Summary of Security Items from June 29 through July 6, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
An input validation vulnerability has been reported in ASPjar Guestbook that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required. | ASPjar Guestbook SQL Injection | High | Security Focus, ID: 12521, July 4, 2005 | |
Access Remote PC V4.5.1 | A vulnerability has been reported in Access Remote PC that could let local malicious users disclose passwords. No workaround or patch available at time of publishing. There is no exploit code required. | Access Remote PC Password Disclosure | Medium | Security Tracker Alert ID: 1014377, July 5, 2005 |
Acoo Browser V1.17 | A javascript spoofing vulnerability has been reported in Acoo Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Acoo Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014311, June 28, 2005 |
AM Browser V2.0.0 | A javascript spoofing vulnerability has been reported in AM Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | AM Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014314, June 28, 2005 |
Community Server V1.1.0.50517 | An input validation vulnerability has been reported in Community Server that could let remote malicious users perform Cross-Site Scripting. Update to version 1.1.0.50615, A proof of concept exploit has been published. | Community Server Cross Site Scripting | High | Security Tracker Alert ID: 1014316, July 2, 2005 |
Crazy Browser V2.0.0 | A javascript spoofing vulnerability has been reported in Crazy Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Crazy Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014315, June 28, 2005 |
GoldenFTP Server V2.60 | A vulnerability has been reported in Golden FTP Server that could let a remote malicious user uncover files and installation paths. No workaround or patch available at time of publishing. There is no exploit code required. | Golden FTP Server File and Path Disclosure | Low | Secunia, Advisory: SA15840, July 1, 2005 |
GoSurf Browser V2.54 | A javascript spoofing vulnerability has been reported in GoSurf Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | GoSurf Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014313, June 28, 2005 |
ASP KnowledgeBase V2.0g | A vulnerability has been reported in ASP KnowledgeBase that could let remote malicious users obtain database access, including administrative passwords. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | ASP KnowledgeBase Database Disclosure | High | Security Tracker Alert ID: 1014384, July 5, 2005 |
ASP Webmail V3.6c | A vulnerability has been reported in ASP Webmail that could let remote malicious users obtain database access, including administrative passwords. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | ASP Webmail Database Disclosure | High | Security Tracker Alert ID: 1014385, July 5, 2005 |
Fileman V6.5 | A vulnerability has been reported in Fileman that could let remote malicious users obtain database access, including administrative passwords. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Fileman Database Disclosure | High | Security Tracker Alert ID: 1014383, July 5, 2005 |
ListPics 4.1 | A vulnerability has been reported in ListPics that could let remote malicious users obtain database access, including administrative passwords. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | ListPics Database Disclosure | High | Security Tracker Alert ID: 1014378, July 5, 2005 |
Hibun Advanced Edition Server 6.x, 7.x, | Several vulnerabilities have been reported: a vulnerability was reported due to an error that causes PCMCIA hard disks that are attached to a system to be incorrectly treated as internal hard disks, which could let a malicious user bypass security restrictions; and a vulnerability was reported due to an error in the Hibun Viewer, which could let a malicious user bypass security restrictions. Updates available at: Currently we are not aware of any exploits for these vulnerabilities. | Hitachi Multiple Hibun Products Security Restriction Bypass | Medium | Secunia Advisory: SA15863, June 30, 2005 |
K-Meleon Browser V0.9 | An empty javascript function processing vulnerability has been reported in K-Meleon Browser that could let remote malicious users perform a Denial of Service. As a workaround disable Javascript. A Proof of Concept exploit has been published. | K-Meleon Denial of Service | Low | Security Tracker Alert ID: 1014349, July 1, 2005 |
IntruShield Security Management | A vulnerability has been reported in IntruShield Security Management that could let malicious users perform Cross-Site Scripting or disclose authorized information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | IntruShield Security Management System Cross Site Scripting & Information Disclosure | High | Security Focus, ID: 14167, July 6, 2005 |
Microsoft FrontPage XP | A vulnerability has been reported in FrontPage that could let malicious users crash the application. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Microsoft FrontPage Denial of Service | Low | Security Tracker Alert ID: 1014352, July 1, 2004 |
Microsoft Internet Explorer Internet Explorer V6SP2 on Windows XP Internet Explorer V6SP1 for Windows XP 64-Bit Internet Explorer V6SP1 for Microsoft Windows Server 2003 Internet Explorer V6SP1 on Microsoft Windows 98, 98 SE, Millennium Edition | A COM object (javaprxy.dll) exception handling vulnerability has been reported in Internet Explorer that could let remote malicious users perform arbitrary code execution or cause a Denial of Service. Microsoft has published workarounds, A Proof of Concept exploit script has been published. | Microsoft Internet Explorer Arbitrary Code Execution | High | Microsoft Security Advisory 903144, June 30, 2005 |
Microsoft Internet Information Server V5.0, 6.0 | A vulnerability has been reported in Internet Information Server that could let a remote malicious user perform HTTP Response Smuggling Attacks. No workaround or patch available at time of publishing. There is no exploit code required. | Microsoft Internet Information Server HTTP Response Smuggling | Low | Security Tracker Alert ID: 1014364, July 3, 2005 |
Microsoft Windows XP, Server, & 2000 | An NTFS file block initialization vulnerability has been reported in Windows that could let malicious users reveal previous data. No workaround or patch available at time of publishing. There is no exploit code required. | Microsoft Windows NTFS File Block Initialization | Low | Security Focus, ID: 7386, June 30, 2005 |
Windows 2000 SP 3 and SP4 Windows XP SP1 Windows XP 64-Bit Edition SP1 Windows 98 and 98 SE | A buffer overflow vulnerability has been reported that could let a remote malicious user execute arbitrary code. Updates available:
href="http://www.microsoft.com/technet/security/Bulletin/MS05-017.mspx">http://www.microsoft.com/technet/ Currently we are not aware of any exploits for this vulnerability. | High | Microsoft Security Bulletin MS05-017, April 12, 2005 | |
