*************************************************************************

            @RISK: The Consensus Security Vulnerability Alert

October 23, 2008                                          Vol. 7. Week 43

*************************************************************************

 

@RISK is the SANS community's consensus bulletin summarizing the most

important vulnerabilities and exploits identified during the past week

and providing guidance on appropriate actions to protect your systems

(PART I). It also includes a comprehensive list of all new

vulnerabilities discovered in the past week (PART II).

 

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities

- ------------------------        -------------------------------------

Microsoft Windows                               1 (#1)

Other Microsoft Products                        1

Third Party Windows Apps                        4 (#4, #5)

Linux                                           2

Unix                                            1

Cross Platform                                 19 (#2, #3)

Web Application - Cross Site Scripting          7

Web Application - SQL Injection                31

Web Application                                18

 

******************************************************************

 

Table Of Contents

 

Part I -- Critical Vulnerabilities from TippingPoint

 

(www.tippingpoint.com)

Widely Deployed Software

(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability

(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow

(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer Overflow

(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow

(5) HIGH: Hummingbird Multiple Vulnerabilities

 

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from

Qualys (www.qualys.com)

 

 -- Other Microsoft Products

08.43.1  - Microsoft Outlook Web Access for Exchange Server "redir.asp" URI Redirection

 -- Third Party Windows Apps

08.43.2  - Hummingbird HostExplorer ActiveX Control "PlainTextPassword()" Buffer Overflow

08.43.3  - Hummingbird Deployment Wizard 10 "DeployRun.dll" ActiveX Control Multiple Security Vulnerabilities

08.43.4  - Dart Communications PowerTCP FTP for ActiveX "DartFtp.dll" Buffer Overflow

08.43.5  - Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation

 -- Linux

08.43.6  - Linux Kernel i915 Driver "drivers/char/drm/i915_dma.c" Memory Corruption

08.43.7  - Linux Kernel SCTP Protocol Violation Remote Denial of Service

 -- Unix

08.43.8  - Symantec Veritas File System "qioadmin" Local Information Disclosure

 -- Cross Platform

08.43.9  - Adobe Flash CS3 Professional SWF File Remote Code Execution

08.43.10 - jhead versions Prior to 2.84 Multiple Vulnerabilities

08.43.11 - Hewlett-Packard Systems Insight Manager Unspecified Unauthorized Access

08.43.12 - Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of Service

08.43.13 - Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service

08.43.14 - Apache HTTP Server OS Fingerprinting Unspecified Security

08.43.15 - Hitachi JP1/File Transmission Server/FTP File Modification Unauthorized Access

08.43.16 - Hitachi JP1/File Transmission Server/FTP Unspecified Denial of Service

08.43.17 - VLC Media Player TY File Stack Based Buffer Overflow

08.43.18 - "nfs-utils" Package "hosts_ctl()" Security Bypass

08.43.19 - MUSCLE "Message::AddToString()" Buffer Overflow

08.43.20 - FireGPG Insecure Temporary File Creation

08.43.21 - Symantec Veritas File System "qiomkfile" Local Information Disclosure

08.43.22 - Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic Emanation Capture

08.43.23 - RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code Execution

08.43.24 - Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities

08.43.25 - IBM WebSphere Application Server Denial of Service And Security Bypass Vulnerabilities

08.43.26 - F-Secure Multiple Products RPM File Integer Overflow

08.43.27 - Symantec Altiris Deployment Solution Clear Text Password Local Information Disclosure

 -- Web Application - Cross Site Scripting

08.43.28 - Elxis CMS "index.php" Multiple Cross-Site Scripting and Session Fixation Vulnerabilities

08.43.29 - Habari "habari_username" Parameter Cross-Site Scripting

08.43.30 - WebGUI Security Bypass and Multiple Cross-Site Scripting Vulnerabilities

08.43.31 - cpCommerce Multiple Cross-Site Scripting Vulnerabilities

08.43.32 - Movable Type Prior to Version 4.22 Unspecified Cross-Site Scripting

08.43.33 - MyNETS Unspecified Cross-Site Scripting

08.43.34 - Wysi Wiki Wyg "index.php" Cross-Site Scripting

 -- Web Application - SQL Injection

08.43.35 - AstroSPACES "profile.php" SQL Injection

08.43.36 - PhpWebGallery "comments.php" SQL Injection and Code Execution Vulnerabilities

