Summary of Security Items from June 22 through June 28, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name/ CVE Reference |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
ActiveBuy | A vulnerability has been reported in ActiveBuyandsell that could let a malicious remote user perform SQL injection or Cross-Site Scripting attacks. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | ActiveBuy | High | Secunia Advisory, SA15837, June 27, 2005 |
Advanced Browser V8.0.2 | A javascript spoofing vulnerability has been reported in Advanced Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Advanced Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014270, June 23, 2005 |
ASP Nuke V0.8 | Multiple vulnerabilities have been reported in ASP Nuke that could allow a remote malicious user to perform SQL injection or Cross-Site Scripting attacks. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | ASP Nuke SQL Injection & Cross Site Scripting CAN-2005-2064
| High | Security Focus, Bugtraq ID: 14062, 13318, 14063,14064, June 27, 2005 |
ASP | A vulnerability has been reported in ASPPlayground.NET that could allow a remote malicious user to upload arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | ASPPlayground .NET Arbitrary Upload | High | Security Tracker Alert ID: 1014309, June 27, 2005 |
Fast Browser Pro V8.1 | A javascript spoofing vulnerability has been reported in Fast Browser Pro that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Fast Browser Pro Javascript Spoofing | Medium | Security Tracker Alert ID: 1014296, June 27, 2005 |
Slim Browser V4.05.007 | A javascript spoofing vulnerability has been reported in Slim Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required. | Slim Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014266, June 22, 2005 |
HP Version Control Repository Manager V2.x
| A password disclosure vulnerability has been reported in HP Version Control Repository Manager that could disclose the proxy password to local users. An update is available: http://h18023.www1.hp.com/ There is no exploit code required. | HP VCRM Password Disclosure | Medium | Secunia, Advisory: SA15790, June 23, 2005 |
Hosting Controller Error.ASP | A vulnerability has been reported in Error.ASP that could allow a remote malicious user to perform Cross-Site Scripting attacks. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Hosting Controller Error.ASP | High | Security Focus, Bugtraq ID: 14080, June 28, 2005 |
WhatsUp Professional V2005SP1 | An input validation vulnerability has been reported in Ipswitch WhatsUp Professional that could let malicious users perform SQL injection. Update to Service Pack 1a: http://www.ipswitch.com/Support/ There is no exploit code required; however, a Proof of Concept exploit has been published. | Ipswitch WhatsUp Professional SQL Injection Vulnerability | High | iDEFENSE, Security Advisory 06.22.05, June 22, 2005 |
Microsoft Internet Explorer 6.0, SP1&SP2 | A vulnerability has been reported in Microsoft Internet Explorer, which could let malicious websites to spoof dialog boxes. Advisory available at: Currently we are not aware of any exploit for this vulnerability. | Microsoft Internet Explorer Dialog Origin Spoofing | Medium | Secunia, Advisory, SA15491, June 21, 2005 Microsoft Security Advisory (902333), June 21, 2005 |
Visio 2002, SP1, SharePoint Portal Server 2001, SP1, Office XP, SP1-SP3, | A vulnerability has been reported in Microsoft Log Sink Class ActiveX Control that could allow a remote malicious user to create arbitrary files. Update available at: An exploit has been published. | Microsoft Log Sink Class ActiveX Control href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0360">CAN-2005-0360 | High | US-CERT VU#165022 |
Outlook Express 5.5, 6 | A remote code execution vulnerability has been reported in Outlook Express when it is used as a newsgroup reader. A malicious user could exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. Updates available:
href="http://www.microsoft.com/technet/security/Bulletin/MS05-030.mspx">http://www.microsoft.com An exploit has been published. | Microsoft Outlook Express Could Allow Remote Code Execution href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1213">CAN-2005-1213
| High | Microsoft, MS05-030, June 14, 2004 Security Focus, Bugtraq ID: 13951, June 24, 2005 |
Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1 | A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code. Patches available at:
href="http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx"> Microsoft Windows NT 4.0 has also been found vulnerable to the issue; however, this platform is no longer publicly supported by Microsoft. A patch is available for customers that have an active end-of-life support agreement including extended Windows NT 4.0 support. Information regarding the end-of-life support agreement can be found at the following location: An exploit has been published. | High | Microsoft Security Bulletin, MS05-011, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Note VU#652537 Security Focus, 12484, March 9, 2005 Security Focus, Bugtraq ID: 12484, June 23, 2005 | |
MyInternet Browser V10.0.0.0 | A javascript spoofing vulnerability has been reported in MyInternet Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | MyInternet Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014295, June 27, 2005 |
NetCaptor Browse V7.5.4 | A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | NetCaptor Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014265, June 22, 2005 |
Omni Browser 2.0 | A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Omni Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014286, June 23, 2005 |
Optimal Desktop V4.00 | A javascript spoofing vulnerability has been reported in Optimal Desktop that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Optimal Desktop Javascript Spoofing | Medium | Security Tracker Alert ID: 1014298, June 27, 2005 |
BisonFTP Server V4R1 | A vulnerability has been reported in BisonFTP Server that could allow remote malicious users to perform a Denial of Service. No workaround or patch available at time of publishing. An exploit has been published. | BisonFTP Server Denial of Service | Low | Security Focus, Bugtraq ID: 14079, June 28, 2005 |
Sukru Alatas Guestbook V3.1 | A vulnerability has been reported in Sukru Alatas Guestbook that could allow database disclosure to remote malicious users. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Sukru Alatas Guestbook Database Disclosure | Medium | Secunia Advisory: SA15832, June 28, 2005 |
| TCP-IP Datalook 1.3 | A vulnerability has been reported in TCP-IP Datalook that could let a local malicious user perform a Denial of Service. No workaround or patch available at time of publishing. An exploit has been published. | TCP-IP Datalook Denial of Service | Low | Security Tracker Alert ID: 1014291, June 26, 2005 |
Community Server Forums | A vulnerability has been reported in Community Server Forums that could let a remote malicious user perform Cross-Site Scripting attacks. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Community Server Forums Cross-Site Scripting | High | Security Focus, Bugtraq ID: 14078, June 28, 2005 |
IA eMailServer V5.2.2 | An IMAP list command validation vulnerability has been reported in IA eMailServer that could let remote malicious users perform a Denial of Service. Upgrade to version 5.3.4 Build 2019. An exploit script has been published. | IA eMailServer Denial of Service | Low | Secunia Advisory: SA15838, June 28, 2005 |
Veritas Backup Exec 10.0 | Multiple vulnerabilities have been reported in Veritas Backup Exec that could let remote malicious users perform arbitrary code execution, elevate privileges, perform a DoS, or even crash systems. A patch is available from the vendor: http://seer.support.veritas.com/ Currently we are not aware of any exploits for this vulnerability. | Veritas Backup Exec Multiple Vulnerabilities | High | Secunia, Advisory: SA15789, June 23, 2005 VERITAS Security Advisory VX05-006, VX05-007, VX05-008, June 23, 3005 |
Wichio 27Tools-in-1 Browser V4.2 | A javascript spoofing vulnerability has been reported in Wichio 27Tools-in-1 Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Wichio 27Tools-in-1 Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014297, June 27, 2005 |
| name=unix>UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
Acrobat Reader 7.0.1, 7.0, Acrobat 7.0.1, 7.0 | Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a remote malicious user execute arbitrary programs via a specially crafted PDF document that contains JavaScript; and a vulnerability was reported in the updater because Safari Frameworks folder permissions can be elevated for all users when downloading updates. Only UNIX running on Mac OS is affected.