Netscape V8.0.2 | An empty javascript function processing vulnerability has been reported in Netscape that could let remote malicious users perform a Denial of Service. As a workaround disable Javascript. A Proof of Concept exploit has been published. | Netscape Denial of Service | Low | Security Tracker Alert ID: 1014349, July 1, 2005 |
NotJustBrowsing Browser V1.0.4 | A javascript spoofing vulnerability has been reported in NotJustBrowsing Browser that could let remote malicious users spoof Javascript dialog boxes. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | NotJustBrowsing Browser Javascript Spoofing | Medium | Security Tracker Alert ID: 1014312, June 28, 2005 |
Prevx Pro 2005 | A vulnerability has been reported in Prevx Pro 2005 that could let local malicious users modify protected files and spoof kernel driver messages. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Prevx Pro File Modification & Driver Spoofing | Medium | Secunia, Advisory: SA15885, July 1, 2005 |
SSH Secure Shell and Tectia Server V4.3.1 | A host key disclosure vulnerability has been reported in SSH Secure Shell and SSH Tectia Server that could let local/ remote malicious users pretend to be other servers. Update to version 4.3.2, There is no exploit code required. | SSH Secure Shell and Tectia Server Key Disclosure | Medium | SSH Vulnerability Notification, RQ #11775, June 30, 2005 |
| TCP Chat | A vulnerability has been reported in TCP Chat that could let a remote malicious user perform a Denial of Service. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | TCP Chat Denial of Service | Low | Security Tracker Alert ID: 1014371, July 4, 2005 |
Veritas Backup Exec 10.0 | Multiple vulnerabilities have been reported in Veritas Backup Exec that could let remote malicious users perform arbitrary code execution, elevate privileges, perform a DoS, or even crash systems. A patch is available from the vendor: http://seer.support.veritas.com/ An exploit has been published. | Veritas Backup Exec Multiple Vulnerabilities | High | Secunia, Advisory: SA15789, June 23, 2005 VERITAS Security Advisory VX05-006, VX05-007, VX05-008, June 23, 3005 US-CERT VU#584505, VU#352625, VU#492105 Security Focus, ID: 14022, June 29, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Acrobat Reader (UNIX) 5.0.10, 5.0.9 | A buffer overflow vulnerability has been reported in the 'UnixAppOpenFilePerform()' function due to a boundary error, which could let a remote malicious user execute arbitrary code. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Adobe Acrobat Reader UnixAppOpen | High | Adobe Security Advisory, July 5, 2005 |
Acrobat Reader (UNIX) 5.0.10, 5.0.9 | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information. Upgrades avail bale at: There is no exploit code required. | Adobe Reader For Unix Local File Disclosure | Medium | Adobe Security Advisory, July 5, 2005 |
bzip2 1.0.2 | A remote Denial of Service vulnerability has been reported when the application processes malformed archives. Ubuntu: Mandriva: TurboLinux: SUSE: OpenPKG: RedHat: FreeBSD: Conectiva: Currently we are not aware of any exploits for this vulnerability. | Low | Ubuntu Security Notice, USN-127-1, May 17, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005 Turbolinux Security Advisory, TLSA-2005-60, June 1, 2005 SUSE Security Summary Report, SUSE-SR:2005:015, June 7, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.008, June 10, 2005 RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:14, June 29, 2005 Conectiva Linux Announce-ment, CLSA-2005:972, July 6, 2005 | |
bzip2 1.0.2 & prior | A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files. Ubuntu: Mandriva: Debian: TurboLinux: OpenPKG: RedHat: FreeBSD: Conectiva: There is no exploit code required. | Medium | Security Focus, Ubuntu Security Notice, USN-127-1, May 17, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:091, May 19, 2005 Debian Security Advisory, DSA 730-1, May 27, 2005 Turbolinux Security Advisory, TLSA-2005-60, June 1, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.008, June 10, 2005 RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:14, June 29, 2005 Conectiva Linux Announce-ment, CLSA-2005:972, July 6, 2005 | |
Centericq 4.20 | A vulnerability has been reported in 'gaduhook::handletoken()' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges. No workaround or patch available at time of publishing. There is no exploit code required. | CenterICQ Insecure Temporary File | Medium | Security Focus, 14144, July 5, 2005 |
crip 3.5 | A vulnerability has been reported due to the creation of temporary files in an insecure manner, which could let a malicious user overwrite files or cause a Denial of Service. Debian: There is no exploit code required. | Crip Helper Script Insecure Temporary File Creation | Medium | Debian Security Advisory, DSA 733-1, June 30, 2005 |
ClamAV 0.x | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the 'cli_scanszdd()' function in 'libclamav/scanners.c' due to a memory and file descriptor leak; and a remote Denial of Service vulnerability was reported in 'libclamav/mspack/mszipd.c' due to insufficient validation of the 'ENSURE_BITS()' macro user-supplied cabinet file header. Upgrades available at: Conectiva: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Clam Anti-Virus ClamAV Remote Denials of Service | Low | Security Tracker Alert ID: 1014332, June 29, 2005 Conectiva Linux Announce- Debian Security Advisory, DSA 737-1, July 6, 2005 |
Courier Mail Server 0.50 | A remote Denial of Service vulnerability has been reported in the 'spf.c' source file when processing Sender Policy Framework (SPF) data. Upgrade available at: Currently we are not aware of any exploits for this vulnerability. | Courier Mail Server Remote Denial of Service | Low | Secunia Advisory: SA15901, July 4, 2005 |
Ettercap 0.6 .b, 0.6 .a, 0.6.3.1, 0.6.4, 0.6.5, 0.6.6 .6, 0.6.7, 0.6.9, Ettercap-NG 0.7 .0-0.7.2 | A format string vulnerability has been reported in the 'curses_msg()' function in the Ncurses interface, which could let a remote malicious user execute arbitrary code. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Ettercap Remote Format String | High | Secunia Advisory, SA15535, May 31, 2005 |
Log4sh 1.2.3-1.2.5 | A vulnerability has been reported in the 'log4sh_readProperties()' function due to the creation of a temporary file in an unsafe manner, which could let a malicious user obtain elevated privileges. Upgrades available at: There is no exploit code required. | Log4sh Insecure Temporary File Creation | Medium | Security Tracker Alert ID: 1014374, July 4, 2005 |
