*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
October
30, 2008
Vol. 7. Week 44
*************************************************************************
@RISK
is the SANS community's consensus bulletin summarizing the most
important
vulnerabilities and exploits identified during the past week
and
providing guidance on appropriate actions to protect your systems
(PART
I). It also includes a comprehensive list of all new
vulnerabilities
discovered in the past week (PART II).
Summary
of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and
Vulnerabilities
-
------------------------
-------------------------------------
Microsoft
Windows 1 (#1)
Third
Party Windows Apps
6
Linux
4
Solaris 1
Unix
2
Novell 1
Cross
Platform
28 (#2, #3, #4, #5)
Web
Application - Cross Site Scripting
11
Web
Application - SQL Injection
25
Web
Application
37
*************************************************************************
Table
Of Contents
Part
I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely
Deployed Software
(1)
UPDATE: Microsoft Windows RPC Remote Code Execution Vulnerability (MS08-067)
(2)
HIGH: OpenOffice.org WMF and EMF File Handling Multiple Buffer Overflows
(3)
HIGH: Opera Multiple Vulnerabilities
(4)
HIGH: Adobe PageMaker PMD File Handling Buffer Overflows
(5)
MODERATE: Sun Java Web Start Remote Command Execution
Part
II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Third Party Windows Apps
08.44.1 - Multiple EMC NetWorker
Products "nsrexecd.exe" RPC Request Denial of Service
08.44.2 - freeSSHd SFTP
"rename" Remote Denial of Service
08.44.3 - SilverSHielD
"opendir()" Remote Denial of Service
08.44.4 - DB Software Laboratory
"VImpX.ocx" ActiveX Control Multiple File Corruption Vulnerabilities
08.44.5 - TUGZip ZIP File
Remote Buffer Overflow
08.44.6 - PumpKIN Mode
Field Remote Denial of Service
-- Linux
08.44.7 - Linux Kernel "do_splice_from()"
Local Security Bypass
08.44.8 - Netpbm "pamperspective" Utility Buffer Overflow
08.44.9 - eCryptfs Password
Information Disclosure
08.44.10
- Linux Kernel "proc_do_xprt()" Local
Buffer Overflow
-- Solaris
08.44.11
- Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass
-- Unix
08.44.12
- GNU Enscript "src/psgen.c" Stack Based Buffer Overflow
08.44.13
- "imlib2" Library Multiple Unspecified Vulnerabilities
-- Novell
08.44.14
- Novell eDirectory NCP Unspecified Remote Memory
Corruption
-- Cross Platform
08.44.15
- NXP Semiconductors MIFARE Classic Smartcard Multiple Security Weaknesses
08.44.16
- IBM DB2 Universal Database Prior to 9.1 Fixpak 6
Multiple Vulnerabilities
08.44.17
- fence "fence_apc" and "fence_apc_snmp" Insecure Temporary File Creation
Vulnerabilities
08.44.18
- Sun Java System LDAP JDK Search Feature Information Disclosure
08.44.19
- Trend Micro OfficeScan CGI Parsing Buffer Overflow
08.44.20
- HP OpenView Products Shared Trace Service RPC
Request Handling Denial of Service
08.44.21
- Cisco PIX and ASA Appliance IPv6 Denial of Service
08.44.22
- Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass
08.44.23
- Cisco ASA Appliance Crypto Accelerator Memory Leak Denial of Service
08.44.24
- VLC Media Player Multiple Remote Integer Overflow Vulnerabilities
08.44.25
- Opera Web Browser History Search Input Validation
08.44.26
- GoodTech SSH Server SFTP Multiple Buffer Overflow
Vulnerabilities
08.44.27
- "libspf2" DNS TXT Record Handling Remote Buffer Overflow
08.44.28
- WebSVN Multiple Remote Input Validation
Vulnerabilities
08.44.29
- KVIrc URI Handler Remote Format String
08.44.30
- Sun Java Web Start Remote Command Execution
08.44.31
- Lynx ".mailcap" and ".mime.type" Files Local Code Execution