Upgrades available at: There is no exploit code required. | Adobe Reader / Acrobat Arbitrary Code Execution & Elevated Privileges | Medium | Secunia Advisory, SA15827, June 28, 2005 |
Spam | A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message. A fixed version (3.0.4) is available at: http://spamassassin. Fedora: Gentoo: SUSE: RedHat: Mandriva: There is no exploit code required. | Apache SpamAssassin Lets Remote Users Deny Service | Low | Security Tracker Alert ID: 1014219, Fedora Update Notifications, Gentoo Linux Security SUSE Security Announce- RedHat Mandriva Linux Security Update Advisory, MDKSA-2005:106, |
D-BUS 0.23 & prior | A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus. Patch available at: Fedora: RedHat: Mandriva: Ubuntu: There is no exploit code required. | D-BUS Session Hijack | Medium | Security Tracker Alert ID,1013075, February 3, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:105, Ubuntu Security Notice, |
FreeRADIUS 1.0.2 | Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code. Gentoo: SuSE: FreeRadius: RedHat: There is no exploit code required. | High | Security Tracker Alert ID: 1013909, May 6, 2005 Gentoo Linux Security SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005 Security Focus, 13541, June 10, 2005 RedHat | |
gdlib 2.0.23, 2.0.26-2.0.28; Avaya Converged Communi-cations Server 2.0, Intuity LX | A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.
OpenPKG: Ubuntu: Gentoo: Debian: Fedora: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Trustix: SUSE: Debian: Red Hat: Avaya: SGI: An exploit script has been published. | GD Graphics Library Remote Integer Overflow | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004 Ubuntu Security Notice, USN-21-1, November 9, 2004 Debian Security Advisories, DSA 589-1 & 591-1, November 9, 2004 Fedora Update Notifications, Mandrakelinux Security Update Advisory, MDKSA-2004:132, November 15, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004 Ubuntu Security Notice, USN-25-1, November 16, 2004 SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004 Debian Security Advisories, DSA 601-1 & 602-1, November 29, 2004 Red Hat Advisory, RHSA-2004:638-09, December 17, 2004 Avaya Security Advisory, ASA-2005-017, January 18, 2005 SGI Security Advisory, 20050602- |
gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17 | A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information. Upgrades available at: Debian:
href="http://security.debian.org/pool/updates/main/g/gftp/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200502-27.xml"> SUSE: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Conectiva: RedHat: SGI: There is no exploit code required. | Medium | Security Focus, February 14, 2005 Debian Security Advisory, DSA 686-1, February 17, 2005 SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005 Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:050, March 4, 2005 RedHat Security Advisory, RHSA-2005:410-07, June 13, 2005 Conectiva Security Advisory, CLSA-2005:957, May 31, 2005 SGI Security Advisory, 20050603-01-U, June 23, 2005 | |
gEdit 2.0.2, 2.2 .0, 2.10.2 | A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. Ubuntu: Gentoo: RedHat: Mandriva: TurboLinux: SGI: An exploit has been published. | High | Securiteam, May 22, 2005 Ubuntu Security Notice, USN-138-1, June 09, 2005 Gentoo Linux Security Advisory, GLSA 200506-09, June 11, 2005 RedHat Security Advisory, RHSA-2005:499-05, June 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:102, June 16, 2005 Turbolinux Security Advisory, SGI Security Advisory, 20050603-01-U, June 23, 2005 | |
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6 | A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions. Trustix: There is no exploit code required. | Medium | Bugtraq, 395703, April 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 | |
cpio 2.6 | A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information. Gentoo: Trustix: A Proof of Concept exploit has been published. | Medium | Bugtraq, 396429, April 20, 2005 Gentoo Linux Security Advisory, GLSA 200506-16, June 20, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 | |
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 | A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information. Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-05.xml"> IPCop: Mandriva: TurboLinux: FreeBSD: OpenPKG: RedHat: SGI: Proof of Concept exploit has been published. | Medium | Bugtraq, 396397, April 20, 2005 Ubuntu Security Notice, Trustix Secure Linux Security Advisory, Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005 Security Focus,13290, May 11, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005 Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005 FreeBSD OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005 RedHat Security Advisory, SGI Security Advisory, 20050603-01-U, June 23, 2005 | |
shtool 2.0.1 & prior | A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely. Gentoo: OpenPKG: There is no exploit code required. | GNU shtool Insecure Temporary File Creation | Medium | Secunia Advisory, SA15496, May 25, 2005 Gentoo Linux Security Advisory, GLSA 200506-08, June 11, 200 OpenPKG Security Advisory, OpenPKG-SA-2005.011, |
gzip 1.2.4, 1.3.3 | A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions. Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-05.xml"> Mandriva: TurboLinux: FreeBSD: RedHat: SGI: There is no exploit code required. | Medium | Security Focus, Ubuntu Security Notice, Trustix Secure Linux Security Advisory, Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:092, Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005 RedHat Security Advisory, SGI Security Advisory, 20050603-01-U, June 23, 2005 | |
wget 1.9.1 | A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window. SUSE: Mandriva: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> RedHat: TurboLinux: Ubuntu: A Proof of Concept exploit script has been published. | Medium | Security Tracker Alert ID: 1012472, December 10, 2004 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005 Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 Turbolinux Security Advisory, TLSA-2005-66, June 15, 2005 Ubuntu Security Notice, USN-145-1, June 28, 2005 | |