FreeBSD 5.4 -RELEASE | A vulnerability has been reported on Symmetric Multi-Processor (SMP) systems and on Uni Processor (UP) systems with the PREEMPTION kernel option enabled in FreeBSD's ipfw packet filtering code due to insufficient locking on table lookups, which could let a remote malicious user bypass the firewall without authorization. Patch available at: Currently we are not aware of any exploits for this vulnerability. | FreeBSD ipfw Packet Lookup Firewall Bypass | Medium | FreeBSD Security Advisory FreeBSD-SA-05:13, June 29, 2005 |
FreeBSD 4.x, 5.x | A remote Denial of Service vulnerability has been reported when with an established connection receives and accepts a TCP packet with the SYN flag set. Patches available at: There is no exploit code required. | FreeBSD TCP Stack Established Connection Remote Denial of Service | Low | FreeBSD Security Advisory, FreeBSD-SA-05:15, June 29, 2005 |
Geeklog 1.x | An SQL injection vulnerability has been reported in the user comment retrieval functionality due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code. Updates available at: There is no exploit code required. | Geeklog User Comment Retrieval SQL Injection | High | Hardened-PHP Project Security Advisory, July 5, 2005 |
GlobalNoteScript 4.20 & prior | A vulnerability has been reported in the 'read.cgi' script due to insufficient validation of the 'file' parameter, which could let a remote malicious ser execute arbitrary commands. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | GlobalNoteScript 'Read.CGI' Remote Command Execution | High | Security Tracker Alert ID: 1014375, July 4, 2005 |
GNATS 4.1, 4.0 | A vulnerability has been reported in gen-index, which could let a malicious user obtain/overwrite arbitrary information.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | GNU GNATS Gen-Index Arbitrary Local File Disclosure/Overwrite | High | Security Focus, 14169, July 6, 2005 |
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 | A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information. Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-05.xml"> IPCop: Mandriva: TurboLinux: FreeBSD: OpenPKG: RedHat: SGI: Conectiva: Proof of Concept exploit has been published. | Medium | Bugtraq, 396397, April 20, 2005 Ubuntu Security Notice, Trustix Secure Linux Security Advisory, Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005 Security Focus,13290, May 11, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005 Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005 FreeBSD OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005 RedHat Security Advisory, SGI Security Advisory, 20050603-01-U, June 23, 2005 Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005 | |
gzip 1.2.4, 1.3.3 | A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions. Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-05.xml"> Mandriva: TurboLinux: FreeBSD: RedHat: SGI: Conectiva: There is no exploit code required. | Medium | Security Focus, Ubuntu Security Notice, Trustix Secure Linux Security Advisory, Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:092, Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005 RedHat Security Advisory, SGI Security Advisory, 20050603-01-U, June 23, 2005 Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005 | |
KPopper 1.0, 0.93 | A vulnerability has been reported in 'popper/popper-send.sh' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges. No workaround or patch available at time of publishing. There is no exploit code required. | KPopper Insecure Temporary File Creation | Medium | Secunia Advisory: SA15912, July 5, 2005 |
Apple Safari 1.2-1.2.3, RSS 2.0 pre-release; | A vulnerability has been reported due to a failure to handle scripts securely, which could let a remote malicious user execute arbitrary code. Upgrades available at: A Proof of Concept exploit has been published. | High | Apple Security Advisory, APPLE-SA-2005-04-15, April 16, 2005 | |
OpenLDAP 2.1.25; Padl Software pam_ldap Builds 166, 85, 202, 199, 198, 194, 183-192, 181, 180, 173, 172, 122, 121, 113, 107, 105 | A vulnerability has been reported in OpenLDAP, 'pam_ldap,' and 'nss_ldap' when a connection to a slave is established using TLS and the client is referred to a master, which could let a remote malicious user obtain sensitive information. Trustix: There is no exploit code required. | Multiple Vendors TLS Plaintext Password | Medium | Trustix Secure Linux Advisory, TSLSA-2005-0031, July 1, 2005 |
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux; | A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code. Debian: FreeBSD: Gentoo: SUSE: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Zlib Compression Library Buffer Overflow | High | Debian Security Advisory DSA 740-1, July 6, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:16, July 6, 2005 Gentoo Linux Security Advisory, GLSA 200507-05 , July 6, 2005 SUSE Security Announcement, SUSE-SA:2005:039, July 6, 2005 Ubuntu Security Notice, USN-148-1, July 06, 2005 |
NetBSD 2.0-2.0.2, 1.6-1.6.2 | A Denial of Service vulnerability has been reported in the clcs and emuxki audio drivers. Patches available at: Currently we are not aware of any exploits for this vulnerability. | NetBSD CLCS / EMUXKI Audio Driver Local Denial of Service | Low | NetBSD Security Advisory, NetBSD-SA2005-002, June 30, 2005 |
Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1 | A remote Denial of Service vulnerability has been reported when handling stream-based protocols. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Net-SNMP Protocol Denial Of Service | Low | Secunia Advisory: SA15930, July 6, 2005 |
oftpd 0.3.0 | A buffer overflow vulnerability has been reported when an overly long argument is submitted for the 'USER' command, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | OFTPD User Command Buffer Overflow | High | Security Focus, 14161, July 6, 2005 |
phpPgAdmin 3.5.3, 3.4.1, 3.1-3.4 | A Directory Traversal vulnerability has been reported due to a failure to filter directory traversal sequences from requests to the login form, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPPGAdmin Login Form Directory Traversal | Medium | Security Focus, 14142, July 5, 2005 |
Eskuel 1.0.2 | A vulnerability has been reported due to improper authentication of user credentials, which could let a remote malicious user obtain administrative access. No workaround or patch available at time of publishing. There is no exploit code required. | Eskuel Unauthorized Administrator Access | High | Security Focus,14163, July 6, 2005 |
Cacti prior to 0.8.6f | Multiple SQL injection vulnerabilities have been reported in the input filters due to insufficient sanitization of user-supplied input before using in SQL queries, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'graph_image.php' script due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported because 'session_start()', and 'addslashes()' can be prevented from being called due to a design error, which could let a remote malicious user obtain administrative access.