08.43.37 - MyPHPDating "success_story.php" SQL Injection

08.43.38 - myStats Security Bypass and SQL Injection Vulnerabilities

08.43.39 - myEvent "viewevent.php" SQL Injection

08.43.40 - SweetCMS "index.php" SQL Injection

08.43.41 - WEB//NEWS Multiple SQL Injection Vulnerabilities

08.43.42 - Drupal Node Vote Module Cast Vote SQL Injection

08.43.43 - IP Reg "locationdel.php" SQL Injection

08.43.44 - Mosaic Commerce "category.php" SQL Injection

08.43.45 - CafeEngine "id" Parameter Multiple SQL Injection Vulnerabilities

08.43.46 - CafeEngine Easy Cafe Engine "itemid" Parameter SQL Injection

08.43.47 - ShiftThis Newsletter WordPress Plugin "stnl_iframe.php" SQL Injection

08.43.48 - Zeeproperty "bannerclick.php" SQL Injection

08.43.49 - XOOPS GesGaleri Module "index.php" SQL Injection

08.43.50 - Meeting Room Booking System "month.php" SQL Injection

08.43.51 - myWebland miniBloggie "del.php" SQL Injection

08.43.52 - Nice Talk Joomla! Component "tagid" Parameter SQL Injection

08.43.53 - DS-Syndicate Joomla! Component "feed_id" Parameter SQL Injection

08.43.54 - Woltlab Burning Board rGallery Plugin "itemID" Parameter SQL Injection

08.43.55 - e107 CMS

08.43.56 - Jetbox CMS Multiple SQL Injection Vulnerabilities

08.43.57 - PHP-Nuke Sarkilar Module "id" Parameter SQL Injection

08.43.58 - Makale XOOPS Module "makale.php" SQL Injection

08.43.59 - Limbo CMS "open.php" SQL Injection

08.43.60 - TYPO3 JobControl Extension Unspecified SQL Injection

08.43.61 - TYPO3 Econda Plugin Extension Unspecified SQL Injection

08.43.62 - TYPO3 Frontend Users View Extension Unspecified SQL Injection

08.43.63 - TYPO3 Mannschaftsliste Extension Unspecified SQL Injection

08.43.64 - TYPO3 M1 Intern Extension Unspecified SQL Injection

08.43.65 - TYPO3 Simple survey Extension Unspecified SQL Injection

 -- Web Application

08.43.66 - myPHPNuke "displayCategory.php" Multiple Remote File Include Vulnerabilities

08.43.67 - Drupal Node Clone Module Information Disclosure

08.43.68 - Kure Multiple Local File Include Vulnerabilities

08.43.69 - Mic_blog SQL Injection and Unauthorized Access Vulnerabilities

08.43.70 - Mantis "manage_proj_page.php" PHP Code Injection

08.43.71 - Calendars for the Web Security Bypass

08.43.72 - XOOPS "hisa_cart" Module Remote Information Disclosure

08.43.73 - Post Affiliate Pro "index.php" Local File Include

08.43.74 - Slaytanic Scripts Content Plus Version 2.1.1 Multiple Unspecified Vulnerabilities

08.43.75 - FlashChat "connection.php" Role Filter Security Bypass

08.43.76 - phpFastNews Cookie Authentication Bypass

08.43.77 - FCKeditor "command.php" Arbitrary File Upload

08.43.78 - Vivvo Article Management "classified_path" Parameter Remote File Include

08.43.79 - HP SiteScope SNMP Trap HTML Injection

08.43.80 - Fast Click SQL Lite "init.php" Remote File Include

08.43.81 - Midgard Components Framework Multiple Unspecified Vulnerabilities

08.43.82 - yappa-ng "album" Parameter Local File Include

08.43.83 - Opera Web Browser HTML Injection and Cross-Site Scripting Vulnerabilities

 

************************  Sponsored Link:  ******************************

1) Learn about data leakage, PCI compliance, identity theft, botnets,

crimeware, security trends, and more. Register Today 

http://www.sans.org/info/34518

*************************************************************************

 

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a

division of 3Com, as a by-product of that company's continuous effort to

ensure that its intrusion prevention products effectively block exploits

using known vulnerabilities. TippingPoint's analysis is complemented by

input from a council of security managers from twelve large organizations

who confidentially share with SANS the specific actions they have taken

to protect their systems. A detailed description of the process may be

found at http://www.sans.org/newsletters/cva/#process

 

*****************************

Widely Deployed Software

*****************************

(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability

Affected:

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003

Microsoft Windows Vista

Microsoft Windows Server 2008

Description: Microsoft has provided advanced notification of a

vulnerability in a Remote Procedure Call (RPC) service. The

vulnerability was deemed severe enough to warrant an out-of-cycle

security update from Microsoft. The exact details of the vulnerability

have yet to be released, but are expected to be released sometime on

October 23rd, with a question-and-answer session via webcast. The

vulnerability allows for unauthenticated users to execute arbitrary code

on vulnerable systems.  Microsoft believes that the vulnerability could

be exploited in such a way as to provide creation of a worm.

