HP-GL (HP Graphics Language) requests. A specially crafted print request containing malformed HP-GL data could trigger this vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Full technical details for this vulnerability are available via source code analysis; a proof-of-concept is also publicly available.

 

Status: Vendor confirmed, updates available.

 

References:

TippingPoint Zero Day Initiative

http://zerodayinitiative.com/advisories/ZDI-08-067/

Apple Security Advisory

http://support.apple.com/kb/HT3216

CUPS Change Log

http://www.cups.org/articles.php?L575

Proof-of-Concept

http://downloads.securityfocus.com/vulnerabilities/exploits/31688.rb

Product Home Page

http://www.cups.org

SecurityFocus BID

http://www.securityfocus.com/bid/31688

 

******************************************************

 

(5) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-007)

Affected:

Apple Mac OS X versions 10.5.5 and prior

Apple Mac OS X Server versions 10.5.5 and prior

 

Description: Apple Mac OS X contains multiple vulnerabilities in a variety of components. Most of the vulnerabilities stem from older versions of third-party components installed as part of the operating system. However, vulnerabilities in the parsing of Microsoft Excel files and certain image file formats could trigger remote code execution vulnerabilities when the files are opened. The user may not be prompted before opening or viewing a malicious file. Vulnerabilities in third-party components range from remote code execution to cross-site scripting. Numerous local-only vulnerabilities are also addressed in this update. Note that this update also addresses the CUPS vulnerability, discussed above.

 

Status: Vendor confirmed, updates available.

 

References:

Apple Security Bulletin

http://support.apple.com/kb/HT3216

Product Home Page

http://www.apple.com/macosx

SecurityFocus BID

http://www.securityfocus.com/bid/31681

 

******************************************************

 

(6) CRITICAL: Computer Associates ARCServe Backup Multiple Vulnerabilities

Affected:

Computer Associates ARCServe Backup versions prior to r12.0 SP 1

 

Description: Computer Associates ARCServe Backup, a popular enterprise backup solution, contains multiple vulnerabilities. A flaw in the processing of Remote Procedure Call (RPC) requests can result in arbitrary command execution with the privileges of the vulnerable process. Additional vulnerabilities can lead to denials-of-service for a variety of subsystems. There are unconfirmed reports of an additional authentication bypass vulnerability. A working proof-of-concept for the remote command execution vulnerability is publicly available.

 

Status: Vendor confirmed, updates available.

 

References:

Post by cocoruder (includes proof-of-concept)

http://www.securityfocus.com/archive/1/497281

Computer Associates Security Notice

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

SecurityFocus BID

http://www.securityfocus.com/bid/31684

 

******************************************************

 

(7) HIGH:  Microsoft Excel Multiple Vulnerabilities (MS08-057)

Affected:

Microsoft Office 2000

Microsoft Office XP

Microsoft Office 2003

Microsoft Office 2007

Microsoft Office Excel Viewer

Microsoft Office SharePoint Server 2007

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Microsoft Open XML File Format Converter for Mac

 

Description: Microsoft Office contains multiple vulnerabilities in its handling of Excel spreadsheet files. A specially crafted Excel file could trigger one of these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that, on recent versions of Microsoft Office, Excel files are not opened upon receipt without first prompting the user, by default. Some technical details are publicly available for these vulnerabilities.

 

Status: Vendor confirmed, updates available.

 

References:

Microsoft Security Bulletin

http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx

TippingPoint Zero Day Initiative Advisory

http://www.zerodayinitiative.com/advisories/ZDI-08-068/

iDefense Security Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746

SecurityFocus BIDs

http://www.securityfocus.com/bid/31706

http://www.securityfocus.com/bid/31702

http://www.securityfocus.com/bid/31705

 

******************************************************

 

(8) HIGH: Microsoft Windows Internet Printing Service Remote Code Execution (MS08-062)

Affected:

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003

Microsoft Windows Vista

Microsoft WIndows Server 2008

 

Description: The Microsoft Windows Internet Printing Service is Microsoft's implementation of the Internet Printing Protocol (IPP). IPP is an open protocol used to access printers over a network. Microsoft IIS implements IPP as a service. This implementation contains an integer overflow vulnerability in its processing of IPP responses. A specially crafted request to an ISS server could cause it to connect to a malicious server, and thus exploit this vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that authentication is required to exploit this vulnerability in IIS's default configuration.

 

Status: Vendor confirmed, updates available.

 

References:

Microsoft Security Bulletin

http://www.microsoft.com/technet/security/bulletin/ms08-062.mspx

Wikipedia Article on IPP

http://en.wikipedia.org/wiki/Internet_Printing_Protocol

SecurityFocus BID

http://www.securityfocus.com/bid/31682

 

******************************************************

 

(9) HIGH: Microsoft Message Queueing Service Remote Code Execution (MS08-065)

Affected:

Microsoft Windows 2000

 

Description: The Microsoft Message Queueing Service (MSMQ) provides an interprocess and inter-system ability to send messages. This services exports a Remote Procedure Call (RPC) interface. This interface contains a heap-based buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the SYSTEM user. Extensive technical details are publicly available for this vulnerability. Note that the vulnerable subsystem is neither installed nor enabled by default.

 

Status: Vendor confirmed, updates available.