Upgrades available at: There is no exploit code required. | RaXnet Cacti Multiple Vulnerabilities | High | Hardened - PHP Project Security Advisory, July 1, 2005 |
Gaim prior to 1.3.1 | Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported when using the Yahoo! protocol to download a file; and a remote Denial of Service vulnerability was reported in the MSN Messenger service when a malicious user submits a specially crafted MSN message. Updates available at: Ubuntu: Gentoo: Mandriva: Fedora: RedHat: Debian: There is no exploit code required. | Gaim Remote Denial of Services | Low | Secunia Advisory, SA15648, June 10, 2005 Ubuntu Security Notice USN-139-1, June 10, 2005 Gentoo Linux Security Advisory, GLSA 200506-11, June 12, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:099, June 14, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:518-03, June 16, 2005 Debian Security Advisory, DSA 734-1, July 5, 2005 |
Heimdal 0.6-0.6.4, 0.5.0-0.5.3, 0.4 a-f | Multiple buffer overflow vulnerabilities have been reported in the 'getterminaltype()' function due to a boundary error in telnetd, which could let a remote malicious user execute arbitrary code. Upgrades available at: Gentoo: SUSE: Currently we are not aware of any exploits for this vulnerability. | Heimdal TelnetD | High | Secunia Advisory, SA15718, June 20, 2005 Gentoo Linux Security Advisory, GLSA 200506-24, June 29, 2005 SUSE Security Announcement, SUSE-SA:2005:040, July 6, 2005 |
Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11 | A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts. SUSE: Debian: There is no exploit code required. | Sendmail Milter | Low | Security Focus, 14047, June 23 SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005 Debian Security Advisory, DSA 737-1, July 6, 2005 |
Solaris 10.0, 9.0 _x86, 9.0 | A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges. Workaround and patch information available at: An exploit script has been published. | Sun Solaris Runtime Linker 'LD_AUDIT' Elevated Privileges | High | Security Focus, 14074, June 28, 2005 Sun(sm) Alert Notification, 101794, June 28, 2005 |
Sudo 1.6-1.6.8, 1.5.6-1.5.9 | A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.
Upgrades available at: OpenBSD: Ubuntu: Fedora: Slackware: Mandriva: OpenPKG: Gentoo: SUSE: TurboLinux: RedHat: Debian: Conectiva: There is no exploit code required. | Todd Miller Sudo | High | Security Focus, 13993, June 20, 2005 Ubuntu Security Notice, USN-142-1, June 21, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-172-01, June 22, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:103, June 22, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.012, June 23, 2005 Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005 Trustix Secure Linux Security Advisory, SUSE Security Announce- Turbolinux Security Advisory, TLSA-2005-73, June 28, 2005 RedHat Security Advisory, RHSA-2005: Debian Security Advisory, 735-1, July 1, 2005 Conectiva |
Razor-agents prior to 2.72 | Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic. Updates available at: Gentoo: SUSE: Trustix: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Vipul Razor-agents Denials of Service | Low | Security Focus, Bugtraq ID 13984, June 17, 2005 Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005 SUSE Security Announce- Trustix Secure Linux Security Advisory, Debian Security Advisory, DSA 738-1, July 5,2 005 |
ekg 2005-06-05 22:03 | A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges. No workaround or patch available at time of publishing. There is no exploit code required. | Wojtek Kaniewski | Medium | Secunia Advisory: SA15889, July 5, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Apache prior to 2.1.6 | A vulnerability has been reported because a remote malicious user can submit a specially crafted request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header to cause Apache to forward the reassembled request with the original Content-Length HTTP header value.
Upgrades available at: http://httpd.apache.org There is no exploit code required; however, Proofs of Concept exploits have been published. | Apache HTTP Request Smuggling | High | Security Tracker Alert ID: 1014323, June 29, 2005 |
Tomcat 4.1.24, 5.0.19
| A vulnerability has been reported If the web server is used in conjunction with a proxy server or application gateway (e.g., cache, firewall) and it there is an input validation vulnerability in the web server or one of its applications, then a remote malicious user can use HTTP request smuggling techniques. No workaround or patch available at time of publishing A Proof of Concept exploit has been published. | Apache Tomcat HTTP Request Smuggling | Medium | Security Tracker Alert ID: 1014365, July 3, 2005 |
AutoIndex PHP Script 1.5.2 | A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'search' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing There is no exploit code required; however, a Proof of Concept exploit has been published. | AutoIndex PHP Script Index.PHP Cross-Site Scripting | High | Security Focus, 14154, July 5, 2005 |
Weblogic 8.1 SP1 | A vulnerability has been reported If the web server is used in conjunction with a proxy server or application gateway (e.g., cache, firewall) and it there is an input validation vulnerability in the web server or one of its applications, then a remote malicious user can use HTTP request smuggling techniques.