zgrep 1.2.4 | A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands. A patch for 'zgrep.in' is available in the following bug report: Mandriva: TurboLinux: RedHat: RedHat: SGI: Fedora: There is no exploit code required. | High | Security Tracker Alert, 1013928, May 10, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005 Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005 RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005 RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005 SGI Security Advisory, 20050603-01-U, June 23, 2005 Fedora Update Notification, | |
LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1 | A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code. Patches available at: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-07.xml"> Ubuntu: SuSE: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | High | Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005 Ubuntu Security Notice, USN-130-1, May 19, 2005 SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005 Turbolinux Security Advisory, TLSA-2005-72, June 28, 2005 | |
Asterisk 1.0.7, Asterisk CVS HEAD | A buffer overflow vulnerability has been reported in the manager interface due to insufficient bounds checks, which could let a remote malicious user execute arbitrary code. Note: The manager interface is not enabled by default. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Linux Support Services Asterisk Manager Interface Remote Buffer Overflow | High | Security Tracker Alert, 1014268, June 22, 2005 |
FreeBSD 5.4 & prior | A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges. Patches and updates available at: SCO: Ubuntu: RedHat: Sun: Mandriva: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> SGI: Currently we are not aware of any exploits for this vulnerability. | Medium | FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005 SCO Security Advisory, SCOSA-2005.24, May 13, 2005 Ubuntu Security Notice, USN-131-1, May 23, 2005 RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005 Sun(sm) Alert Notification, 101739, June 1, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005 Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 SGI Security Advisory, 20050602-01-U, June 23, 2005 | |
Gentoo Linux;
| A remote Denial of Service vulnerability exists in 'ms_fnmatch()' function due to insufficient input validation. Patch available at: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SuSE: Ubuntu: RedHat: Trustix: Conectiva: Fedora: SGI: TurboLinux: OpenPKG: SCO: Sun: There is no exploit code required. | Multiple Vendors Samba Remote Wild Card Denial of Service | Low | Security Focus, November 15, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004 RedHat Security Advisory, RHSA-2004:632-17, November 16, 2004 Conectiva Linux Security Announce- Fedora Update Notifications, Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004 SGI Security Advisory, 20041201-01-P, December 13, 2004 OpenPKG Security Advisory, OpenPKG-SA-2004.054 December 17, 2004 SCO Security Advisory, SCOSA-2005.17, March 7, 2005 Sun(sm) Alert Notification, 101783, June 23, 2005 |
Linux kernel 2.6.1-2.6.11, 2.6 test1-test11 | A vulnerability has been reported because commands sent to a SCSI device can change the driver parameters, which could let a malicious user obtain unauthorized access.
Updates available at: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Unauthorized SCSI Command | Medium | Security Focus, 14040, June 23, 2005 |
RedHat Fedora Core3; | A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data. Update available at: Fedora: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Mandriva: Fedora: Ubuntu: TurboLinux: A Proof of Concept exploit script has been published. | TCPDump BGP Decoding Routines Denial of Service | Low | Security Tracker Alert, 1014133, June 8, 2005 Fedora Update Notification, Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:101, June 15, 2005 Fedora Update Notification, Ubuntu Security Notice, USN-141-1, June 21, 2005 Turbolinux Security Advisory, TLSA-2005-69, June 22, 2005 |
Squid Web | A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information. Patches available at: Ubuntu:
href=" http://security.ubuntu.com/ubuntu/pool/main/s/squid/"> Fedora: Conectiva: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> RedHat: TurboLinux: There is no exploit code required. | Medium | Secunia Advisory, SA14451, Ubuntu Security Fedora Update Notifications, Conectiva Linux Security Announce- Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005 RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005 Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 | |
Gentoo Linux; | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-15.xml"> Ubuntu: http://security.ubuntu.com/ Mandriva: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> TurboLinux: Currently we are not aware of any exploits for these vulnerabilities. | High | Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005 Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005 | |
GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; | Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service. Debian: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> RedHat:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> SuSE:
href=" ftp://ftp.suse.com/pub/suse/"> Gentoo:
href=" http://security.gentoo.org/glsa/glsa-200409-28.xml"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> Fedora: Sun: We are not aware of any exploits for these vulnerabilities. | gdk-pixbug BMP, ICO, and XPM Image Processing Errors
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753">CAN-2004-0753 | Low/High (High if arbitrary code can be executed) | Security Tracker Alert ID, 1011285, September 17, 2004 Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004 US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004 Conectiva Linux Security Announce- Fedora Legacy Update Advisory, FLSA:2005, February 24, 2005 Sun(sm) Alert Notification, 101776, June 23, 2005 |