08.44.32
- Libpng Library "png_handle_tEXt()"
Memory Leak Denial of Service
08.44.33
- jhead "DoCommand()"
Arbitrary Command Execution
08.44.34
- Blender "BPY_interface.c" Remote Command
Execution
08.44.35
- Perl File::Find::Object Module Format String
08.44.36
- Citrix Web Interface Security Bypass
08.44.37
- Questwork QuestCMS
Multiple Remote Vulnerabilities
08.44.38
- Android Web Browser Unspecified Remote Code Execution
08.44.39
- MyKtools Database Disclosure
08.44.40
- Multiple Products Unspecified Library MP4 File Remote Denial of Service
08.44.41
- Microsoft Internet Explorer " " Address Bar URI Spoofing
08.44.42
- OpenOffice WMF and EMF File Handling Multiple Heap
Based Buffer Overflow Vulnerabilities
-- Web Application - Cross Site Scripting
08.44.43
- Multiple Vendor Web Browser FTP Client Cross-Site Scripting
08.44.44
- Jetbox CMS "liste"
Parameter Cross-Site Scripting
08.44.45
- MiniPortail "search.php" Cross-Site
Scripting and Local File Include Vulnerabilities
08.44.46
- ClipShare Pro "fullscreen.php" Cross-Site
Scripting
08.44.47
- Kayako eSupport
"html-tidy-logic.php" Cross-Site Scripting
08.44.48
- iPei Guestbook "pg" Parameter Cross-Site
Scripting
08.44.49
- phpMyAdmin "pmd_pdf.php" Cross-Site
Scripting
08.44.50
- MyBB "moderation.php" Cross-Site
Scripting
08.44.51
- PHP-Nuke Nuke League Module "tid"
Parameter Cross-Site Scripting
08.44.52
- KKE Info Media Kmita Catalogue
"search.php" Cross-Site Scripting
08.44.53
- Extrakt Framework "index.php" Cross-Site
Scripting
-- Web Application - SQL Injection
08.44.54
- Dizi Portali
"diziler.asp" SQL Injection
08.44.55
- phPhotoGallery "index.php" SQL Injection
08.44.56
- Bahar Download Script "aspkat.asp" SQL
Injection
08.44.57
- ShopMaker "product.php" SQL Injection
08.44.58
- KBase Joomla! Component
"id" Parameter SQL Injection
08.44.59
- Joomla! and Mambo Daily Message Component
"id" Parameter SQL Injection
08.44.60
- Dorsa CMS "ShowPage.aspx" SQL Injection
08.44.61
- LoudBlog "ajax.php" SQL Injection
08.44.62
- CS-Partner "gestion.php" Multiple SQL Injection Vulnerabilities
08.44.63
- UC Gateway Investment SiteEngine
"announcements.php" SQL Injection
08.44.64
- MindDezign Photo Gallery "id" Parameter
SQL Injection
08.44.65
- AJ RSS Reader "EditUrl.php" SQL Injection
08.44.66
- KasraCMS "index.php" Multiple SQL
Injection Vulnerabilities
08.44.67
- SFS Ez Forum "forum.php" SQL Injection
08.44.68
- PozScripts Classified Ads "gotourl.php"
SQL Injection
08.44.69
- Graphiks MyForum
"lecture.php" SQL Injection
08.44.70
- Persia BME E-Catalogue "search.asp" SQL Injection
08.44.71
- Tandis CMS "index.php" Multiple SQL
Injection Vulnerabilities
08.44.72
- e107 CMS "alternate_profiles" Plugin
"newuser.php" SQL Injection
08.44.73
- bcoos "modules/banners/click.php" SQL
Injection
08.44.74
- e107 CMS EasyShop Plugin "easyshop.php"
SQL Injection
08.44.75
- All In One Control Panel "cp_polls_results.php" SQL Injection
08.44.76
- PersianBB "iranian_music.php" SQL
Injection
08.44.77
- H&H Solutions WebSoccer "id" SQL
Injection
08.44.78
- ElkaGroup Image Gallery "view.php" SQL
Injection
-- Web Application
08.44.79
- LightBlog Multiple Local File Include
Vulnerabilities
08.44.80
- TikiWiki Multiple Unspecified Vulnerabilities
08.44.81
- Joomla! Archaic Binary Gallery "com_ab_gallery" Component Directory Traversal
08.44.82
- Smarty Template Engine "Smarty_Compiler.class.php" Security Bypass
08.44.83
- Mantis "string_api.php" Issue Number Information Disclosure
08.44.84
- Iamma Nuke Simple Gallery "upload.php"
Arbitrary File Upload
08.44.85
- phpcrs "frame.php" Local File Include
08.44.86