No workaround or patch available at time of publishing A Proof of Concept exploit has been published. | BEA WebLogic HTTP Request Smuggling | Medium | Security Tracker Alert ID: 1014366, July 3, 2005 |
IOS 12.x, R12.x | A vulnerability has been reported in the AAA (Authentication, Authorization, and Accounting) RADIUS authentication method due to an error, which could let a remote malicious user bypass authentication and obtain unauthorized access. Patch information available at: There is no exploit code required. | Cisco IOS AAA RADIUS Authentication Bypass | Medium | Cisco Security Advisory, cisco-sa-20050629-aaa, June 29, 2005 |
ClamaAV 0.x | A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error. Updates available at: Gentoo: Trustix: SUSE: Debian: Currently we are not aware of any exploits for this vulnerability. | ClamAV Quantum Decompressor Denial of Service | Low | Secunia Trustix Security Advisory, TSLSA-2005-0029, June 24, 2005 Gentoo Linux Security SUSE Security Announcement, SUSE-SA:2005:038, June 29, 2005 Debian Security Advisory, DSA 737-1, July 6, 2005 |
eCommerce 3.1, 3.0 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 's_type' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the administration section due to an input validation error, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required. | High | Secunia Advisory: SA15865, June 30, 2005 | |
Community Link Pro Login.cgi | A vulnerability has been reported in 'login.cgi' due to insufficient sanitization of the 'file' parameter before using in an 'open()' call, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Community Link Pro Input Validation | High | Security Tracker Alert ID: 1014345, June 30, 2005 |
Groupware-CRM covide 5.2 | An SQL injection vulnerability has been reported due to insufficient sanitization of the user ID, which could let a remote malicious user execute arbitrary SQL code. Update available at: Currently we are not aware of any exploits for this vulnerability. | Covide Groupware-CRM SQL Injection | High | Secunia Advisory: SA15926, July 6, 2005 |
DeleGate Proxy 8.9.2 | A vulnerability has been reported when a specially crafted request that contains two 'Content-Length' headers is submitted, which could let a remote malicious user conduct HTTP request smuggling attacks. No workaround or patch available at time of publishing A Proof of Concept exploit has been published. | DeleGate Proxy HTTP Request Smuggling | Medium | Security Tracker Alert ID: 1014359, July 2, 2005 |
Drupal 4.6.1, 4.6 , 4.5-4.5.3 | A vulnerability has been reported due to insufficient sanitization of user-supplied input to 'comments' and postings,' which could let a remote malicious user execute arbitrary PHP code.
Upgrades available at: There is no exploit code required.; however, a Proof of Concept exploit script has been published. | Drupal Arbitrary PHP Code Execution | High | Security Focus, 14110, June 30, 2005 |
Dynamic Biz Website Builder (QuickWeb) 1.0 | An SQL injection vulnerability has been reported in 'verify.asp' due to insufficient sanitization of the 'T1' and 'T2' parameters, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Dynamic Biz Website Builder Admin Login SQL Injection | High | Secunia Advisory: SA15818 , June 28, 2005 |
Plague News System 0.7 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient of the 'cid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'delete.php' script due to insufficient authentication, which could let a remote malicious user bypass security. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Plague News System SQL Injection, Cross-SIte Scripting & Security Bypass | High | Secunia Advisory: SA15902 , July 4, 2005 |
FSboard 2.0 | A Directory Traversal vulnerability has been reported which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | FSboard Directory Traversal | Medium | Security Focus, 14111, June 30, 2005 |
Gossamer ThreadsLinks-SQL 3.0-3.0.3 | Vulnerabilities have been reported in 'user.cgi' due to insufficient sanitization of the 'Email' parameter and in 'add.cgi' due to insufficient sanitization of various parameters, which could let a remote malicious user execute arbitrary code. Upgrades available at: There is no exploit code required. | Gossamer Threads Links Multiple HTML Injection | High | Secunia Advisory: SA15319, July 6, 2005 |
IBM Lotus Notes 6.5-6.5.4, 6.0-6.0.5, 5.0.12, 5.0.3 | An input validation vulnerability has been reported because HTML and JavaScript attached to received email messages is executed automatically when viewing the email, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing A Proof of Concept exploit script has been published. | IBM Lotus Notes Script Execution | High | Security Focus, 14164, July 6, 2005
|
WebSphere 5.0, 5.1 | A vulnerability has been reported If the web server is used in conjunction with a proxy server or application gateway (e.g., cache, firewall) and it there is an input validation vulnerability in the web server or one of its applications, then a remote malicious user can use HTTP request smuggling techniques.
No workaround or patch available at time of publishing A Proof of Concept exploit has been published. | IBM WebSphere HTTP Request Smuggling | Medium | Security Tracker Alert ID: 1014367, July 3, 2005 |
Internet Download Manager Corp. Internet Download Manager 4.00-4.05, 3.x, 2.x | A buffer overflow vulnerability has been reported due to improper bounds checking of input data prior to copying into a fixed size memory buffer, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing A Proof of Concept exploit script has been published. | Internet Download Manager Buffer Overflow | High | Security Focus, 14159, July 6, 2005 |
JAWS 0.5-0.5.2, 0.4, 0.3, 0.2 | Several vulnerabilities have been reported: a vulnerability has been reported in 'BlogModel.php' due to insufficient verification of the 'path' parameter before using to include files, which could let a remote malicious user execute arbitrary code; and a vulnerability has been reported in the 'XML-RPC' library due to an input validation error, which could let a remote malicious user execute arbitrary PHP code. Update available for the input validation vulnerability at: There is no exploit code required. | Jaws File Inclusion & XML-RPC PHP Code Execution | High | Secunia Advisory: SA15922, July 6, 2005 |
jBPM 2.0 | Several vulnerabilities have been reported: a vulnerability was reported in HSQLDB support, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in the 'org.jboss.web.WebServer' class when a remote malicious user submits a specially crafted HTTP request, which could lead to the disclosure of sensitive information. No workaround or patch available at time of publishing A Proof of Concept exploit has been published for the information disclosure vulnerability. | JBoss jBPM Remote Arbitrary Code Execution & Information Disclosure | High | Security Tracker Alert ID: 1014370, July 3, 2005 |
Quick & Dirty PHPSource Printer 1.0, 1.1 | A Directory Traversal vulnerability has been reported in the 'source.php' script due to insufficient validation of the 'file' parameter, which could let a remote malicious user obtain sensitive information. Upgrade available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Quick & Dirty PHPSource Printer Directory Traversal | Medium | Security Tracker Alert ID: 1014376, July 4, 2005 |
Mambo Open Source 4.5.2, 4.5.2 .1, 4.5.1 (1.0.9), 4.5.1 Beta 2, 4.5.1 Beta, 4.5.1 , 4.5 (1.0.3beta), 4.5 (1.0.3), 4.5 (1.0.2), 4.5 (1.0.1), 4.5 (1.0.0), 4.0.14 | Multiple vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain unauthorized access; and a session ID vulnerability has been reported due to insufficient sanitization of user-supplied input.