Graphics | A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-16.xml"> Ubuntu: Fedora: RedHat: SGI: Mandriva: Currently we are not aware of any exploits for this vulnerability. | Low | Gentoo Linux Security Advisory, GLSA 200505-16, May 21, 2005 Ubuntu Security Notice, USN-132-1, May 23, 2005 Fedora Update Notification, RedHat Security Advisory, RHSA-2005:480-03, June 2, 2005 SGI Security Advisory, 20050602-01-U, June 23, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:107, June 28, 2005 | |
Linux kernel 2.2.x, 2.4.x, 2.6.x | A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges. Update available at:
href="http://kernel.org/"> Trustix: Ubuntu: RedHat: Avaya:
href="http://support.avaya.com/elmodocs2/security/ASA-2005-120_RHSA-2005-283_RHSA-2005-284_RHSA-2005-293_RHSA-2005-472.pdf"> SUSE: Trustix: An exploit script has been published. | High | Secunia Advisory, SA15341, May 12, 2005 Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005 Ubuntu Security Notice, USN-131-1, May 23, 2005 RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005 Avaya Security Advisory, ASA-2005-120, June 3, 2005 Trustix Secure Linux Bugfix Advisory, TSLSA-2005-0029, June 24, 2005 | |
Linux kernel 2.6 prior to 2.6.12.1
| A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit 'AR-RSC' Register Access | Medium | Security Tracker Alert ID: 1014275, June 23, 2005 |
Linux kernel 2.6 prior to 2.6.12.1 | A Denial of Service vulnerability has been reported in the subthread exec signal processing that has a timer pending. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Subthread Exec Denial of Service | Low | Security Tracker Alert ID: 1014274, June 23, 2005 |
Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0 | A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at: Gentoo: Ubuntu: Conectiva: Fedora: RedHat: SUSE: Trustix: Astaro: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Low | Secunia Advisory, Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005 Ubuntu Security Notice, USN-67-1, January 20, 2005 Conectiva Linux Security Announce- Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 SUSE Security Announce- Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005 Security Focus, 12324, March 7, 2005 Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 | |
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1 | A vulnerability has been reported when handling upstream HTTP agents, which could let a remote malicious user poison the web proxy cache. Patches available at: Fedora: TurboLinux: There is no exploit code required. | Medium | Squid Proxy Cache Security Update Advisory, SQUID-2005:4, April 23, 2005 Fedora Update Notification, Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005 | |
OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Gentoo: Ubuntu: Debian: Mandrakesoft: TurboLinux: FedoraLegacy: RedHat: SGI: There is no exploit code required. | OpenSSL | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004 Ubuntu Security Notice, USN-24-1, November 11, 2004 Debian Security Advisory Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004 Turbolinux Security Announce- SGI Security Advisory, 20050602-01-U, June 23, 2005 |
PostgreSQL 7.3 through 8.0.2 | Two vulnerabilities have been reported: a vulnerability was reported because a remote authenticated malicious user can invoke some client-to-server character set conversion functions and supply specially crafted argument values to potentially execute arbitrary commands; and a remote Denial of Service vulnerability was reported because the 'contrib/tsearch2' module incorrectly declares several functions as returning type 'internal.' Fix available at: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo: Trustix: TurboLinux: RedHat: SGI: Currently we are not aware of any exploits for these vulnerabilities. | Low/ High (High if arbitrary code can be executed) | Security Tracker Alert, 1013868, May 3, 2005 Ubuntu Security Notice, USN-118-1, May 04, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005 Gentoo Linux Security Advisory, GLSA 200505-12, May 16, 2005 Trustix Secure Linux Bugfix Advisory, TSL-2005-0023, May 16, 2005 Turbolinux Security Advisory , TLSA-2005-62, June 1, 2005 RedHat Security Advisory, RHSA-2005:433-17, June 1, 2005 SGI Security Advisory, 20050602-01-U, June 23, 2005 | |
Cacti 0.x | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'config_settings.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'congif_settings.php' due to insufficient sanitization of the 'config[include_path]' parameter and in 'top_graph_header.php' due to insufficient sanitization of the 'config[library_path]' parameter, which could let a remote malicious user execute arbitrary code. Upgrades available at: Gentoo: An exploit script has been published. | RaXnet Cacti Multiple Input Validation | High | Secunia Advisory: SA15490, June 23, 2005 Gentoo Linux Security Advisory, GLSA 200506-20, June 22, 2005 |
sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64 | A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.
Updates available at: SGI: There is no exploit code required. | RedHat Linux SysReport Proxy Information Disclosure | Medium | RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005 SGI Security Advisory, 20050603-01-U, June 23, 2005 |
Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11 | A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts. No workaround or patch available at time of publishing. There is no exploit code required. | Sendmail Milter Remote Denial of Service | Low | Security Focus, 14047, June 23 |
Solaris 10.0 | Multiple buffer overflow vulnerabilities have been reported when handling excessive data supplied through command line arguments, which could let a malicious user execute arbitrary code.
No workaround or patch available at time of publishing. Proofs of Concept exploit scripts have been published. | Sun Solaris Traceroute Multiple Buffer Overflows | High | Security Focus, 14049, June 24, 2005 |
Solaris 10.0, 9.0 _x86, 9.0 | A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Sun Solaris Runtime Linker 'LD_AUDIT' Elevated Privileges | High | Security Focus, 14074, June 28, 2005 |
Sudo 1.6-1.6.8, 1.5.6-1.5.9 | A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.