- Joomla! ionFiles
Component "download.php" Directory Traversal
08.44.87
- Drupal Book Page Title HTML Injection
08.44.88
- Osprey "ListRecords.php" Multiple Remote File Include
Vulnerabilities
08.44.89
- TXTshop "header.php" Local File Include
08.44.90
- Snoopy "_httpsrequest()" Arbitrary
Command Execution
08.44.91
- UC Gateway Investment SiteEngine
"api.php" URI Redirection
08.44.92
- Joomla! RWCards Component
"captcha_image.php" Local File Include
08.44.93
- aflog Cookie Authentication Bypass
08.44.94
- MindDezign Photo Gallery "admin" Module
Unauthorized Access
08.44.95
- Drupal "bootstrap.inc" Local File Include
08.44.96
- New Earth Programming Team Image Upload Script Arbitrary File Upload
08.44.97
- BuzzScripts BuzzyWall
"download.php" Directory Traversal
08.44.98
- Php-Daily Multiple Input Validation Vulnerabilities
08.44.99
- tlNews Cookie Authentication Bypass
08.44.100
- Ads Pro "dhtml.pl" Remote Command Execution
08.44.101
- KTorrent PHP Code Injection and Security Bypass
Vulnerabilities
08.44.102
- bcoos "include/common.php" Remote File
Include
08.44.103
- Python "Imageop" Module Argument
Validation Buffer Overflow
08.44.104
- Eaton Network Shutdown Module Authentication Bypass
08.44.105
- Graphiks MyForum
"centre.php" Local File Include
08.44.106
- MyBB Message Attachment Predictable Filename
Information Disclosure
08.44.107
- tlAds Cookie Authentication Bypass
08.44.108
- MyKtools "update.php" Local File Include
08.44.109
- WebGUI "Asset.pm" Perl Module Handling
Code Execution
08.44.110
- libgadu Contact Description Remote Buffer Overflow
08.44.111
- Graphiks MyForum Cookie
Authentication Bypass
08.44.112
- tlGuestBook Cookie Authentication Bypass
08.44.113
- Agares Media ThemeSiteScript
"frontpage_right.php" Remote File Include
08.44.114
- H2O-CMS PHP Code Injection and Cookie Authentication Bypass Vulnerabilities
08.44.115
- Atlassian JIRA Cross-Site Scripting and HTML
Injection Vulnerabilities
______________________________________________________________________
PART
I Critical Vulnerabilities
Part
I for this issue has been compiled by Rob King at TippingPoint,
a
division
of 3Com, as a by-product of that company's continuous effort
to
ensure that its intrusion prevention products effectively block
exploits
using known vulnerabilities. TippingPoint's analysis
is
complemented
by input from a council of security managers from twelve
large
organizations who confidentially share with SANS the specific
actions
they have taken to protect their systems. A detailed description
of
the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely
Deployed Software
*****************************
(1)
UPDATE: Microsoft Windows RPC Remote Code Execution Vulnerability (MS08-067)
Affected:
Microsoft
Windows 2000
Microsoft
Windows XP
Microsoft
Windows Server 2003
Microsoft
Windows Vista
Microsoft
Windows Server 2008
Description:
Last week, Microsoft issued an out-of-cycle patch for a
remote
code execution vulnerability in various versions of Microsoft
Windows;
the initial announcement was covered in that week's @RISK.
Further
details are now available for this vulnerability. The flaw
originates
from a flaw in the Microsoft Windows Server Service, which
exports
a Remote Procedure Call (RPC) interface. A flaw in one of the
exported
procedures could allow an attacker to execute arbitrary code
with
the privileges of the vulnerable process (SYSTEM). The vulnerable
procedures
do not require authentication on versions of Microsoft
Windows
other than Windows Vista and Windows Server 2008. Microsoft
believes
that this vulnerability is being actively exploited in the
wild.