Upgrades available at: There is no exploit code required. | Mambo Open Source Multiple Unspecified Injection Vulnerabilities | Medium | Security Focus, 14117 & 14119, June 30, 2005 |
MyGuestBook 0.6.1 | A vulnerability has been reported in the 'form.inc.php3' script due to insufficient validation of the 'lang' parameter before using to include files, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing There is no exploit code required; however, a Proof of Concept exploit has been published. | MyGuestbook 'Form.Inc.PHP3' Remote File Include | High | SoulBlack - Security Research Security Advisory, July 5, 2005 |
Mozilla Browser Suite prior to alink="#999999">1.7.6 ; Thunderbird prior to 1.0.2 ; Firefox prior to 1.0.2 | A buffer overflow vulnerability has been reported due to a boundary error in the GIF image processing of Netscape extension 2 blocks, which could let a remote malicious user execute arbitrary code.
Mozilla Browser Suite; Thunderbird: Firefox: Fedora: Gentoo:
href="http://security.gentoo.org/glsa/"> Slackware:
href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123"> FedoraLegacy: An exploit script has been published. | High | Mozilla Foundation Security Advisory 2005-30, March 23, 2005 Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005 Security Focus, 12881, July 5, 2005 | |
Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3; | A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code. Drupal: Mandriva: Pear: PhpMyFaq: S9Y Serendipity: WordPress: XML-RPC: Xoops: Gentoo: Fedora: Trustix: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors XML-RPC for PHP Remote Code Injection | High | Security Focus, 14088, June 29, 2005 Gentoo Linux Security Advisory, GLSA 200507-01, July 3, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-147-1 & USN-147-2, July 05 & 06, 2005 |
NaboPoll 1.2 | A vulnerability has been reported in 'survey.inc.php' due to insufficient verification of the 'path' parameter before used to include files, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | NaboCorp Softwares NaboPoll Remote File Include | High | Security Tracker Alert ID: 101435, July 2, 2005 |
EasyPHPCalendar 6.1.5 & prior | A vulnerability has been reported due to insufficient verification of the 'serverPath' parameter before used to include files, which could let a remote malicious user include arbitrary files.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | EasyPHPCalendar 'serverPath' File Inclusion | High | Secunia Advisory: SA15893, July 5, 2005 |
NateOn Messenger 3.0 | A vulnerability has been reported due to an input validation error, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. Currently we are not aware of any exploit for this vulnerability. | NateOn Messenger Information Disclosure | Medium | Secunia Advisory: SA15819, June 29, 2005 |
Application Server Web Server 9.0.2 | A vulnerability has been reported If the web server is used in conjunction with a proxy server or application gateway (e.g., cache, firewall) and it there is an input validation vulnerability in the web server or one of its applications, then a remote malicious user can use HTTP request smuggling techniques.
No workaround or patch available at time of publishing A Proof of Concept exploit has been published. | Oracle Application Server Web Server HTTP Request Smuggling | Medium | Security Tracker Alert ID: 1014368 , July 3, 2005 |
Oracle Application Server Web Cache 9.0.2 | A vulnerability has been reported when a specially crafted request that contains two 'Content-Length' headers is submitted, which could let a remote malicious user conduct HTTP request smuggling attacks. No workaround or patch available at time of publishing A Proof of Concept exploit has been published. | Oracle Application Server Web Cache HTTP Request Smuggling | Medium | Security Tracker Alert ID: 1014360 , July 2, 2005 |
osTicket STS 1.3 beta, 1.2.7, 1.2 | Several vulnerabilities have been reported: a vulnerability was reported in the 'class.ticket.php' script due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in the 'view.php' and 'open.php' scripts because the 'inc' variable is not properly defined, which could let a remote malicious user include and execute arbitrary PHP files. No workaround or patch available at time of publishing There is no exploit code required; however, a Proof of Concept exploit has been published. | OSTicket Multiple Input Validation | High | RST / GHC Advisory, July 1, 2005 |
Pavsta Auto Site | A vulnerability has been reported in 'user_check.php' due to insufficient verification of the 'sitepath' parameter, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required. | Pavsta Auto Site 'user_check.php' Arbitrary Code Execution | High | Security Tracker Alert ID: 1014321, June 29, 2005 |
PHPGroupWare 0.9.14 .007 | An unspecified vulnerability has been reported in the addressbook. The impact was not specified. Upgrade available at: Currently we are not aware of any exploits for this vulnerability. | PHPGroupWare Addressbook | Not Specified | Security Focus, 14141, July 5, 2005 |
PHPNews 1.2.5 | An SQL injection vulnerability has been reported in the 'news.php' script due to insufficient sanitization of the 'prevnext' parameter before used in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Upgrade available at: There is no exploit code required. | PHPNews 'News.PHP' SQL Injection | High | Security Focus, 14133, July 4, 2005 |
PlanetFileServer Standard (BETA) | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability was reported in 'delete.php' due to insufficient sanity checks on deletion requests, which could let a remote malicious user bypass access restrictions. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PlanetDNS PlanetFileServer Remote Buffer Overflow & Access Restriction Bypass | High | Security Focus, 14138 & 14139, July 4, 2005 |
QuickBlogger 1.4 | A Cross-Site Scripting vulnerability has been reported because HTML code is not filtered from user-supplied input in the 'Your Name' and 'Comments' sections, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | QuickBlogger Cross-Site Scripting | High | EXPL-A-2005-011 Advisory, July 5, 2005 |
Dominion SXA-48, SX8, SX4, SX32 2.4.6 firmware, SX32, SX16 | Several vulnerabilities have been reported: a vulnerability was reported in '/etc/shadow/ because the default file permission is set to world-readable, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in '/bin/busybox/ because the file permission is set to world-writable, which could let a remote malicious user move/delete the file and potentially execute arbitrary code. Updates available at: There is no exploit code required. | Raritan Dominion SX Multiple Vulnerabilities | High | Secunia Advisory: SA15853, June 29, 2005 |
Soldier Of Fortune 2 1.0 3, 2 1.0 2 | A remote Denial of Service vulnerability has been reported in the '/ignore' command when a client ID is submitted that is larger than 1024. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Raven Software Soldier Of Fortune 2 Remote Denial of Service | Low | Secunia Advisory: SA15868, June 30, 2005 |
RealPlayer G2, 6.0 Win32, 6.0, 7.0 Win32, 7.0 Unix, 7.0 Mac, 8.0 Win32, 8.0 Unix, 8.0 Mac, 10.0 BETA, 10.0 v6.0.12.690, 10.0, 0.5 v6.0.12.1059 | A vulnerability has been reported when a specially crafted media file is opened, which could let a remote malicious user execute arbitrary code.