 

References:

Microsoft Security Bulletin

http://www.microsoft.com/technet/security/bulletin/ms08-065.mspx

TippingPoint DVLabs Advisory

http://dvlabs.tippingpoint.com/advisory/TPTI-08-07

Microsoft Security Vulnerability Research and Defense Article

http://blogs.technet.com/swi/archive/2008/10/14/ms08-065-exploitable-for-remote-code-execution.aspx

Product Home Page

http://www.microsoft.com/windowsserver2003/technologies/msmq/default.mspx

Wikipedia Article on Microsoft Remote Procedure Call

http://www.microsoft.com/hiserver/default.mspx

SecurityFocus BID

http://www.securityfocus.com/bid/31637

 

******************************************************

 

(10) HIGH: Sun Java System Web Proxy Server Buffer Overflow

Affected:

Sub Java Web Proxy Server versions 4.0.7 and prior

 

Description: The Sun Java Web Proxy Server is a component of the Sun Java System collection of server applications. It provides a proxying server for a variety of protocols. It fails to properly handle certain conditions in the processing of FTP resources. A specially crafted HTTP request to the server could cause it to issue an FTP request, triggering the vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Some technical details for this vulnerability are publicly available.

 

Status: Vendor confirmed, updates available.

 

References:

iDefense Security Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747

Sun Security Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-242986-1

Product Home Page

http://www.sun.com/software/products/web_proxy/

Wikipedia Article on Web Proxies

http://en.wikipedia.org/wiki/Proxy_server#Web_proxy

SecurityFocus BID

http://www.securityfocus.com/bid/31691

 

******************************************************

 

(11) MODERATE: Adobe CS3 SWF Parsing Multiple Vulnerabilities

Affected:

Adobe CS3 Professional

Adobe Flash MX 2004

 

Description: Adobe CS3 (Creative Suite 3) is Adobe's suite for authoring rich internet content using the Adobe Flash platform. It contains multiple flaws in its parsing of SWF (commonly called "Flash") files. A specially crafted SWF file could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, depending upon configuration, malicious files may be opened by the vulnerable application upon receipt. The Adobe Flash Player, used by web browsers, was not found to be vulnerable. Currently only Adobe CS3 for Microsoft Windows is confirmed vulnerable.

 

Status: Vendor confirmed, updates available.

 

References:

Advisory from Security-Assessment.com

http://www.security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf

Adobe Security Advisory

http://www.adobe.com/support/security/advisories/apsa08-09.html

Product Home Page

http://tryit.adobe.com/us/cs4/flash/index.html?sdid=DOXQZ

SecurityFocus BID

http://www.securityfocus.com/bid/31769

 

*******************************************************

 

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities

Week 42, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

 

 

 

______________________________________________________________________

 

 

 

08.42.1 CVE: CVE-2008-4023

Platform: Windows

Title: Microsoft Windows Active Directory LDAP Request Handling Remote

Code Execution

Description: Lightweight Directory Access Protocol (LDAP) is a

protocol that allows authorized users to view or update data in a meta

directory. Active Directory is exposed to a remote code execution

issue that arises because the application fails to handle specially

crafted LDAP or LDAP over SSL (LDAPS) requests and fails to allocate

memory in a proper manner.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx

______________________________________________________________________

 

08.42.2 CVE: CVE-2008-4038

Platform: Windows

Title: Microsoft Windows SMB Buffer Underflow Code Execution

Description: Microsoft Windows is exposed to a remote code execution

issue. This is due to a buffer underflow condition in the SMB (Server

Message Block) protocol implementation. The condition is caused by

insufficient validation of particular file name lengths that are

supplied by the client.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx

______________________________________________________________________

 

08.42.3 CVE: CVE-2008-2250

Platform: Windows

Title: Microsoft Windows Kernel Window Creation Local Privilege

Escalation

Description: Microsoft Windows is exposed to a local privilege

escalation issue because the kernel fails to properly handle input

passed from a parent window to a child window when a new window is

created. An attacker can exploit this issue to execute arbitrary code

with kernel-level privileges.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx

______________________________________________________________________

 

08.42.4 CVE: CVE-2008-2252

Platform: Windows

Title: Microsoft Windows Kernel Memory Corruption Local Privilege

Escalation

Description: Microsoft Windows is exposed to a local privilege

escalation issue that occurs in the Windows kernel. This issue occurs

because the software fails to sufficiently validate user-supplied

input passed from user mode to kernel mode.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx

______________________________________________________________________

 

08.42.5 CVE: CVE-2008-2251

Platform: Windows

Title: Microsoft Windows Kernel Unhandled System Call Local Privilege

Escalation

Description: Microsoft Windows is exposed to a local privilege

escalation issue that occurs in the Windows kernel. This issue occurs

because the kernel fails to handle certain unspecified system calls

from multiple threads.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx

______________________________________________________________________

 

08.42.6 CVE: CVE-2008-3464

Platform: Windows

Title: Microsoft Windows AFD Driver Local Privilege Escalation

Description: Microsoft Windows is exposed to a local privilege

escalation issue that resides in the Ancillary Function Driver

("afd.sys"). The AFD component is responsible for managing the Winsock

TCP/IP protocol. Since it is a system driver, it must run in kernel

mode.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx

______________________________________________________________________

 

08.42.7 CVE: CVE-2008-4036

Platform: Windows

Title: Microsoft Windows VAD Local Privilege Escalation

Description: Microsoft Windows is exposed to a local privilege

escalation issue because of an error in how the system memory manager

handles memory allocation in relation to Virtual Address Descriptors

(VAD). A successful exploit will let a local attacker completely

compromise an affected computer.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx

______________________________________________________________________

 

08.42.8 CVE: CVE-2008-1446

Platform: Windows

Title: Microsoft Windows Internet Printing Service Integer Overflow

Description: Microsoft Windows Internet Printing Protocol (IPP) is a

standardized protocol for remotely managing print jobs. Microsoft

Internet Printing Service is exposed to an integer overflow issue

because the software fails to adequately handle malformed IPP data.