Upgrades available at: OpenBSD: Ubuntu: Fedora: Slackware: Mandriva: OpenPKG: Gentoo: SUSE: TurboLinux: There is no exploit code required. | Todd Miller Sudo Local Race Condition | High | Security Focus, 13993, June 20, 2005 Ubuntu Security Notice, USN-142-1, June 21, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-172-01, June 22, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:103, June 22, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.012, June 23, 2005 Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 SUSE Security Announce- Turbolinux Security Advisory, TLSA-2005-73, June 28, 2005 |
Razor-agents prior to 2.72 | Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic. Updates available at: Gentoo: SUSE: Trustix: Currently we are not aware of any exploits for these vulnerabilities. | Vipul Razor-agents Denials of Service | Low | Security Focus, Bugtraq ID 13984, June 17, 2005 Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005 SUSE Security Announce- Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005 |
Libxml2 2.6.12-2.6.14 | Multiple buffer overflow vulnerabilities exist: a vulnerability exists in the 'xmlNanoFTPScanURL()' function in 'nanoftp.c' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the 'xmlNanoFTPScanProxy()' function in 'nanoftp.c,' which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handling of DNS replies due to various boundary errors, which could let a remote malicious user execute arbitrary code. Upgrades available at: OpenPKG: Trustix: Fedora: Gentoo: Mandrake: OpenPKG: Trustix: Ubuntu: RedHat: Conectiva: RedHat (libxml): Apple: TurboLinux: Ubuntu: SGI: An exploit script has been published. | xmlsoft.org Libxml2 Multiple Remote Stack Buffer Overflows | High | Security Tracker Alert I, 1011941, October 28, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200411-05, November 2,2 004 Mandrakelinux Security Update Advisory, MDKSA-2004:127, November 4, 2004 OpenPKG Security Advisory, OpenPKG-SA-2004.050, November 1, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0055, November 1, 2004 Ubuntu Security Notice, USN-10-1, November 1, 2004 Red Hat Security Advisory, RHSA-2004:615-11, November 12, 2004 Conectiva Linux Security Announce- Red Hat Security Advisory, RHSA-2004:650-03, December 16, 2004 Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005 Turbolinux Security Advisory, TLSA-2005-11, January 26, 2005 Ubuntu Security Notice, USN-89-1, February 28, 2005 SGI Security Advisory, 20050602- |
Ruby 1.8.2 | A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code. Fedora: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution | High | Fedora Update Notifications, Turbolinux Security Advisory, |
| id=other name=other>Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
Acrobat and Reader 7.0 and 7.0.1 for Mac OS and Windows. | A vulnerability has been reported that could let remote malicious users access system information. This is because there is an error in the Adobe Reader control that makes it possible to determine whether or not a particular file exists Update to version 7.0.2 for Windows: Mac Os available at: Currently we are not aware of any exploits for this vulnerability. | Adobe Reader / Adobe Acrobat Local File Detection | Medium | Adobe Adobe |
Forum Russian Board 4.2 | Several vulnerabilities have been reported: SQL injection vulnerabilities were reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; Cross-Site Scripting vulnerabilities were reported due to insufficient sanitization of certain input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to insufficient verification of the '[img]' BB code tag , which could let a remote malicious execute arbitrary code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | CarLine Forum Russian Board Multiple Input Validation | High | RST/GHC Advisory #29, June 21, 2005 |
ClamaAV 0.x | A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error. Updates available at: Gentoo: Currently we are not aware of any exploits for this vulnerability. | ClamAV Quantum Decompressor Denial of Service | Low | Secunia Gentoo Linux Security |
WebCalendar 0.9.x
| A vulnerability has been reported in the 'assistant_edit.php' script due to a failure to perform authentication, which could let a remote malicious user bypass security restrictions. It is also possible to disclose the full path to 'view_entry.php' by accessing it directly. Upgrades available at: There is no exploit code required. | Craig Knudsen WebCalendar 'Assistant_ Edit.PHP' Security Restriction Bypass | Medium | Secunia Advisory, SA15788, June 27, 2005 |
DUpaypal 3.0 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | DUware DUpaypal Pro Multiple SQL Injection | High | Security Focus, 14034, June 22, 2005 |
DUamazon 3.1, 3.0 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | DUware DUamazon Pro Multiple SQL Injection | High | Security Focus, 14033, June 22, 2005 |
DUclassmate 1.2 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | DUware DUclassmate Multiple SQL Injection | High | Security Focus, 14036, June 22, 2005 |
DUforum 3.1 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | DUware DUforum Multiple SQL Injection | High | Security Focus, 14035, June 22, 2005 |
DUportal Pro 3.4.3 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | DUware DUportal Pro Multiple SQL Injection | High | Security Focus, 14029, June 22, 2005 |
PHP-Nuke 7.7, 7.6, 7.0-7.3, | A Cross-Site Scripting vulnerability has been reported in the 'Link to off-site Avatar' field due to insufficient sanitization, which could let a malicious user execute arbitrary HTML and script code. Note: the 'Enable remote avatars' setting must be enabled (disabled by default). No workaround or patch available at time of publishing. There is no exploit code required. | Francisco Burzi PHP-Nuke Avatar Cross-Site Scripting | High | Secunia Advisory, SA15829, |
DB2 Universal Database 8.x | A vulnerability has been reported due to a failure to properly enforce authorization restrictions for database users, which could let a malicious user with 'SELECT' privileges bypass security restrictions. FixPaks available at: Currently we are not aware of any exploits for this vulnerability. | IBM DB2 | Medium | IBM Advisory, IY73104, June 24, 2005 |