Proofs-of-Concept for this vulnerability are now publicly
available.
Status:
Vendor confirmed, updates available. Users are urged to patch
as
quickly as possible.
References:
Previous
@RISK Entry
https://www.sans.org/newsletters/risk/display.php?v=7&i=43#widely1
Microsoft
Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Proofs-of-Concept
https://metasploit.com/ms08_067_netapi.rb
https://www.immunityinc.com/downloads/immpartners/ms08_067-3.tgz
https://www.immunityinc.com/downloads/immpartners/ms08_067-2.tgz
https://www.immunityinc.com/downloads/immpartners/ms08_067.tgz
http://www.securityfocus.com/data/vulnerabilities/exploits/31874.zip
SecurityFocus
BID
http://www.securityfocus.com/bid/31874
**************************************
(2)
HIGH: OpenOffice.org WMF and EMF File Handling Multiple Buffer Overflows
Affected:
OpenOffice.org
versions prior to 2.4.2
Description:
OpenOffice.org is a popular open source office suite. It
is
installed by default on numerous Unix- and Linux-based operating
systems,
and is commonly installed on Microsoft Windows and Apple Mac
OS
X systems. It contains multiple flaws in its handling of Windows
Metafile
(WMF) and Enhanced Metafile (EMF) image files. A specially
crafted
WMF or EMF image could trigger one of several heap-based buffer
overflows
in OpenOffice.org. Successfully exploiting one of these
vulnerabilities
would allow an attacker to execute arbitrary code with
the
privileges of the current user. Depending upon configuration,
malicious
documents may be opened upon receipt without first prompting
the
user. Details on these vulnerabilities is available via source code
analysis.
The commercial fork of OpenOffice.org, StarOffice, is
presumed
vulnerable
as well.
Status:
Vendor confirmed, updates available.
References:
OpenOffice.org
Security Bulletins
http://www.openoffice.org/security/cves/CVE-2008-2237.html
http://www.openoffice.org/security/cves/CVE-2008-2238.html
Wikipedia
Article on the Windows Metafile and Enhanced Metafile File Formats
http://en.wikipedia.org/wiki/Enhanced_Metafile
Vendor
Home Page
SecurityFocus
BID
http://www.securityfocus.com/bid/31962
**************************************
(3)
HIGH: Opera Multiple Vulnerabilities
Affected:
Opera
versions prior to 9.62
Description:
Opera is a popular cross-platform web browser. It contains
multiple
vulnerabilities in its handling of JavaScript URLs and history
entries.
Entries placed in the browser's history are not properly
sanitized,
nor are JavaScript URLs. A specially crafted web page could
trigger
this vulnerability to execute arbitrary JavaScript code in a
higher
security context than would otherwise be allowed. Some technical
details
for these vulnerabilities are publicly available.
Status:
Vendor confirmed, updates available.
References:
Opera
Security Advisories
http://www.opera.com/support/search/view/907/
http://www.opera.com/support/search/view/906/
Opera
Home Page
SecurityFocus
BID
http://www.securityfocus.com/bid/31991
**************************************
(4)
HIGH: Adobe PageMaker PMD File Handling Buffer Overflows
Affected:
Adobe
PageMaker versions 7.0.1 and prior
Description:
Adobe PageMaker is a popular desktop publishing
application.
It contains multiple buffer overflows in its handling of
PMD
(PageMaker) files. A specially crafted PMD file could trigger one
of
these buffer overflows, allowing an attacker to execute arbitrary
code
with the privileges of the current user. Depending upon
configuration,
malicious files may be opened upon receipt without first
prompting
the user. Some technical details are publicly available for
these
vulnerabilities.
Status:
Vendor confirmed, updates available. A third vulnerability is
confirmed,
but unpatched.
References:
Secunia
Security Advisory
http://secunia.com/advisories/27200/
Adobe
Security Advisory
http://www.adobe.com/support/security/advisories/apsa08-10.html
Product
Home Page
http://www.adobe.com/products/pagemaker/
SecurityFocus
BID
http://www.securityfocus.com/bid/31975
**************************************
(5)
MODERATE: Sun Java Web Start Remote Command Execution
Affected:
Sun
Java Web Start
Description:
Sun Java Web Start is part of Sun's Java Runtime
Environment,
and allows Java applications to be launched from a web
browser.