Ref: http://www.securityfocus.com/bid/31682

______________________________________________________________________

 

08.42.9 CVE: CVE-2008-3477

Platform: Microsoft Office

Title: Microsoft Excel Calendar Object Validation Remote Code

Execution

Description: Microsoft Excel is a spreadsheet application that is part

of the Microsoft Office suite. Excel is exposed to a remote code

execution issue when parsing malformed compiled VBA projects

containing Calendar objects. Successful exploits may allow attackers

to execute arbitrary code with the privileges of the user running the

application.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx

______________________________________________________________________

 

08.42.10 CVE: CVE-2008-3471

Platform: Microsoft Office

Title: Microsoft Excel BIFF File Format Parsing Remote Code Execution

Description: Microsoft Excel is a spreadsheet application that is part

of the Microsoft Office suite. Excel is exposed to a remote code

execution issue when parsing malformed Excel files. This issue occurs

because the application fails to validate record values in Excel BIFF

files.

Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-068/

______________________________________________________________________

 

08.42.11 CVE: CVE-2008-4019

Platform: Microsoft Office

Title: Microsoft Excel Formula Parsing Remote Code Execution

Description: Microsoft Excel is a spreadsheet application that is part

of the Microsoft Office suite. Excel is exposed to a remote code

execution issue when parsing malformed Excel files. This issue occurs

when the application tries to process malformed formulas stored in

spreadsheet cells.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx

______________________________________________________________________

 

08.42.12 CVE: Not Available

Platform: Other Microsoft Products

Title: Microsoft PicturePusher "PipPPush.dll" ActiveX Control

Arbitrary File Download

Description: Microsoft PicturePusher ActiveX control is for sharing

images. The control is exposed to an issue that lets attackers

download arbitrary files. This vulnerability leverages the "AddString"

and "Post" attributes of the "PipPPush.dll" ActiveX control.

"PipPPush.dll" version 7.00.0709 is affected.

Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOI

D=774845&poid=

______________________________________________________________________

 

08.42.13 CVE: CVE-2008-3472

Platform: Other Microsoft Products

Title: Microsoft Internet Explorer HTML Element Cross-Domain Security

Bypass

Description: Microsoft Internet Explorer is a web browser available

for Microsoft Windows. The browser is exposed to a cross-domain

security bypass issue because it fails to enforce the same-origin

policy. The issue occurs when handling an unspecified HTML element.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx

______________________________________________________________________

 

08.42.14 CVE: CVE-2008-3473

Platform: Other Microsoft Products

Title: Microsoft Internet Explorer Event Handling Cross-Domain

Security Bypass

Description: Microsoft Internet Explorer is a web browser available

for Microsoft Windows. The browser is exposed to a cross-domain

security bypass issue because it fails to enforce the same-origin

policy. The issue occurs when handling unspecified events within a

window object.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx

______________________________________________________________________

 

08.42.15 CVE: CVE-2008-3475

Platform: Other Microsoft Products

Title: Microsoft Internet Explorer Uninitialized Object Remote Memory

Corruption

Description: Microsoft Internet Explorer is a browser for the Windows

operating system. Internet Explorer is exposed to a remote memory

corruption issue when handling an object that has not been properly

initialized or has been deleted.

Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-069/

______________________________________________________________________

 

08.42.16 CVE: CVE-2008-3476

Platform: Other Microsoft Products

Title: Microsoft Internet Explorer HTML Objects Uninitialized Memory

Corruption

Description: Microsoft Internet Explorer is a browser for the Windows

operating system. Internet Explorer is exposed to a remote memory

corruption issue when handling HTML objects that have not been

properly initialized.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx

______________________________________________________________________

 

08.42.17 CVE: CVE-2008-3466

Platform: Other Microsoft Products

Title: Microsoft Host Integration Server RPC Remote Code Execution

Description: Microsoft Host Integration Server is exposed to a remote

code execution issue caused by an unspecified error in the Systems

Network Architecture (SNA) service through a remote procedure call

(RPC). Successfully exploiting this issue would allow an attacker to

execute arbitrary code on an affected computer.

Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php

?id=745

______________________________________________________________________

 

08.42.18 CVE: CVE-2008-3479

Platform: Other Microsoft Products

Title: Microsoft Message Queuing Service RPC Query Heap Corruption

Description: Microsoft Message Queuing (MSMQ) is a messaging protocol

that allows applications running on disparate servers to communicate

in a failsafe manner. The flaw occurs within an RPC function that

fails to carry out sufficient sanity checks before using user-supplied

data to calculate a heap allocation.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx

______________________________________________________________________

 

08.42.19 CVE: CVE-2008-3474

Platform: Other Microsoft Products

Title: Microsoft Internet Explorer Cross-Domain Information Disclosure

Description: Microsoft Internet Explorer is a web browser available

for Microsoft Windows. The browser is exposed to a cross-domain

information disclosure issue because it fails to enforce the

same-origin policy.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx

______________________________________________________________________

 

08.42.20 CVE: Not Available

Platform: Third Party Windows Apps

Title: PC Tools Spyware Doctor Unspecified Denial of Service

Description: Spyware Doctor scans a PC for spyware. Spyware Doctor is

exposed to an unspecified denial of service issue. This issue is

triggered when attempting to remove certain threats from an infected

system.  Spyware Doctor version 6.0 is affected.

Ref: http://www.symantec.com/security_response/writeup.jsp?docid=2003-

050114-4908-99

______________________________________________________________________

 

08.42.21 CVE: Not Available

Platform: Third Party Windows Apps

Title: Avaya one-X Desktop Edition SIP Remote Denial of Service

Description: Avaya one-X Desktop Edition is a softphone application

that enables SIP-based (Session Initiation Protocol) endpoints on

computers running the Microsoft Windows operating system. The

application is exposed to a remote denial of  service issue that

occurs in SIP. Avaya one-X Desktop Edition version 2.1 is affected.