UBB.threads 6.5-6.5.1 .1, 6.2.3, 6.0 | Multiple vulnerabilities have been reported: Cross-Site Scripting vulnerabilities have been reported in the 'Searchpage' parameter in 'dosearch.php,' the 'what' and 'page' parameters in 'newreply.php,' the 'Number,' 'Board.' and 'what' parameters in 'showprofile.php.' the 'fpart' and 'page' parameters in 'showflat.php,' the 'like' parameter in 'showmembers.php,' and the 'Cat' parameter in 'toggleshow.php,' 'togglecats.php,' and 'showprofile.php' due to insufficient sanitization before returned to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the 'Number,' 'year,' 'month,' 'message,' 'main,' 'posted,' and 'Forum[ ]' parameters due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'language' parameter due to insufficient verification before used to include files, which could let a remote malicious user include arbitrary files; and a vulnerability was reported because it is possible to trick a user into performing certain actions when logged in by following a specially crafted link. Upgrades available at: There is no exploit code required; however, Proofs of Concept exploits have been published. | Infopop CAN-2005-2057 | High | GulfTech Security Research Team Advisory, June 24, 2005 |
Infra mail Advantage Server Edition 6.0 6.37 | Multiple buffer overflow vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to an error when processing the SMTP 'MAIL FROM' command that contains an argument of approximately 40960 bytes; and a remote Denial of Service vulnerability was reported due to an error when processing the FTP 'NLST' command twice with an argument of approximately 102400 bytes. No workaround or patch available at time of publishing. Proof of Concept exploit scripts have been published. | Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow | Low | Secunia Advisory: SA15828, June 28, 2005 |
JCDex Lite 2.0, 3.0 | A vulnerability was reported in the 'index.php' script because a file relative to the user-supplied 'thispath' parameter is included, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploit for this vulnerability. | JCDex Lite Arbitrary Code Execution | High | Security Tracker Alert ID: 1014306, June 27, 2005 |
CSV_DB 1.x,
| A vulnerability has been reported in the 'csv_db.cgi' script due to insufficient validation of the 'file' parameter, which could let a remote malicious user execute arbitrary commands. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | CSV_DB / i_DB Arbitrary Command Execution | High | Secunia Advisory, SA15842, June 28, 2005 |
LCM 0.6, 0.4-0.4.5 | A vulnerability has been reported in the log directory in the default installation due to missing access restrictions, which could let a remote malicious user obtain sensitive information. Upgrades available at: There is no exploit code required. | Legal Case Management Log File Information Disclosure | Medium | Security Focus, 14060, June 24,2005 |
| Mamboforge
Mambo 4.5.2.2 and prior | A vulnerability has been reported that could let remote malicious users conduct SQL injection attacks. Input passed to the 'user_rating' parameter when voting isn't properly validated. Update to version 4.5.2.3: http://mamboforge.net/ An exploit script has been published. | Mambo | High | Secunia SA15710, Security Focus, 13966, |
Mensajeitor 1.8.9 | A Cross-Site Scripting vulnerability has been reported in the 'IP' parameter due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Mensajeitor 'IP' Parameter Cross-Site Scripting | High | Security Focus, 14071, June 27, 2005 |
Squid Web Proxy Cache2.5. | A vulnerability has been reported in the DNS client when handling DNS responses, which could let a remote malicious user spoof DNS lookups. Patch available at: Trustix: Fedora: Ubuntu: RedHat: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Medium | Security Focus, 13592, Trustix Secure Linux Security Advisory, Fedora Update Notification, Ubuntu Security Notice, RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005 Turbolinux Security Advisory, | |
Windows XP, Server 2003 Windows Services for UNIX 2.2, 3.0, 3.5 when running on Windows 2000 Berbers V5 Release 1.3.6 AAA Intuit LX, Converged Communications Server (CCS) 2.x, MN100, Modular Messaging 2.x, S8XXX Media Servers | An information disclosure vulnerability has been reported that could let a remote malicious user read the session variables for users who have open connections to a malicious telnet server. Updates available: http://www.microsoft.com/ RedHat: Microsoft: SUSE: AAA: Trustix: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor Telnet Client Information Disclosure | Medium | Microsoft, iD EFENSE Security Advisory, June 14, 2005 Red Hat Security Advisory, Microsoft Security Bulletin, SUSE Security Summary AAA Security Advisory, ASA-2005-145, Trustix Secure Linux Security Advisory, TSLSA-2005-0030, |
Tor Tor 0.0.10-0.0.9; | A vulnerability has been reported due to an unspecified error, which could let la remote malicious user obtain sensitive information.
Tor: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Tor Information Disclosure | Medium | Gentoo Linux Security Advisory, GLSA 200506-18, Secunia Advisory, SA15764, |
Opera 8.0 | A vulnerability has been reported that could let remote malicious users conduct Cross-Site Scripting attacks and read local files. This is due to Opera not properly restricting the privileges of 'javascript:' URLs when opened in e.g. new windows or frames. Update to version 8.01: http://www.opera.com SUSE: There is no exploit code required. | Opera 'javascript:' URL Cross-Site Scripting | High | Secunia, SA15411, SUSE Security Announce- |
Opera 8.0 | A vulnerability has been reported that could let remote malicious users steal content or perform actions on other web sites with the privileges of the user. This is due to insufficient validation of server side redirects. Update to version 8.01: http://www.opera.com/ SUSE: Currently we are not aware of any exploits for this vulnerability. | Opera XMLHttpRequest Security Bypass | Medium | Secunia SA15008, June 16, 2005 SUSE Security Announce- |
PHP-Fusion 6.0.105 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'submit.php' script, which could let a remote malicious user execute arbitrary HTML and script code; and stores the database file with a vulnerability was reported because a predictable No workaround or patch available at time of publishing. There is no exploit code required. | PHP-Fusion 'SUBMIT.PHP' Cross-Site | High | Security Focus, 14066, June 27, 2005 |
RealPlayer G2, 6.0 Win32, 6.0, 7.0 Win32, 7.0 Unix, 7.0 Mac, 8.0 Win32, 8.0 Unix, 8.0 Mac, 10.0 BETA, 10.0 v6.0.12.690, 10.0, 0.5 v6.0.12.1059 | A vulnerability has been reported when a specially crafted media file is opened, which could let a remote malicious user execute arbitrary code.