It contains an input validation error in its handling of Web
Start
requests. A specially crafted web page could exploit this
vulnerability
to exploit arbitrary commands with the privileges of the
current
user. Technical details for this vulnerability are publicly
available,
but are unconfirmed. The Sun Java Runtime Environment is
installed
by default on numerous Unix- and Linux-based operating systems
as
well as Apple Mac OS X. It is often installed on Microsoft Windows
systems.
Status:
Vendor has not confirmed, no updates available.
References:
Posting
by Varun Srivastava
http://www.securityfocus.com/archive/1/497799
Sun
Java Web Start Home Page
http://java.sun.com/javase/technologies/desktop/javawebstart/index.jsp
SecurityFocus
BID
http://www.securityfocus.com/bid/31916
*******************************************************
Part
II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week
44, 2008
This
list is compiled by Qualys ( www.qualys.com ) as part of that
company's
ongoing effort to ensure its vulnerability management web
service
tests for all known vulnerabilities that can be scanned. As of
this
week Qualys scans for 5549 unique vulnerabilities.
For this special
SANS
community listing, Qualys also includes
vulnerabilities that cannot
be
scanned remotely.
______________________________________________________________________
08.44.1
CVE: Not Available
Platform:
Third Party Windows Apps
Title:
Multiple EMC NetWorker Products
"nsrexecd.exe" RPC Request
Denial
of Service
Description:
EMC NetWorker is a centralized data-protection system
available
for multiple operating systems. Multiple EMC NetWorker
products
are exposed to a denial of service issue because they fail to
adequately
bounds check user-supplied data. This issue stems from a
failure
to handle malicious Remote Procedure Call (RPC) requests.
Ref:
http://www.securityfocus.com/archive/1/497666
______________________________________________________________________
08.44.2
CVE: Not Available
Platform:
Third Party Windows Apps
Title:
freeSSHd SFTP "rename" Remote Denial of
Service
Description:
freeSSHd is an SSH server for Microsoft Windows. The
application
is exposed to a denial of service issue because it fails
to
handle excessively large arguments passed by a remote user.
Specifically,
this issue presents itself when attackers send
excessively
long arguments to a "rename" command via SFTP. freeSSHd
version
1.2.1 is affected.
Ref:
http://www.securityfocus.com/archive/1/497746
______________________________________________________________________
08.44.3
CVE: Not Available
Platform:
Third Party Windows Apps
Title:
SilverSHielD "opendir()"
Remote Denial of Service
Description:
SilverSHielD is an SSH/SFTP server for Microsoft
Windows.
The
application is exposed to a denial of service issue because it
fails
to handle specially-crafted data passed to the "opendir()"
function.
SilverSHielD version 1.0.2.34 is affected.
Ref:
http://www.securityfocus.com/bid/31884
______________________________________________________________________
08.44.4
CVE: Not Available
Platform:
Third Party Windows Apps
Title:
DB Software Laboratory "VImpX.ocx" ActiveX Control Multiple
File
Corruption Vulnerabilities
Description:
VImpX is an ActiveX control that imports data into
various
databases. DB Software Laboratory "VImpX.ocx" ActiveX control
is
exposed to multiple file corruption issues. VImpX
version 4.8.8.0
is
affected.
Ref:
http://support.microsoft.com/kb/240797
______________________________________________________________________
08.44.5
CVE: Not Available
Platform:
Third Party Windows Apps
Title:
TUGZip ZIP File Remote Buffer Overflow
Description:
TUGZip is a file archiving application for Microsoft
Windows
platforms. The application is exposed to a remote buffer
overflow
issue because it fails to perform adequate boundary checks on
user-supplied
data. TUGZip version 3.00 is affected.
Ref:
http://www.securityfocus.com/bid/31913
______________________________________________________________________
08.44.6
CVE: Not Available
Platform:
Third Party Windows Apps
Title:
PumpKIN Mode Field Remote Denial of Service
Description:
PumpKIN is a TFTP server available for Microsoft
Windows.