Ref: http://www.voipshield.com/research-details.php?id=124&s=1&threats

_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC

______________________________________________________________________

 

08.42.22 CVE: CVE-2008-3814

Platform: Third Party Windows Apps

Title: Cisco Unity Remote Administration Authentication Bypass

Description: Cisco Unity is a voice and messaging platform for

Microsoft Windows. Cisco Unity is exposed to an authentication bypass

issue in its web administration interface. This issue occurs when the

Unity server is configured to use anonymous authentication.

Ref: http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtm

l

______________________________________________________________________

 

08.42.23 CVE: Not Available

Platform: Third Party Windows Apps

Title: Cisco Unity 7.0 Multiple Remote Vulnerabilities

Description: Cisco Unity is a voice and messaging platform for

Microsoft Windows. Cisco Unity is affected to multiple remote issues.

Multiple unspecified denial of service issues are reported in the

Unity server. Cisco Unity version 7.0 is affected.

Ref: http://www.voipshield.com/research-details.php?id=129&s=1&threats

_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC

______________________________________________________________________

 

08.42.24 CVE: Not Available

Platform: Third Party Windows Apps

Title: WinFTP Server "NLIST" Command Remote Denial of Service

Description: WinFTP Server is a multithreaded FTP server for Microsoft

Windows. The application is exposed to a remote denial of

service issue. Specifically, in the "PASV" mode, if an attacker

supplies maliciously crafted data to the "NLIST" command, the issue is

triggered. WinFTP version 2.0.2 is affected.

Ref: http://www.securityfocus.com/bid/31686

______________________________________________________________________

 

08.42.25 CVE: Not Available

Platform: Third Party Windows Apps

Title: Lenovo Rescue and Recovery "tvtumon.sys" Heap Overflow

Description: Lenovo Rescue and Recovery is an application for

Microsoft Windows. Lenovo Rescue and Recovery is exposed to a

heap-based overflow issue that resides in the "tvtumon.sys" device

driver. Lenovo Rescue and Recover version 4.20 is affected.

Ref: http://www.securityfocus.com/archive/1/497277

______________________________________________________________________

 

08.42.26 CVE: Not Available

Platform: Third Party Windows Apps

Title: RaidenFTPD "MLST" Command Remote Denial of Service

Description: RaidenFTPD is an FTP server for Microsoft Windows.

RaidenFTPD is exposed to a remote denial of service issue that occurs

in the handling of the "MLST" command when used in conjunction with

the "CWD" command and malicious arguments. RaidenFTPD version 2.4

build 3620 is affected.

Ref: http://www.securityfocus.com/bid/31741

______________________________________________________________________

 

08.42.27 CVE: CVE-2008-4385

Platform: Third Party Windows Apps

Title: Husdawg System Requirements Lab ActiveX Control Unspecified

Remote Code Execution

Description: Husdawg System Requirements Lab ActiveX control is a

browser component that is used to analyze hardware and software on the

computer it runs. The control is exposed to a remote code execution

issue due to unspecified errors.

Ref: http://www.microsoft.com/technet/security/advisory/956391.mspx

______________________________________________________________________

 

08.42.28 CVE: Not Available

Platform: Third Party Windows Apps

Title: Titan FTP Server "SITE WHO" Command Remote Denial of Service

Description: Titan FTP Server is an FTP server application available

for Microsoft Windows. Titan FTP Server is exposed to a remote denial

of service issue that occurs when handling malformed data passed to

the "SITE WHO" FTP server command. Titan FTP Server version 6.26 build

630 is affected.

Ref: http://www.securityfocus.com/bid/31757

______________________________________________________________________

 

08.42.29 CVE: CVE-2008-4211

Platform: Mac Os

Title: Apple OS X QuickLook Excel File Integer Overflow

Description: Apple OS X QuickLook is a file preview feature. The

application is exposed to an integer overflow issue because it fails

to perform adequate boundary checks on user-supplied input.

Ref: http://www.securityfocus.com/bid/31707

______________________________________________________________________

 

08.42.30 CVE: CVE-2008-4212

Platform: Mac Os

Title: Apple Mac OS X "hosts.equiv" Security Bypass

Description: Apple Mac OS X is an operating system for Apple

computers. Apple Mac OS X is exposed to a security bypass issue that

may allow remote attackers unexpected access to affected computers.

Attackers may exploit this issue to login as the root user without

authentication from specific trusted hosts.

Ref: http://www.securityfocus.com/bid/31708

______________________________________________________________________

 

08.42.31 CVE: CVE-2008-3645

Platform: Mac Os

Title: Apple Mac OS X "configd" EAPOLController Plugin Local Heap

Based Buffer Overflow

Description: Apple Mac OS X is exposed to a local heap-based buffer

overflow issue because it fails to adequately bounds check

user-supplied input. This issue affects the Inter-Process

Communication (IPC) component of the EAPOLController plugin of the

"configd" daemon.

Ref: http://support.apple.com/kb/HT3216

______________________________________________________________________

 

08.42.32 CVE: CVE-2008-3642

Platform: Mac Os

Title: Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow

Description: Apple Mac OS X is exposed to a remote buffer overflow

issue that occurs in ColorSync. This issue occurs because the

application fails to perform adequate boundary checks on user-supplied

data. The vulnerability occurs when handling malformed image files

that contain an embedded ICC profile.

Ref: http://www.securityfocus.com/bid/31715

______________________________________________________________________

 

08.42.33 CVE: CVE-2008-4214

Platform: Mac Os

Title: Apple Script Editor Unspecified Insecure Temporary File

Creation

Description: Apple Script Editor is an editor for Apple Script code

for the Mac OS X operating system. Apple Script Editor is exposed to

an insecure temporary file creation issue related to application

scripting dictionary files.