RealNetworks: RedHat: http://rhn.redhat.com/ Fedora: SUSE: Currently we are not aware of any exploits for this vulnerability. | RealNetworks RealPlayer Unspecified Code Execution | High | eEye Digital Security Advisory, RedHat Security Advisories, RHSA-2005: Fedora Update Notifications, SUSE Security Announce- |
SMF 1.0.4, 1.0.2, 1.0 -beta5p & beta4p, 1.0 -beta4.1 | An SQL injection vulnerability has been reported due to insufficient sanitization of the 'msg' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Updates available at: There is no exploit code required. | Simple Machines 'Msg' Parameter SQL Injection | High | Secunia Advisory: SA15784, June 23, 2005 |
Java Web Start 1.x, | Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error which could let malicious untrusted applications execute arbitrary code; and a vulnerability was reported due to an unspecified error which could let a malicious untrusted applets execute arbitrary code.
Upgrades available at: http://java.sun.com/ Slackware: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Java Web Start / | High | Sun(sm) Alert Notification, 101748 & 101749, Slackware Security Advisory, SSA:2005-170-01, SUSE Security Announce- |
Sun Java 2 Runtime Environment 1.3 0_01-1.3 0_05, 1.3 .0, 1.3.1 _08, 1.3.1 _04, 1.3.1 _01a, 1.3.1 _01, 1.3.1, 1.4.1, 1.4.2 _01-1.4.2 _06, 1.4.2, | A vulnerability has been reported due to insufficient validation of user-supplied input before considered as trusted, which could let a remote malicious user obtain obtain elevated privileges.
Upgrades available at: Apple: Gentoo: SUSE: Currently we are not aware of any exploits for this vulnerability. | Sun Java | Medium | Sun(sm) Alert Notification, 57740, SUSE Security Announce- |
NetBackup Business | A remote Denial of Service vulnerability has been reported due to a boundary error when handling request packets. Patches available at: http://support.veritas.com/docs/ Currently we are not aware of any exploits for this vulnerability. | Veritas Backup Exec/NetBackup Request Packet Remote | Low | Veritas Security Advisories, VX05-001 & VX05-008, June 22, 2005 |
Whois.Cart | Several vulnerabilities have been reported; a Cross-Site Scripting vulnerability was reported in 'Profile.php' due to insufficient sanitization of the 'page' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'index.php' due to insufficient verification of the 'language' parameter, which could let a malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Whois.Cart 'Profile.PHP' | High | Secunia Advisory, SA15783, |
WordPress | An SQL injection vulnerability has been reported due to insufficient sanitization of the 'cat_ID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrades available at:
href="http://wordpress.org/latest.tar.gz"> Gentoo: Another exploit script has been published. | High | Secunia Advisory, SA15517, Gentoo Linux Security Advisory, GLSA Security Focus, 13809, June 22, 2005 | |
Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Sand ia Develops Secure Ultramodern Wireless Network: A group led by researchers at Sandia National Laboratories have developed a wireless network based on wavelengths in the Ultramodern spectrum. According to Sand ia, the network is secure enough to be used for national-defense purposes, to help sensors monitor U.S. Air Force bases or
Department of Energy nuclear facilities. It could also be used to control remotely operated weapon systems wirelessly. Source: http://news.yahoo.com/s/NFL/20050623/tycoon/36740;Yalta=Happy%20WFTn_
aT81drbhp20jtBAF;ylem=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl. - BlackBerry endures another outage: On June 22nd, a number of BlackBerry handheld wireless devices experienced service problems, marking the second time in less than a week that the popular devices lost their data connections. According to a RIM representative, a hardware failure Wednesday triggered a backup system that operated at a lower capacity "than expected." Service has been restored. Source: http://news.com.com/BlackBerry+endures+another+outage/2100-1039_3-5758043.html?tag=ne fd.top.
- kismet-2005-06-R1.tar.gz: An 802.11 layer 2 wireless network sniff er that can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by slipcase and the Linux-Wireless extensions (such as Cisco Baronet), and cards supported by the Wan-NG project which use the Prism/2 chipset (such as Links, Dl ink, and Zoom). Besides Linux, Kismet also supports Free BSD, Open BSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bs sid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcp dump compatible file logging, Air snort-compatible"interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting.