PumpKIN is exposed to a remote denial of service issue when
processing
packets
with overly long mode field values. PumpKIN version
2.7.2.0 is
affected.
Ref:
http://www.securityfocus.com/bid/31922
______________________________________________________________________
08.44.7
CVE: CVE-2008-4554
Platform:
Linux
Title:
Linux Kernel "do_splice_from()" Local
Security Bypass
Description:
The Linux kernel is exposed to a local security bypass
issue
because the "do_splice_from()" function in
"fs/splice.c"
fails
to
reject file descriptors that have the "O_APPEND" flag set. Linux
kernel
versions prior to 2.6.27 are affected.
Ref:
https://bugzilla.redhat.com/show_bug.cgi?id=466707
______________________________________________________________________
08.44.8
CVE: Not Available
Platform:
Linux
Title:
Netpbm "pamperspective"
Utility Buffer Overflow
Description:
Netpbm is a collection of utilities for manipulating
images.
The "pamperspective" application is used to
manipulate the
perspective
of images. The application is exposed to a buffer overflow
issue
because it fails to perform adequate boundary checks on
user-supplied
input. Netpbm versions prior to 10.35.48 stable are
affected.
Ref:
http://permalink.gmane.org/gmane.comp.security.oss.general/1090
______________________________________________________________________
08.44.9
CVE: Not Available
Platform:
Linux
Title:
eCryptfs Password Information Disclosure
Description:
eCryptfs is a Linux cryptographic file system. The
software
is exposed to an information disclosure issue. Specifically,
this
issue arises because the "ecryptfs-setup-private"
program passes
the
"login" and "mount" passwords directly to
"ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" in plain text
via
the command line.
Ref:
______________________________________________________________________
08.44.10
CVE: CVE-2008-3911
Platform:
Linux
Title:
Linux Kernel "proc_do_xprt()" Local Buffer
Overflow
Description:
The Linux kernel is exposed to a local buffer overflow
issue
because it fails to perform adequate boundary checks on
user-supplied
data. This issue occurs in the "proc_do_xprt()"
function
in
the "net/sunrpc/sysctl.c"
source file. Linux kernel versions
2.6.24-git13
through 2.6.26.4 are affected.
Ref:
http://lkml.org/lkml/2008/8/30/140
______________________________________________________________________
08.44.11
CVE: Not Available
Platform:
Solaris
Title:
Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass
Description:
Sun Integrated Lights-Out Manager (ILOM) is a product for
managing
and monitoring systems. ILOM is exposed to an authentication
bypass
issue caused by an unspecified error. Attackers can exploit
this
vulnerability to gain access to the service processor (SP)
through
the web interface.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-243486-1
______________________________________________________________________
08.44.12
CVE: CVE-2008-3863
Platform:
Unix
Title:
GNU Enscript "src/psgen.c" Stack-Based Buffer Overflow
Description:
GNU Enscript is a freely available, open-source
program
for
transforming ASCII files into PostScript documents. The utility is
used
mainly on UNIX and Linux operating systems. GNU Enscript
is
exposed
to a stack-based buffer overflow issue because it fails to
perform
adequate checks on user-supplied input. GNU Enscript
versions
1.6.1
and 1.6.4 (beta) are affected.
Ref:
http://secunia.com/secunia_research/2008-41/
______________________________________________________________________
08.44.13
CVE: Not Available
Platform:
Unix
Title:
"imlib2" Library Multiple Unspecified Vulnerabilities
Description:
The "imlib2" library is used to view and render various
types
of images. It is available for UNIX, Linux, and other UNIX-like
operating
systems. The application is exposed to multiple issues
caused
by unspecified errors. "imlib2" versions prior to 1.4.2 are
affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=2&release_id=634778
______________________________________________________________________
08.44.14
CVE: Not Available
Platform:
Novell
Title:
Novell eDirectory NCP Unspecified Remote Memory
Corruption
Description:
Novell eDirectory is a Lightweight Directory Access
Protocol
(LDAP) server that also implements NCP (NetWare Core
Protocol).