RealNetworks: RedHat: http://rhn.redhat.com/ Fedora: SUSE: Gentoo: Currently we are not aware of any exploits for this vulnerability. | RealNetworks RealPlayer Unspecified Code Execution | High | eEye Digital Security Advisory, RedHat Security Advisories, RHSA-2005: Fedora Update Notifications, SUSE Security Announce- Gentoo Linux Security Advisory, GLSA 200507-04, July 6, 2005 |
SunONE Web Server 6.1 SP4 | A vulnerability has been reported If the web server is used in conjunction with a proxy server or application gateway (e.g., cache, firewall) and it there is an input validation vulnerability in the web server or one of its applications, then a remote malicious user can use HTTP request smuggling techniques.
No workaround or patch available at time of publishing A Proof of Concept exploit has been published. | SunONE Web Server HTTP Request Smuggling | Medium | Security Tracker Alert ID: 1014369, July 3, 2005 |
Sun Java System Web Proxy Server 3.6 SP4 | A vulnerability has been reported when a specially crafted request that contains two 'Content-Length' headers is submitted, which could let a remote malicious user conduct HTTP request smuggling attacks. No workaround or patch available at time of publishing A Proof of Concept exploit has been published. | Sun Java System Web Proxy Server HTTP Request Smuggling | Medium | Security Tracker Alert ID: 1014358, July 2, 2005 |
| Thierry Nkaoua
News-tnk 1.2 1 & prior | A Cross-Site Scripting vulnerability has been reported in the WEB parameter, which could let a remote malicious user execute arbitrary JavaScript code. Upgrade available at: Currently we are not aware of any exploits for this vulnerability. | News-TNK Unspecified Security Vulnerability | High | Security Focus, 14145, July 5, 2005 |
Xoops 2.x | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'comment_edit.php' due to insufficient sanitization of the 'cid' parameter and in 'edit.php' due to insufficient sanitization of the 'order' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in the XML-RPC interface due to insufficient sanitization of user-supplied, input, which could let a remote malicious user execute arbitrary SQL code. Upgrades available at: There is no exploit code required; however, Proofs of Concept exploits have been published. | Xoops Cross-Site Scripting & SQL Injection | High | Secunia Advisory: SA15843, June 30, 3005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- New Wireless Broadband Technology Touted: Backers of a narrow band wireless technology that uses low frequencies alongside existing activity on the wireless transmission spectrum claim better reach than next generation WiMax wireless, with a lower cost because of the sub-gigahertz spectrum and low power required for the solution. Source: http://www.technewsworld.com/story/8OGbT3UKPWiiC4/New-Wireless-Broadband-Technology-Touted.xhtml.
- Threat From Mobile Device Viruses a Sleeping Giant: Communication security experts do not all agree that cell phone and mobile device viruses pose imminent threats to U.S. consumers. Whether virus attacks become a problem in six months or five years might depend on how cell phone carriers react now to the threat potential. Source: http://www.technewsworld.com/story/44222.html.
Wireless Vulnerabilities
- Symbian Trojan drains the life from phones: Virus writers have created a new Symbian Trojan called Doomboot-A that loads an earlier mobile virus (Commwarrior-B) onto vulnerable smartphones. Doomboot-A also preventing infected phones from booting up properly. This cocktail of viral effects spells extra trouble for Symbian Series 60 smartphone users, especially those who play around with pirated games. Source: http://www.theregister.co.uk/2005/07/04/symbian_trojan_doomboot/
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| July 6, 2005 | dlm.c | No | Proof of Concept exploit for the Internet Download Manager Buffer Overflow vulnerability. |
| July 6, 2005 | malmail.txt | No | Proof of Concept exploit for the IBM Lotus Notes Script Execution vulnerably. |
| July 5, 2005 | druppy461.pl | Yes | Proof of Concept exploit for the Drupal Arbitrary PHP Code Execution vulnerability. |
| July 5, 2005 | firesnake.c | Yes | Script that exploits the Mozilla Suite/ Firefox/ Thunderbird GIF Image Processing Remote Buffer Overflow vulnerability. |
| July 5, 2005 | Schily-Root.tar | Yes | Proof of Concept exploit for the Sun Solaris Runtime Linker 'LD_AUDIT' Elevated Privileges vulnerability. |
| July 1, 2005 | ieCrash-javaprxy.txt | Yes | Proof of Concept Denial of Service exploit for the Microsoft Internet Explorer Arbitrary Code Execution vulnerability. |
| July 1, 2005 | knock-0.5.tar.gz | N/A | A server/client set of tools that implements port-knocking, which is a method of accessing a backdoor to your firewall through a special sequence of port hits. |
| July 1, 2005 | multihtml.c.exploit.txt | No | Exploit for the multihtml.c format string vulnerability. |
| July 1, 2005 | peercast.c | Yes | Script that exploits the Peercast.org PeerCast Remote Format String vulnerability. |
| July 1, 2005 | phpbb2_0_15.pl.txt | Yes | Exploit for the php 2.0.15 viewtopic.php remote command execution vulnerability. |
| July 1, 2005 | prowebExec.txt | No | Details on exploiting the Community Server Forums Cross-Site Scripting vulnerability. |
| July 1, 2005 | winfingerprint-0.6.2.zip | N/A | Win32 Host/Network Enumeration Scanner is capable of performing SMB, TCP, UDP, ICMP, RPC, and SNMP scans. Using SMB, winfingerprint can enumerate OS, users, groups, SIDs, password policies, services, service packs and hotfixes, NetBIOS shares, transports, sessions, disks, security event log, and time of day in either an NT Domain or Active Directory environment. |
| June 29, 2005 | ASPNuke.pl ASPNukeSQL080.txt | No | Exploits for the ASP Nuke SQL Injection & Cross Site Scripting vulnerability. |
| June 29, 2005 | backupexec_agent.pm.txt | No | Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Request exploit that makes use of a stack overflow. |
| June 29, 2005 | clogin.pl | No | Proof of Concept exploit for the Community Link Pro Input Validation vulnerability. |
| June 29, 2005 | communityXSS.txt | No | Exploit for the Community Server Forums Cross-Site Scripting vulnerability. |
| June 29, 2005 | Infradig60.txt | No | Sample Denial of Service exploit for the Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow vulnerabilities. |
[back to
top]
name=trends>Trends
- Reverse engineering patches making disclosure a moot choice? In a paper published in early June, SABRE researchers discussed how they had pinpointed, in less than 30 minutes, the flaw fixed by a Microsoft update to the Secure Sockets Layer (SSL). A reliable exploit for the flaw was created in less than 10 hours. In another example in the paper, the tool was used to discover in less the 3 hours that Microsoft had corrected a communications vulnerability in the Internet Security and Acceleration (ISA) Server, but had missed the same vulnerability in other parts of the system. Source: http://www.securityfocus.com/news/11235.