Status: Vendor confirmed, updates available.

References:

Microsoft Security Bulletin

http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

Microsoft Webcast Information

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103239

3978&EventCategory=4&culture=en-US&CountryCode=US

Microsoft Security Bulletin Update

http://go.microsoft.com/fwlink/?LinkId=130719

Microsoft Advanced Notification

http://blogs.technet.com/sus/archive/2008/10/23/microsoft-security-

bulletin-advance-notification-for-october-2008.aspx

SecurityFocus BID

http://www.securityfocus.com/bid/31874

 

***************************************************************

(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow

Affected:

libspf2 versions prior to 1.2.8

Description: SPF is the Sender Policy Framework (formerly "Sender

Permitted From"). SPF is a mechanism to help prevent unauthorized or

undesired email messages ("spam") by indicating from what servers a

domain can send email. Receiving mail servers can check SPF records

exported via DNS records to determine if a server sending email from a

domain is legitimately doing so. LibSPF2 is a popular implementation of

the SPF protocol and is used by a variety of mail and DNS products. It

contains a buffer overflow in its processing of SPF records exported from

DNS. A specially crafted SPF record could trigger this vulnerability. In

most common scenarios, an attacker could exploit this vulnerability by

simply sending an email message to a sever known to check SPF records.;

therefore no user interaction is required. Successfully exploiting this

vulnerability would allow an attacker to execute arbitrary code with the

privileges of the vulnerable process, often a high-privilege account.

Full technical details and a proof-of-concept are publicly available for

this vulnerability.

Status: Vendor confirmed, updates available.

References:

Proof-of-Concept

http://downloads.securityfocus.com/vulnerabilities/exploits/31881.pl

Documentation by Dan Kaminsky

http://www.doxpara.com/?page_id=1256

Wikipedia Article on Sender Policy Framework

http://en.wikipedia.org/wiki/Sender_Policy_Framework

Vendor Home Page

http://www.libspf2.org/index.html

SecurityFocus BID

http://www.securityfocus.com/bid/31881

 

***************************************************************

(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer

Overflow

Affected:

Multiple F-Secure products; see vendor advisory

Description: The RPM Package Manager (formerly the Red Hat Package

Manager, commonly "RPM") is a package manager used by a number of Linux-

and Unix-based operating systems. Its packages are distributed in files

referred to as "RPMs". A number of F-Secure malware scanning products

contain an integer overflow when processing RPM packages. A specially

crafted RPM package could trigger this overflow, leading to arbitrary

code execution with the privileges of the vulnerable process. In

situations where the vulnerable product is used to scan email messages,

it is sufficient to have an email message transiting the server to

trigger the vulnerability; no user interaction is necessary. Some

technical details are publicly available for this vulnerability.

Additionally, the RPM file format is open and well documented, making it

amenable to fuzzing.

Status: Vendor confirmed, updates available.

References:

Vendor Security Advisory

http://www.f-secure.com/security/fsc-2008-3.shtml

Wikipedia Article on RPM

http://en.wikipedia.org/wiki/RPM_Package_Manager

RPM Home Page

http://www.rpm.org

Vendor Home Page

http://www.f-secure.com/

SecurityFocus BID

http://www.securityfocus.com/bid/31846

 

***************************************************************

(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow

Affected:

Trend Microsoft OfficeScan versions 8.0 SP1 and prior

Description: Trend Micro OfficeScan is a popular enterprise malware

scanning application. It provides administrative and other facilities via

a web interface, using the Common Gateway Interface (CGI). Some of the

web interface CGI programs contain buffer overflow vulnerabilities in

their handling of HTTP requests. A specially crafted request to the web

interface could trigger one of these buffer overflows, allowing an

attacker to execute arbitrary code with the privileges of the vulnerable

process. Some technical details are publicly available for these

vulnerabilities.

Status: Vendor confirmed, updates available.