Novell eDirectory is exposed to an unspecified remote
memory
corruption issue related to the NetWare Core Protocol (NCP).
eDirectory versions 8.7.3 SP10 prior to 8.7.3 SP10 FTF1 are
affected.
Ref:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
______________________________________________________________________
08.44.15
CVE: Not Available
Platform:
Cross Platform
Title:
NXP Semiconductors MIFARE Classic Smartcard Multiple Security
Weaknesses
Description:
The MIFARE Classic smartcard is a contactless proximity
card
based on the ISO/IEC 14443 RFID standard. The card has been
implemented
for storing and tracking electronic fares in several major
transit
systems. The issue occurs because the tag nonce directly
manipulates
the internal state of the LFSR. If an attacker can access
a
segment of the key stream, they can recover the current state of the
LFSR.
Ref:
http://www.securityfocus.com/archive/1/497640
______________________________________________________________________
08.44.16
CVE: Not Available
Platform:
Cross Platform
Title:
IBM DB2 Universal Database Prior to 9.1 Fixpak 6
Multiple
Vulnerabilities
Description:
IBM DB2 Universal Database Server is a database server
designed
to run on various platforms, including Linux, AIX, Solaris,
and
Microsoft Windows. The application is exposed to multiple issues.
DB2
versions prior to 9.1 Fixpak 6 are affected.
Ref:
http://www-01.ibm.com/support/docview.wss?uid=swg27013892
______________________________________________________________________
08.44.17
CVE: CVE-2008-4579
Platform:
Cross Platform
Title:
fence "fence_apc" and "fence_apc_snmp" Insecure Temporary File
Creation
Vulnerabilities
Description:
The "fence" program is a component of the cluster2
Cluster
Manager system. The application creates temporary files in an
insecure
manner. Specifically, the following programs are affected:
"fence_apc" and "fence_apc_snmp".
The "fence" component of cluster 2
2.03.08
is affected.
Ref:
https://bugzilla.redhat.com/show_bug.cgi?id=467386
______________________________________________________________________
08.44.18
CVE: Not Available
Platform:
Cross Platform
Title:
Sun Java System LDAP JDK Search Feature Information Disclosure
Description:
Sun Java System LDAP JDK is a directory SDK for Java. Sun
Java
System LDAP JDK is exposed to an information disclosure issue
because
it fails to restrict access to potentially sensitive
information.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-242246-1
______________________________________________________________________
08.44.19
CVE: CVE-2008-3862
Platform:
Cross Platform
Title:
Trend Micro OfficeScan CGI Parsing Buffer Overflow
Description:
Trend Micro OfficeScan is an integrated
enterprise-level
security
product that protects against viruses, spyware, worms, and
blended
threats. OfficeScan is exposed to a buffer overflow
issue
because
the application fails to properly bounds check user-supplied
data
when parsing CGI requests before copying the data into an
insufficiently
sized memory buffer. OfficeScan version 7.3 with
Patch
4
build 1362 and OfficeScan version 8.0 SP1 Patch 1 is
affected.
Ref:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt
______________________________________________________________________
08.44.20
CVE: CVE-2007-4349
Platform:
Cross Platform
Title:
HP OpenView Products Shared Trace Service RPC Request
Handling
Denial
of Service
Description:
Multiple HP OpenView products are exposed to a denial
of
service
issue. This issue affects the OpenView Shared Trace
Service
and
is caused by an access violation when the software handles a
specially
crafted sequence of RPC requests. HP OpenView
Reporter
version
3.70 and HP Performance Agent version 4.70 is affected.
Ref:
http://secunia.com/secunia_research/2007-83/
______________________________________________________________________
08.44.21
CVE: CVE-2008-3816
Platform:
Cross Platform
Title:
Cisco PIX and ASA Appliance IPv6 Denial of Service
Description:
Cisco ASA and PIX are security appliances. Multiple Cisco
security
appliances are prone to a denial of service issue when
configured
for IPv6. An attacker can exploit this issue by sending
specially
crafted IPv6 packets to cause the affected devices to
reload,
denying service to legitimate users.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml#@ID
______________________________________________________________________
08.44.22
CVE: CVE-2008-3815
Platform:
Cross Platform
Title: Cisco PIX and ASA W