- Cybercrime cost about $400 billion: A report that was commissioned by McAfee discusses how organized crime and cyber crime are developing, and looks at the future threat this activity could pose to home computers, government computer networks, and to computer systems in the business sector. The report reveals a hierarchy of cyber criminals, discussing the recent evolution of the amateur cyber delinquent to the professional cyber gang. Source: http://www.crime-research.org/news/06.07.2005/1344/.
- Exploit for Vulnerability in XML-RPC: US-CERT is aware of a working public exploit for a vulnerability in a common PHP extension module (XML-RPC) that could allow a remote attacker to execute code of their choosing on a vulnerable system. Any application, typically web-based, that uses a flawed XML-RPC PHP implementation is vulnerable to exploitation. Source: http://www.us-cert.gov/current/.
- Exploit for Vulnerability in Microsoft's JVIEW Profiler (javaprxy.dll): US-CERT is aware of a working public exploit for a vulnerability in the Microsoft JVIEW Profiler (javaprxy.dll) component, an interface to the Microsoft Java Virtual Machine. This vulnerability can be exploited when a user attempts to view an HTML document (e.g., a web page or an HTML email message) that attempts to instantiate the JVIEW Profiler COM object in a certain way.
Source: http://www.us-cert.gov/current/. - Fake Microsoft Security Bulletin Email: US-CERT has received reports of an email message circulating purporting to be a Microsoft Security Bulletin. The email directs the user to download and install an executable that is supposed to be a cumulative patch. Through the use of social engineering that attacker is hoping to trick the user into thinking they will be installing a cumulative patch when in fact they are installing a version of SDBot, a commonly used Trojan horse. Source: http://www.us-cert.gov/current/.
- Hackers crack two-factor security: IT experts warned that two-factor authentication is not secure enough to stop Internet banking fraud. "Two-factor is good, but hackers are responding," Graham Cluley, senior technology consultant at Sophos, told vnunet.com."The latest generation of spyware not only includes key-loggers that trap passwords, but screen-grabbing software. This takes multiple images of what the user is doing and sends it straight to the hacker." Source: http://www.vnunet.com/vnunet/news/2139253/two-factor-authentication.
- E-mails hit record in May as criminals go phishing: According to IBM Corporation, the number of phishing attacks soared to a record high in May, as massive volumes of scam e-mails were pumped out by criminals seeking to dupe unsuspecting victims. In May, more than 9.1 million e-mails containing a phishing scam were detected, more than three times the 2.8 million detected in April and 18 per cent higher than the previous record of 7.7 million recorded in January. Source: http://news.yahoo.com/news?tmpl=story&u=/cpress/20050630/ca_pr_on_tc/ibm_phishing_attacks_2.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win 32 Worm | Slight Increase | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
| 2 | Zafi-D | Win 32 Worm | Increase | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 3 | Mytob.c | Win 32 Worm | Decrease | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 4 | Netsky-Q | Win 32 Worm | Slight Decrease | March 2004 | A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
| 4 | Mytob-BE | Win 32 Worm | New | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 6 | Lovgate.w | Win 32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
| 6 | Netsky-Z | Win 32 Worm | Increase | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
| 6 | Mytob-AS | Win 32 Worm | New | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
| 9 | Netsky-D | Win 32 Worm | Decrease | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 10 | Mytob-EP | Win 32 Worm | New | June 2005 | Another slight variant of the mass-mailing worm that utilizes an IRC backdoor and LSASS vulnerability to propagate. Also propagates by email, harvesting addresses from the Windows address book. |
Table Updated July 5, 2005
Viruses or Trojans Considered to be a High Level of Threat
- Hackers unleash industrial spy Trojan: IT security experts have detected a malware-based hack attack that attempts to gain unauthorized access to the networks of specifically targeted domains.
Security firm MessageLabs, which discovered the attack, explained that the Trojan targets only a small number of email addresses rather than mass mailing itself to as many recipients as possible.
The infected emails were transmitted to a highly targeted list of recipients at only four domains, suggesting that the hackers were using the malware for industrial espionage. The attack is designed to exploit a vulnerability in Microsoft Word caused by a buffer overflow when handling macro names. Source: http://www.vnunet.com/vnunet/news/2139033/hackers-unleash-industrial-spy.
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.