References:

Secunia Security Advisory

http://secunia.com/secunia_research/2008-40/

Vendor Security Advisory

http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_Critica

lPatch_B3110_readme.txt

Wikipedia Article on the Common Gateway Interface

http://en.wikipedia.org/wiki/Common_Gateway_Interface

Vendor Home Page

http://www.trendmicro.com

SecurityFocus BID

http://www.securityfocus.com/bid/31859

 

***************************************************************

(5) HIGH: Hummingbird Multiple Vulnerabilities

Affected:

Hummingbird Deployment Wizard 10 ActiveX Control

Hummingbird Host Explorer ActiveX Control versions 8.0 and prior

Description: Hummingbird Host Explorer is a popular terminal access

solution for remote systems, and the Hummingbird Deployment Wizard is a

product used to deploy other Hummingbird products. Both products provide

some of their functionality via ActiveX controls. These controls contain

various vulnerabilities, including buffer overflow and input validation

vulnerabilities. A specially crafted web page that instantiated one of

these controls could trigger one of these vulnerabilities, allowing an

attacker to execute arbitrary code with the privileges of the current

user. Technical details are publicly available for these vulnerabilities.

A proof-of-concept is also publicly available.

Status: No confirmed updates available. Users can disable the affected

controls via Microsoft's "kill bit' mechanism. Note that this will affect

normal application functionality.

References:

Proof-of-Concept

http://milw0rm.com/exploits/6776

Vendor Home Page

http://connectivity.hummingbird.com/home/connectivity.html

Microsoft Knowledge Base Article (details the "kill bit" mechanism)

http://support.microsoft.com/kb/240797

SecurityFocus BIDs

http://www.securityfocus.com/bid/31799

http://www.securityfocus.com/bid/31783

 

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities

Week 43, 2008

 

This list is compiled by Qualys ( www.qualys.com ) as part of that

company's ongoing effort to ensure its vulnerability management web

service tests for all known vulnerabilities that can be scanned. As of

this week Qualys scans for 5549 unique vulnerabilities. For this special

SANS community listing, Qualys also includes vulnerabilities that cannot

be scanned remotely.

 

08.43.1 CVE: CVE-2008-1547

Platform: Other Microsoft Products

Title: Microsoft Outlook Web Access for Exchange Server "redir.asp"

URI Redirection

Description: Outlook Web Access (OWA) is a web mail component of

Microsoft Exchange Server. Outlook Web Access is exposed to a remote

URI redirection issue because it fails to properly sanitize

user-supplied input in the "URL" parameter of the "redir.asp" script.

Outlook Web Access version 6.5 SP 2 is affected.

Ref: http://www.securityfocus.com/archive/1/497374

______________________________________________________________________

 

08.43.2 CVE: Not Available

Platform: Third Party Windows Apps

Title: Hummingbird HostExplorer ActiveX Control "PlainTextPassword()"

Buffer Overflow

Description: Hummingbird HostExplorer is terminal emulation software.

HostExplorer includes an ActiveX control for Microsoft Windows

clients. The application is exposed to a buffer overflow issue because

it fails to perform adequate boundary checks on user-supplied input.

Ref: http://www.securityfocus.com/bid/31781

______________________________________________________________________

 

08.43.3 CVE: Not Available

Platform: Third Party Windows Apps

Title: Hummingbird Deployment Wizard 10 "DeployRun.dll" ActiveX

Control Multiple Security Vulnerabilities

Description: Hummingbird Deployment Wizard 10 ActiveX control is an

application used by Hummingbird products to aid in software

installation and configuration. The ActiveX control provided by the

"DeployRun.dll" file is exposed to multiple issues that attackers can

exploit to run arbitrary code. Hummingbird Deployment Wizard version

10 10.0.0.44 is affected.

Ref: http://support.microsoft.com/kb/240797

______________________________________________________________________

 

08.43.4 CVE: Not Available

Platform: Third Party Windows Apps

Title: Dart Communications PowerTCP FTP for ActiveX "DartFtp.dll"

Buffer Overflow

Description: PowerTCP FTP for ActiveX is an ActiveX control that

utilizes an FTP client. The application is exposed to a buffer

overflow issue because it fails to perform adequate boundary checks on

user-supplied input. PowerTCP FTP for ActiveX version 2.0.2.0

is affected.

Ref: http://www.securityfocus.com/bid/31814

______________________________________________________________________

 

08.43.5 CVE: Not Available

Platform: Third Party Windows Apps

Title: Symantec Altiris Deployment Solution Client User Interface

Local Privilege Escalation

Description: Symantec Altiris Deployment Solution is software for

deploying and managing servers, desktops, notebooks, thin clients, and

handheld devices from a centralized location. It is available for

Microsoft Windows. The application is exposed to a local privilege

escalation issue. The problem occurs in the client graphical user

interface (GUI).

Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20a.html

______________________________________________________________________

 

08.43.6 CVE: CVE-2008-3831

Platform: Linux

Title: Linux Kernel i915 Driver "drivers/char/drm/i915_dma.c" Memory

Corruption

Description: The Linux kernel is exposed to a memory corruption issue

because of insufficient boundary checks in the i915 driver.  This

issue affects the "drivers/char/drm/i915_dma.c" source file and can be

exploited with specially-crafted "DRM_I915_HWS_ADDR" IOCTL calls.

Linux kernel versions 2.6.24.6 and earlier are affected.

Ref: http://www.securityfocus.com/bid/31792

______________________________________________________________________

 

08.43.7 CVE: CVE-2008-4618

Platform: Linux

Title: Linux Kernel SCTP Protocol Violation Remote Denial of Service

Description: The Linux kernel is exposed to a remote denial of service

issue because it fails to handle SCTP protocol violations. This issue

occurs when handling certain SCTP protocol violations resulting from

invalid parameter lengths. Linux kernel versions prior to 2.6.27 are

affected.

Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1079

______________________________________________________________________

 

08.43.8 CVE: Not Available

Platform: Unix

Title: Symantec Veritas File System "qioadmin" Local Information

Disclosure

Description: Symantec Veritas File System (VxFS) is a commercial

filesystem available for Unix and Unix like operating systems. The

application is exposed to a local information disclosure issue that is

present in the "qioadmin" utility for the Quick I/O for Database

feature.

Ref: http://seer.entsupport.symantec.com/docs/310872.htm

______________________________________________________________________

 

08.43.9 CVE: CVE-2008-4473

Platform: Cross Platform

Title: Adobe Flash CS3 Professional SWF File Remote Code Execution

Description: Adobe Flash CS3 Professional is an application for

creating Flash media files. Flash CS3 Professional is exposed to a

remote code execution issue when processing specially crafted SWF

files. Flash CS3 Professional for Microsoft Windows is affected.

Ref: http://www.securityfocus.com/archive/1/497397

______________________________________________________________________

 

08.43.10 CVE: CVE-2008-4575

Platform: Cross Platform

Title: jhead versions Prior to 2.84 Multiple Vulnerabilities

Description: jhead is an exif jpeg header manipulation tool. jhead is

exposed to multiple remote issues. Attackers can exploit these issues

to execute arbitrary code within the context of the affected

application, crash the affected application, perform symbolic link

attacks and overwrite arbitrary files on the affected computer. jhead

versions prior to 2.84 are affected.

Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

______________________________________________________________________

 

08.43.11 CVE: CVE-2008-4412

Platform: Cross Platform

Title: Hewlett-Packard Systems Insight Manager Unspecified

Unauthorized Access

Description: Hewlett Packard Systems Insight Manager (SIM) is a tool

for managing HP servers. SIM is exposed to an unspecified unauthorized

access issue. A remote attacker may exploit this issue to gain

unauthorized access to data. SIM versions prior to 5.2 SP2 are

affected.

Ref: http://www.securityfocus.com/bid/31777

______________________________________________________________________

 

08.43.12 CVE: Not Available

Platform: Cross Platform

Title: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of

Service

Description: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client are

exposed to a denial of service issue that occurs when the applications

are configured to report JP1 events.

Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-019/index.html

______________________________________________________________________

 

08.43.13 CVE: Not Available

Platform: Cross Platform

Title: Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service

Description: Hitachi XFIT/S/JCA and XFIT/S/ZGN are exposed to an

unspecified denial of service issue because they fail to properly

handle unexpected data.

Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-020/index.html

______________________________________________________________________

 

08.43.14 CVE: Not Available

Platform: Cross Platform

Title: Apache HTTP Server OS Fingerprinting Unspecified Security

Description: Apache is an HTTP server available for various operating

systems. The application is exposed to an unspecified security issue

related to OS fingerprinting at the application level. Apache version

2.2.9 is affected.

Ref: http://www.securityfocus.com/archive/1/497506

______________________________________________________________________

 

08.43.15 CVE: Not Available

Platform: Cross Platform

Title: Hitachi JP1/File Transmission Server/FTP File Modification

Unauthorized Access

Description: Hitachi JP1/File Transmission Server/FTP is an enterprise

FTP application. Hitachi JP1/File Transmission Server/FTP is exposed

to an issue that may allow attackers to modify file permissions.

Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-018/index.html

______________________________________________________________________

 

08.43.16 CVE: Not Available

Platform: Cross Platform

Title: Hitachi JP1/File Transmission Server/FTP Unspecified Denial of

Service

Description: Hitachi JP1/File Transmission Server/FTP is exposed to an

unspecified denial of service issue because it fails to properly

handle unexpected data.

Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vu s/HS08-017/index.html

______________________________________________________________________

 

08.43.17 CVE: Not Available

Platform: Cross Platform

Title: VLC Media Player TY File Stack-Based Buffer Overflow

Description: VLC is a cross-platform media player. VLC is exposed to a

stack-based buffer overflow issue because it fails to perform adequate

checks on user-supplied input. This occurs when the application parses

specially-crafted TY files. VLC Media Player versions prior to 0.9.0

up to and including 0.9.4 are affected.

Ref: http://www.securityfocus.com/archive/1/497587

______________________________________________________________________

 

08.43.18 CVE: CVE-2008-4552

Platform: Cross Platform

Title: "nfs-utils" Package "hosts_ctl()" Security Bypass

Description: The "nfs-utils" package provides a daemon for the kernel

NFS server and related tools. The application is exposed to a security

bypass issue because of an error in the implementation of TCP

wrappers. This issue is caused due to a wrong number of arguments

passed to the "hosts_ctl()" function, causing TCP Wrappers to ignore

netgroups. "nfs-utils" package version 1.0.9 is affected.

Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458676

______________________________________________________________________

 

08.43.19 CVE: Not Available

Platform: Cross Platform

Title: MUSCLE "Message::AddToString()" Buffer Overflow

Description: MUSCLE (Multi User Server Client Linkage Environment) is

a cross-platform client server messaging system. The library is

exposed to a buffer overflow issue because it fails to perform

adequate boundary checks on user-supplied data. MUSCLE version 4.30 is

affected.

Ref: https://public.msli.com/lcs/muscle/muscle/HISTORY.txt

______________________________________________________________________

 

08.43.20 CVE: Not Available

Platform: Cross Platform

Title: FireGPG Insecure Temporary File Creation

Description: FireGPG is an add on providing GNU Privacy Guard (GPG)

functionality for the Firefox web browser. FireGPG creates temporary

files in an insecure manner. Specifically, when decrypting email,

FireGPG creates temporary files with predictable names for the

encrypted content, the decrypted content, and the user passphrase.

FireGPG versions prior to 6.0 are affected.

Ref: http://www.securityfocus.com/archive/1/497547

______________________________________________________________________

 

08.43.21 CVE: CVE-2008-3248

Platform: Cross Platform

Title: Symantec Veritas File System "qiomkfile" Local Information

Disclosure

Description: Symantec Veritas File System (VxFS) is a commercial

filesystem available for Unix and Unix like operating systems. The

application is exposed to an information disclosure issue which may

result in sensitive information being made available to local

attackers. Veritas File System versions prior to 5.0 MP3 are affected.

Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20.html

______________________________________________________________________

 

08.43.22 CVE: Not Available

Platform: Cross Platform

Title: Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic

Emanation Capture

Description: Keyboards from multiple vendors are exposed to an

information disclosure issue because the devices do not adequately

shield electromagnetic emanations. This issue affects USB, PS/2, and

laptop keyboards manufactured between 2001 and 2008.

Ref: http://www.securityfocus.com/bid/31831

______________________________________________________________________

 

08.43.23 CVE: Not Available

Platform: Cross Platform

Title: RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code Execution

Description: RealVNC (Virtual Network Computing) allows users to

access remote computers for administration purposes. RealVNC Viewer is

exposed to a remote code execution issue because it fails to

adequately handle certain encoding types. RealVNC Free Edition

versions prior to 4.1.3 are affected.

Ref: http://www.realvnc.com/products/free/4.1/release-notes.html

______________________________________________________________________

 

08.43.24 CVE: Not Available

Platform: Cross Platform

Title: Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities

Description: Wireshark (formerly Ethereal) is an application for

analyzing network traffic; it is available for Microsoft Windows and

UNIX like operating systems. Wireshark is exposed to multiple denial

of service issues when handling certain types of packets and protocols

in varying conditions. Wireshark versions 0.10.3 up to and including

1.0.3 are affected.

Ref: http://www.wireshark.org/security/wnpa-sec-2008-06.html

______________________________