Ref: http://www.securityfocus.com/bid/31716

______________________________________________________________________

 

08.42.34 CVE: CVE-2008-4215

Platform: Mac Os

Title: Apple Mac OS X Server Weblog Access Control List Security

Bypass

Description: Apple Mac OS X Server is an operating system for Apple

computers. Apple Mac OS X Server Weblog is exposed to a

security bypass issue because it may fail to properly save ACLs

(Access Control Lists). Mac OS X Server versions 10.4 through 10.4.11

is affected.

Ref: http://www.securityfocus.com/bid/31718

______________________________________________________________________

 

08.42.35 CVE: CVE-2008-3647

Platform: Mac Os

Title: Apple PSNormalizer PostScript Buffer Overflow

Description: PSNormalizer is an application for processing PostScript

files. The application is exposed to a buffer overflow issue that

arises when the application handles specially-crafted PostScript

files. Specifically, the issue is caused by PSNormalizer's handling of

the bounding-box comment in PostScript files.

Ref: http://support.apple.com/kb/HT3216

______________________________________________________________________

 

08.42.36 CVE: CVE-2008-3643

Platform: Mac Os

Title: Apple Finder Denial of Service

Description: Apple Finder is responsible for the overall

user-management of files, disks, network volumes and the launching of

other applications on Mac systems. The application is exposed to a

denial of service issue. Specifically, this vulnerability occurs when

the application attempts to create an icon for maliciously crafted

files which are located on the desktop. Mac OS X versions v10.5.5 and

Mac OS X Server v10.5.5 are affected.

Ref: http://support.apple.com/kb/HT3216

______________________________________________________________________

 

08.42.37 CVE: CVE-2008-3646

Platform: Mac Os

Title: Apple Mac OS X 10.5 Postfix Security Bypass

Description: Apple Mac OS X Postfix is an open-source email server.

The application is exposed to a security bypass issue that arises

because Postfix remains accessible from the network for a period of

one minute after a local command-line tool is used to send mail. Mac

OS X v10.5 is affected.

Ref: http://support.apple.com/kb/HT3216

______________________________________________________________________

 

08.42.38 CVE: Not Available

Platform: Mac Os

Title: Apple Mac OS X 10.5 "launchd" Unspecified Security Bypass

Description: Apple Mac OS X "launchd" is an open-source email server.

An application's request to execute in a sandbox may fail due to an

unspecified issue in "launchd". Mac OS X v10.5 is affected.

Ref: http://support.apple.com/kb/HT3216

______________________________________________________________________

 

08.42.39 CVE: CVE-2008-4394

Platform: Linux

Title: Gentoo "sys-apps/portage" Search Path Local Privilege

Escalation

Description: Gentoo "sys-apps/portage" is a package manager for

installing, compiling, and updating packages through the Gentoo rsync

tree. Gentoo sys-app/portage is exposed to a local privilege

escalation issue. This issue occurs because the application fails to

change the current working directory when using the "emerge" command

line tool.

Ref: http://www.securityfocus.com/bid/31670

______________________________________________________________________

 

08.42.40 CVE: Not Available

Platform: Linux

Title: Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of

Service

Description: The Linux kernel is exposed to a remote denial of service

issue because it fails to handle mismatched SCTP AUTH extension

settings between peers. This issue occurs when certain INIT-ACK

packets are received, indicating that the peer doesn't support AUTH.

Linux kernel versions prior to 2.6.27-rc6-git6 are affected.

Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1039

______________________________________________________________________

 

08.42.41 CVE: Not Available

Platform: Linux

Title: Debian chm2pdf Insecure Temporary File Creation

Description: Debian chm2pdf  is a python script for converting CHM

files into PDF files. The application creates temporary directories in

an insecure manner. Successfully mounting a symlink attack may allow

the attacker to delete or corrupt sensitive files, which may result in

a denial of service. chm2pdf version 0.9.1 is affected.

Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959

______________________________________________________________________

 

08.42.42 CVE: CVE-2008-3641

Platform: Unix

Title: CUPS "HP-GL/2" Filter Remote Code Execution

Description: CUPS, Common UNIX Printing System, is a widely used set

of printing utilities for UNIX-based systems. CUPS is exposed to a

remote code execution issue due  to an error in the "HP-GL/2" filter.

CUPS versions prior to 1.3.9 are affected.

Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-067/

______________________________________________________________________

 

08.42.43 CVE: Not Available

Platform: Unix

Title: CUPS Multiple Heap Based Buffer Overflow Vulnerabilities

Description: CUPS (Common UNIX Printing System) is a widely used set

of printing utilities for UNIX-based systems. CUPS is exposed to

multiple issues because it fails to perform adequate boundary checks

on user-supplied data before using it to allocate memory buffers. CUPS

versions prior to 1.3.9 are affected.

Ref: http://www.securityfocus.com/bid/31689

______________________________________________________________________

 

08.42.44 CVE: CVE-2008-3545

Platform: Cross Platform

Title: HP OpenView Network Node Manager "ovtopmd" Variant Unspecified

Denial of Service

Description: HP OpenView Network Node Manager is a fault management

application for IP networks. The application is exposed to an

unspecified denial of service issue affecting the "ovtopmd"

component. HP OpenView Network Node Manager versions 7.01, 7.51, and

7.53 are affected.

Ref: http://www.securityfocus.com/archive/1/497187

______________________________________________________________________

 

08.42.45 CVE: Not Available

Platform: Cross Platform

Title: Hero DVD Player ".m3u" File Buffer Overflow

Description: Hero DVD Player is a media file player. The application

is exposed to a buffer overflow issue because it fails to perform

adequate boundary checks on user-supplied input. Specifically, this

issue occurs in the "Mplayer.exe" file when it fails to handle

malformed ".m3u" files. Hero DVD Player version 3.0.8 is affected.