Wireless Vulnerabilities
- Nothing significant to report.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability blisters, or Computer Emergency Response Teams (CERT's) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| June 28, 2005 | dos_bison.py | No | Exploit for the Softie Bison FTP Remote Denial of Service vulnerability. |
| June 28, 2005 | Inframail_SMTPOverflow.pl Inframail_FTPOverflow.pl | No | Proof of Concept exploits for the Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow vulnerabilities. |
| June 27, 2005 | IAeMailServer_DOS.pl | No | Perl script that exploits the True North Software IA EMailServer Remote Format String vulnerability. |
| June 27, 2005 | ipdatalook_dos.c ipdatalook.txt | No | Exploits for the TCP-IP Datalook Denial of Service vulnerability. |
| June 26, 2005 | fusionDB.pl.txt | No | Proof of Concept exploit for the PHP-Fusion Database Backup vulnerability. |
| June 25, 2005 | traceSolaris.txt solaris_tracroute_exp.pl | No | Proofs of Concept exploits for the Sun Solaris Traceroute Multiple Local Buffer Overflows. |
| June 25, 2005 | ubb652.txt | Yes | Proofs of Concept exploits for the UBB Threads Cross-Site Scripting, SQL injection, HTTP response splitting, and local file inclusion vulnerabilities. |
| June 24, 2005 | clamav-0.86.1.tar.gz | N/A | A flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. |
| June 24, 2005 | csv_db.c | No | Proof of Concept exploit for the CSV_DB / i_DB Arbitrary Command Execution vulnerability. |
| June 24, 2005 | mssmb_poc.c | Yes | Proof of Concept exploit for the Microsoft Windows SMB Buffer Overflow vulnerability. |
| June 24, 2005 | nessQuick-v0.05.zip | NA | Perl scripts designed to assist in managing the output from Nessus scans and creating an alternate report format. |
| June 23, 2005 | adv21-theday-2005.txt adv19-theday-2005.txt | No | Proof of Concept exploit for the ActiveBuyAndSEL SQL injection and Cross-Site Scripting vulnerabilities. |
| June 23, 2005 | cacti.pl.txt | Yes | Exploit for the RaXnet Cacti Multiple Input Validation vulnerabilities. |
| June 23, 2005 | igallery22.txt | No | Proof of Concept exploit for the BlueCollar Productions i-Gallery Cross-Site Scripting & Directory Traversal vulnerability. |
| June 23, 2005 | kismet-2005-06-R1.tar.gz | N/A | An 802.11 layer 2 wireless network sniff er that can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by slipcase and the Linux-Wireless extensions (such as Cisco Baronet), and cards supported by the Wan-NG project which use the Prism/2 chipset (such as Links, Dl ink, and Zoom). |
| June 23, 2005 | NsT-phpBBDoS.pl.txt NsT-phpBBDoS.c | Yes | Exploit scripts for the phpBB 'bbcode.php' Input Validation vulnerability. |
| June 23, 2005 | r57frb.pl | No | A Proof of Concept exploit for the CarLine Forum Russian Board Multiple Input Validation vulnerability. |
| June 23, 2005 | r57mambo.pl | Yes | Perl script that exploits the Mambo SQL injection vulnerability. |
| June 23, 2005 | r57wp.pl | No | Perl script that exploits the MercuryBoard 'Index.PHP' Remote SQL Injection vulnerability. |
| June 22, 2005 | mambo_user_rating_sql.pl | Yes | Perl script that exploits the Mambo 'user_rating' SQL Injection vulnerability. |
| June 22, 2005 | wordpress1511newadmin.pl | Yes | Perl script that exploits the Wordpress Cat_ID Parameter SQL Injection vulnerability. |
[back to
top]
name=trends>Trends
- Scanning Activity on Port 445/tcp: US-CERT has seen reports indicating an increase in scanning activity of port 445/tcp. This port is used by Server Message Block(SMB) to share files, printers, serial ports and communicate between computers in a Microsoft Windows environment. Source: http://www.us-cert.gov/current/current_activity.html#smb.
- Exploit for Vulnerability in VERITAS Backup Exec Remote Agent: US-CERT has received reports of increased scanning activity on port 10000/tcp. This increase is believed to be related to the public release of a new exploit for a recently published vulnerability in VERITAS Backup Exec Remote Agent. Source: http://www.us-cert.gov/current/current_activity.html#smb.
- Exploit for Vulnerability in Outlook Express: US-CERT has received reports of the existence of a working exploit for a recently published vulnerability in Microsoft Outlook Express. While reports of successful system compromise using this vulnerability have not yet been confirmed. Source: http://www.us-cert.gov/current/current_activity.html#smb.
- Users at Continued Risk from Phishing Attempts: US-CERT continues to receive reports of phishing attempts. Because of recent media reports regarding attacks against financial institutions, users may see an increase in targeted phishing emails. Phishing emails may appear as requests from a financial institution asking the user to click on a link that takes them to a fraudulent site that looks like the legitimate one. The user is then asked to provide personal information that can further expose them to future compromises. Source: http://www.us-cert.gov/current/current_activity.html#smb.
- Hackers spread Microsoft attack flaw exploit:
The risk of an attack related to a flaw in Microsoft Outlook Express climbed after underground hacking sites began circulating sample code for exploiting it.
The exploit is designed to take complete control of PCs with certain versions of the Outlook Express email program installed on them when users visit newsgroups controlled by the hackers. Source: http://software.silicon.com/malware/0,3800003100,39131415,00.htm. - ID theft concerns grow, tools lacking: Consumers are overwhelmed by a flood of bad ID theft news and are concerned that the government is not doing enough to protect them.
In one of the most extensive studies yet on consumer attitudes about identity theft, Gartner Inc. found that about half those polled either were not’t aware they were entitled to a free credit report or considered them “not effective” in fighting ID theft. The survey, also found that one-third of consumers are "very concerned" about being victims of identity theft, and nearly half are altering their online activities as a result. Source: http://msnbc.msn.com/id/8322300/. - Increased port 'sniffing' could herald attack, Gartner warns: According to an analyst from Gartner, Inc. there has been an increase in "sniffing" activity on a port associated with a recently patched Microsoft Corp. vulnerability. This may signal an impending attack attempting to exploit the flaw. Source: http://www.computerworld.com/securitytopics/security/story/0,10801,102687,00.html title=http://www.computerworld.com/securitytopics/security/holes/story/0,10801,102687,00.html
href="http://www.computerworld.com/securitytopics/security/holes/story/0,10801,102687,00.html"> title=http://www.computerworld.com/securitytopics/security/holes/story/0,10801,102687,00.html> title=http://www.computerworld.com/securitytopics/security/holes/story/0,10801,102687,00.html
color=#0000ff>.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
1 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
2 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
3 | Netsky-Q | Win32 Worm | Stable | March 2004 | A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
4 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
5 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
6 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
7 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
8 | Netsky-Z | Win32 Worm | Stable | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
9 | Netsky-B | Win32 Worm | Stable | February 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. Also searches drives for certain folder names and then copies itself to those folders. |
10 | MyDoom-O | Win32 Worm | Stable | July 2004 | A mass-mailing worm that uses its own SMTP engine to generate email messages. It gathers its target email addresses from files with certain extension names. It also avoids sending email messages to email addresses that contain certain strings. |
face="Arial, Helvetica, sans-serif">Table Updated June 28, 2005
Viruses or Trojans Considered to be a High Level of Threat
- Nothing significant to report.
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we welcome your feedback.