Ref: http://www.securityfocus.com/bid/31627

______________________________________________________________________

 

08.42.46 CVE: Not Available

Platform: Cross Platform

Title: Opera Web Browser Remote Code Execution and Security Bypass

Vulnerabilities

Description: Opera Web Browser is a browser that runs on multiple

operating systems. Opera is exposed to the multiple security issues.

Opera versions prior to 9.60 are affected.

Ref: http://www.opera.com/support/search/view/901/

______________________________________________________________________

 

08.42.47 CVE: Not Available

Platform: Cross Platform

Title: Nortel MCS 5100 UFTP Multiple Denial of Service Vulnerabilities

Description: Nortel Multimedia Communications Server (MCS) 5100 is

exposed to multiple denial of service issues. These issues result from

a failure to handle certain UNIStem File Transfer Protocol (UFTP)

data. MCS 5100 versions in the 3.0 series are affected.

Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOI

D=774845&poid=

______________________________________________________________________

 

08.42.48 CVE: Not Available

Platform: Cross Platform

Title: Avaya IP Softphone Remote Denial of Service

Description: Avaya IP Softphone is a commercially available IP

telephony application. Avaya IP Softphone is exposed to a denial of

service issue that occurs when handling large amounts of data. This

issue occurs when the application binds to a group of five consecutive

TCP ports. Avaya IP Softphone version 6.0 SP4 is affected.

Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm

______________________________________________________________________

 

08.42.49 CVE: Not Available

Platform: Cross Platform

Title: Avaya Communication Manager Web Server Configuration

Unauthorized Access

Description: Avaya Communication Manager is a messaging application.

Avaya Communication Manager is exposed to an unauthorized access issue

caused by a configuration error in the application's web server.

Ref: http://www.voipshield.com/research-details.php?id=123&s=1&threats

_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC

______________________________________________________________________

 

08.42.50 CVE: Not Available

Platform: Cross Platform

Title: Opera Cached Java Applet Privilege Escalation

Description: Opera is a web browser application available for various

operating systems. A security bypass issue may allow attackers to

execute cached Java applets. As a result, the applet can run in the

local context. Opera versions prior to 9.60 are affected.

Ref: http://www.opera.com/support/search/view/902/

______________________________________________________________________

 

08.42.51 CVE: Not Available

Platform: Cross Platform

Title: DFFFrameworkAPI "DFF_config[dir_include]" Parameter Multiple

Remote File Include Vulnerabilities

Description: DFFFrameworkAPI is an application programming interface

for developing price comparison shopping sites. The application is

exposed to multiple remote file include issues because it fails to

sufficiently sanitize user-supplied input.

Ref: http://www.securityfocus.com/bid/31644

______________________________________________________________________

 

08.42.52 CVE: Not Available

Platform: Cross Platform

Title: Graphviz Graph Parser Remote Stack Buffer Overflow

Description: Graphviz is graph visualization software. Graphviz is

exposed to a remote buffer overflow issue because it fails to perform

adequate boundary checks on user-supplied input. This issue occurs in

the "push_subg()" function in the "lib/graph/parser.y" source file.

Graphviz version 2.20.2 is affected.

Ref: http://www.securityfocus.com/archive/1/497150

______________________________________________________________________

 

08.42.53 CVE: Not Available

Platform: Cross Platform

Title: Drupal EveryBlog Module Multiple Unspecified Vulnerabilities

Description: Drupal is an open-source content manager that is

available for a number of platforms. The EveryBlog module is used for

creating blogs. The EveryBlog module for Drupal is exposed to multiple

issues. EveryBlog up to and including version 2.0 is affected.

Ref: http://drupal.org/node/318746

______________________________________________________________________

 

08.42.54 CVE: Not Available

Platform: Cross Platform

Title: YaCy Multiple Unspecified Vulnerabilities

Description: YACY is a peer-to-peer search engine application

implemented in Java. It is freely available under the GNU public

license. The application is exposed to multiple issues due to

unspecified errors. YaCy versions prior to 0.61 are affected.

Ref: http://freshmeat.net/projects/yacy/?branch_id=51198&release_id=28

6006

______________________________________________________________________

 

08.42.55 CVE: CVE-2008-4397, CVE-2008-4398, CVE-2008-4399,

CVE-2008-4400

Platform: Cross Platform

Title: Computer Associates ARCserve Backup Multiple Remote

Vulnerabilities

Description: Computer Associates ARCserve Backup products provide

backup and restore protection for Windows, NetWare, Linux, and UNIX

servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS

clients. The application is exposed to multiple remote issues.

Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?content

ID=188143

______________________________________________________________________

 

08.42.56 CVE: Not Available

Platform: Cross Platform

Title: Sun Java System Web Proxy Server FTP Subsystem Heap Based Buffer

Overflow

Description: Sun Java System Web Proxy Server is a proxy server

developed by Sun Microsystems. Sun Java System Web Proxy Server is

exposed to a heap-based buffer overflow issue because the application

fails to check user-supplied data before copying it into an

insufficiently sized buffer. Specifically the issue affects the FTP

subsystem. Sun Java System Web Proxy Server versions 4.0 up to and

including 4.0.7 are affected.

Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242986-1

 

______________________________________________________________________

 

08.42.57 CVE: CVE-2008-1678

Platform: Cross Platform

Title: OpenSSL "zlib" Compression Memory Leak Remote Denial of Service

Description: OpenSSL is an open-source cryptography library. This

library is exposed to a remote denial of service issue. Attackers can

leverage this issue to crash an application which uses this library by

consuming available memory, denying service to legitimate users. This

issue is caused by a memory leak in the "zlib_stateful_init()"

function of the "crypto/comp/c_zlib.c" source file. OpenSSL versions

0.9.8f through 0.9.8h are affected.

Ref: http://support.apple.com/kb/HT3216

______________________________________________________________________

 

08.42.58 CVE: Not Available

Platform: Cross Platform

Title: KDE Konqueror JavaScript "load" Function Denial of Service

Description: KDE Konqueror is a web browser included with the KDE

desktop manager. Konqueror is exposed to a remote denial of service

issue because it fails to handle specially-crafted JavaScript code.

Specifically, the "load" function containing an empty argument can

cause the application to crash. Konqueror version 3.5.9 is affected.

Ref: http://www.securityfocus.com/bid/31696

______________________________________________________________________

 

08.42.59 CVE: Not Available

Platform: Cross Platform

Title: NoticeWare Email Server NG "PASS" Command Remote Denial of

Service

Description: NoticeWare Email Server NG is an email server for the

Microsoft Windows platform. The application is exposed to a remote

denial of service issue. Specifically, if an attacker supplies an

excessive amount of data to the "PASS" POP3 command, the server may

crash. NoticeWare Email Server NG version 5.1.2.2 is affected.

Ref: http://www.securityfocus.com/bid/31697

______________________________________________________________________

 

08.42.60 CVE: CVE-2008-3271

Platform: Cross Platform

Title: Apache Tomcat "RemoteFilterValve" Security Bypass

Description: Apache Tomcat is a Java based web server application for

multiple operating systems. Tomcat uses Valve components to process

remote requests. An issue exists with valves derived from the

"RemoteFilterValve" class. Tomcat versions 4.1.0 through 4.1.32 and

5.5.0 are affected.

Ref: https://issues.apache.org/bugzilla/show_bug.cgi?id=25835

______________________________________________________________________

 

08.42.61 CVE: CVE-2008-3905

Platform: Cross Platform

Title: Ruby "resolv.rb" Predictable Transaction ID and Source Port DNS

Spoofing

Description: Ruby is an object-oriented scripting language. Ruby is

exposed to a DNS-spoofing issue because the software fails to securely

implement random values when performing DNS queries. Specifically,

this issue occurs because "resolv.rb" uses sequential DNS transaction

IDs and fixed source port values for DNS requests.

Ref: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilit

ies-in-ruby/

______________________________________________________________________

 

08.42.62 CVE: Not Available

Platform: Cross Platform

Title: Nokia Web Browser for S60 Infinite Array Sort Denial of Service

Description: Nokia Web Browser for S60 is a web-browser application

for phones, PDAs, and other mobile devices manufactured by Nokia.

Nokia Browser is exposed to a denial of service issue when handling

malicious HTML files. In particular, this issue occurs when attempting

to process a malicious JavaScript function embedded in a HTML file.

Ref: http://www.securityfocus.com/archive/1/497224

______________________________________________________________________

 

08.42.63 CVE: Not Available

Platform: Cross Platform

Title: GuildFTPd "LIST" Command Heap Overflow

Description: GuildFTPd is a Windows based FTP server. GuildFTPd is

exposed to a heap-based buffer overflow issue because the application

fails to perform adequate boundary checks on user-supplied data.

GuildFTPd versions 0.999.8.11 and v0.999.14 are affected.

Ref: http://www.securityfocus.com/bid/31729

______________________________________________________________________

 

08.42.64 CVE: Not Available

Platform: Cross Platform

Title: XM Easy Personal FTP Server "NSLT" Command Remote Denial of

Service

Description: XM Easy Personal FTP Server is an FTP server for

Microsoft Windows. XM Easy Personal FTP Server is exposed to a remote

denial of service issue that occurs in the handling of the "NLST"

command with the "-l" argument. XM Easy Personal FTP Server version

5.6.0 is affected.

Ref: http://www.securityfocus.com/bid/31739

______________________________________________________________________

 

08.42.65 CVE: Not Available

Platform: Cross Platform

Title: Oracle Database Server "CREATE ANY DIRECTORY" Privilege

Escalation

Description: Oracle Database Server is an enterprise database server

system available for multiple operating platforms. Oracle is exposed

to a privilege escalation issue. A database user with the "CREATE ANY

DIRECTORY" privilege may create a directory pointing to the existing

database password file. Oracle Database versions 10.1, 10.2 and 11g

are affected.

Ref: http://www.oracleforensics.com/wordpress/index.php/2008/10/10/cre

ate-any-directory-to-sysdba/

______________________________________________________________________

 

08.42.66 CVE: Not Available

Platform: Cross Platform

Title: Websense Reporter "CreateDbInstall.log" Local Information

Disclosure

Description: Websense Reporter is a reporting system that works with

Websense Enterprise. The application is exposed to a local information

disclosure issue because it fails to securely store sensitive data.

Specifically, the SQL administrator's login and password are stored in

plain-text in the "CreateDbInstall.log" log file. Websense Reporter

version 6.3.2 is affected.

Ref: http://www.securityfocus.com/bid/31746

______________________________________________________________________

 

08.42.67 CVE: Not Available

Platform: Cross Platform

Title: Mozilla Firefox ".url" Shortcut Processing Information

Disclosure

Description: Mozilla Firefox is exposed to an information disclosure

issue when processing ".url" shortcut files in HTML elements. An

attacker can exploit the issue to disclose sensitive information such

as browser cache files, cookie data or local file system details.

Mozilla Firefox versions 3.0.1, 3.0.2 and 3.0.3 are affected.

Ref: http://liudieyu0.blog124.fc2.com/blog-entry-6.html

______________________________________________________________________

 

08.42.68 CVE: Not Available

Platform: Cross Platform

Title: IBM ENOVIA Security Bypass

Description: IBM ENOVIA is Product Lifecycle Management software from

IBM. The application is exposed to an unspecified security bypass

issue. ENOVIA versions prior to V5R18 SP5 are affected.

Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27012567

______________________________________________________________________

 

08.42.69 CVE: Not Available

Platform: Cross Platform

Title: Sun Solstice AdminSuite "sadmind" "adm_build_path()" Remote

Stack Buffer Overflow

Description: Sun Solstice AdminSuite is a set of remote tools used for

system administration. Sun Solstice AdminSuite is exposed to a remote

buffer overflow issue because it fails to perform adequate boundary

checks on user-supplied input.

Ref: http://www.securityfocus.com/archive/1/497311

______________________________________________________________________

 

08.42.70 CVE: Not Available

Platform: Cross Platform

Title: Etype Eserv FTP "ABOR" Command Remote Stack-Based Buffer

Overflow

Description: Etype Eserv is a server which handles multiple protocols,

including FTP. Eserv is developed for Microsoft Windows. Eserv is

exposed to a remote stack-based buffer overflow issue that results

from a failure to handle excessively long parameters to the "ABOR"

command. Eserv version 3.26 is affected.

Ref: http://www.securityfocus.com/bid/31753

______________________________________________________________________

 

08.42.71 CVE: Not Available

Platform: Cross Platform

Title: VLC Media Player XSPF Playlist Memory Corruption

Description: VLC is a cross-platform media player. VLC is exposed to a

heap-based memory corruption issue because it fails to perform

adequate checks on user-supplied input. This occurs within the

"demux/playlist/xspf.c" source file when parsing XSPF playlist files.

VLC media player versions prior to 0.9.3 are affected.

Ref: http://www.securityfocus.com/bid/31757

______________________________________________________________________

 

08.42.72 CVE: CVE-2008-0019

Platform: Cross Platform

Title: Oracle Weblogic Server Apache Connector Stack-Based Buffer

Overflow

Description: Oracle Weblogic Server Apache Connector is an Apache

module used to proxy requests from the Apache web server to Oracle

Weblogic Server. Oracle Weblogic Server Apache Connector is exposed to

a stack-based buffer overflow issue because the application fails to

bounds check user-supplied data before copying it into an

insufficiently sized buffer.

Ref: http://www.iss.net/threats/304.html

______________________________________________________________________

 

08.42.73 CVE: CVE-2008-4020

Platform: Web Application - Cross Site Scripting

Title: Microsoft Office CDO Protocol Cross-Site Scripting

Description: Collaboration Data Objects (CDO) is an API provided by

Microsoft. Microsoft Office is exposed to a cross-site scripting issue

that arises because the software fails to handle specially crafted CDO

protocol URIs in a proper manner. Office XP Service Pack 3 is

affected.

Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-056.mspx

______________________________________________________________________

 

08.42.74 CVE: Not Available

Platform: Web Application - Cross Site Scripting

Title: EEB-CMS "index.php" Cross-Site Scripting

Description: EEB-CMS is a PHP based application used for content

management. The application is exposed to a cross-site scripting issue

because it fails to sufficiently sanitize user-supplied input to the

"content" parameter of the "index.php" script. EEB-CMS version 0.95 is

affected.

Ref: http://www.securityfocus.com/bid/31732

______________________________________________________________________

 

08.42.75 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Pre News Manager "news_detail.php" SQL Injection

Description: Pre News Manager is a PHP based news-publishing

application. The application is exposed to an SQL injection issue

because it fails to sufficiently sanitize user-supplied data to the

"nid" parameter of the "news_detail.php" script before using it in an

SQL query. Pre News Manager version 1.0 is affected.

Ref: http://www.securityfocus.com/archive/1/497185

______________________________________________________________________

 

08.42.76 CVE: Not Available

Platform: Web Application - SQL Injection

Title: GForge Multiple SQL Injection Vulnerabilities

Description: GForge is a PHP-based application for managing source

code. The application is exposed to multiple SQL injection issues

because it fails to sufficiently sanitize user-supplied input.

Ref: http://www.securityfocus.com/bid/31674

______________________________________________________________________

 

08.42.77 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TorrentTrader Classic Edition "completed-advance.php" SQL

Injection

Description: TorrentTrader Classic Edition is a PHP-based torrent

tracker. The application is exposed to an SQL injection issue because

it fails to sufficiently sanitize user-supplied data to the "id"

parameter of the "completed-advance.php" script before using it in an

SQL query. TorrentTrader Classic Edition versions up to and including

1.04 are affected.

Ref: http://www.securityfocus.com/bid/31626

______________________________________________________________________

 

08.42.78 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Built2Go Real Estate Listings "event_detail.php" SQL Injection

Description: Built2Go Real Estate Listings is a web-based application.

The application is exposed to an SQL injection issue because it fails

to sufficiently sanitize user-supplied data to the "event_id"

parameter of the "event_detail.php" script file before using it in an

SQL query. Built2Go Real Estate Listings version 1.5 is affected.

Ref: http://www.securityfocus.com/bid/31628

______________________________________________________________________

 

08.42.79 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Brain Book Software AdMan "editCampaign.php" SQL Injection

Description: Brain Book Software AdMan is an advertisement management

server. The application is exposed to an SQL injection issue because

it fails to sufficiently sanitize user-supplied data to the

"campaignId" parameter of the "editCampaign.php" script before using

it in an SQL query. AdMan version 1.1.20070907 is affected.

Ref: http://www.securityfocus.com/bid/31646

______________________________________________________________________

 

08.42.80 CVE: Not Available

Platform: Web Application - SQL Injection

Title: HispaH Text Link ADS "index.php" SQL Injection

Description: HispaH Text Link ADS is a PHP-based advertisement

application. The application is exposed to an SQL injection issue

because it fails to properly sanitize user-supplied input to the

"idcat" parameter of the "index.php" script when the "action"

parameter is set to "buy".

Ref: http://www.securityfocus.com/bid/31649

______________________________________________________________________