Summary of Security Items from February 16 through February 22, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only Common Name
Various Windows Products
Multiple potential vulnerabilities have been reported in various Avaya products, which run on the Windows platform, in response to Microsoft Security Advisories MS06-004, MS06-005, MS06-006, MS06-007, MS06-008, MS06-009, and MS06-010.
Currently we are not aware of any exploits for these vulnerabilities.
Avaya Products WMF Image Parsing Vulnerability
CVE-2006-0004
CVE-2006-0006
CVE-2006-0008
CVE-2006-0013
CVE-2006-0020
CVE-2006-00217
(CVE-2006-0020)Avaya, ASA-2006-047, February 14, 2006 ViRobot
A vulnerability has been reported in ViRobot that could let remote malicious users disclose information or obtain unauthorized access.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
ViRobot Information Disclosure or Unauthorized Access Not Available Security Tracker, Alert ID: 1015658, February 22, 2006 Lotus Notes 6.x, 7.x
Multiple vulnerabilities have been reported: a vulnerability was reported in 'kvarcve.dll' when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in 'uudrdr.dll' when handling 'UUE' files that contain an encoded file with an overly long filename, which could let a remote malicious user execute arbitrary code; a Directory Traversal vulnerability was reported in 'kvarcve.dll' when generating the preview of a compressed file from ZIP, UUE, and TAR archives, which could let a remote malicious user delete arbitrary files; a vulnerability was reported in the 'TAR' reader when extracting files from a TAR archive that contain a long filename, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the HTML speed reader due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in the HTML speed reader when checking if a link references a local file due to a boundary error, which could let a remote malicious user execute arbitrary code.
These issues have been addressed in Lotus Notes versions 6.5.5 and 7.0.1. Please contact the vendor to obtain fixes.
Currently we are not aware of any exploits for these vulnerabilities.
Entry was originally, erroneously listed as multiple OS.
IBM Lotus Notes Multiple Vulnerabilities
Not Available Secunia Advisory: SA16280, February 10, 2006
Security Tracker, Alert ID: 1015657, February 21, 2006
Macallan Mail Solution 4.8.03.025 An input validation vulnerability has been reported in Macallan Mail Solution that could let remote malicious users disclose information.
Macallan Mail Solution 4.8.05.004
There is no exploit code required.
Macallan Mail Solution Information Disclosure
2.8 Security Tracker, Alert ID: 1015647, February 20, 2006 Internet Explorer 6.0, 6.0 SP1
A buffer overflow vulnerability has been reported in Internet Explorer that could let remote malicious users to cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Microsoft Internet Explorer Denial of Service or Arbitrary Code Execution
7 Security Focus, ID: 16687, February 16, 2006 Chinese/ Japanese Word Processor 5.01.41108 and prior
A buffer overflow vulnerability has been reported in Chinese/ Japanese Word Processor that could let remote malicious users execute arbitrary code.
Chinese/ Japanese Word Processor 5.10
Currently we are not aware of any exploits for this vulnerability.
NJStar Chinese/Japanese Word Processor Arbitrary Code Execution
3.9 Security Tracker, Alert ID: 1015649, February 21, 2006 MailSite 4.2.1, 5, 5.3.4, 6.1.22 7.031
A vulnerability has been reported in MailSite, LDAP Service, that could let remote malicious users cause a Denial of Service.
No workaround or patch available at time of publishing.
There is no exploit code required.
MailSite Denial of Service
2.3 Secunia, Advisory: SA18888, February 15, 2006 Safe'n'Sec Personal 2.0
A vulnerability has been reported in Safe'n'Sec that could let local malicious users obtain elevated privileges.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Safe'n'Sec Privilege Elevation Not Available Security Focus, ID: 16762, February 21, 2006 Internet Anywhere EMailServer Corporate Edition 5.3.4
A buffer overflow vulnerability has been reported in Internet Anywhere EMailServer Corporate Edition that could let remote malicious users to cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Internet Anywhere EMailServer Denial of Service or Arbitrary Code Execution
1.4 Security Focus, ID: 16744, February 21, 2006 WPCeasy
A vulnerability has been reported in WPCeasy that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
WPCeasy SQL Injection Vulnerability
7 Secunia, Advisory: SA18945, February 20, 2006
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
Mac OS X Server 10.4.5, OS X 10.4.5 | A vulnerability has been reported in Apple Safari when processing file association meta data stored in the '_MACOSX' folder in ZIP archives, which could let a remote malicious user execute arbitrary commands. No workaround or patch available at time of publishing. A Proof of Concept exploit script, safari_safefiles_exec.pm, has been published. | Apple Mac OS X Archive Metadata Arbitrary Command Execution | 3.9 | Secunia Advisory: SA18963, February 21, 2006 Cyber Security Alert SA06-053A |
hcidump 1.29 | A remote Denial of Service vulnerability has been reported in '12cap.c' due to an error when handling L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. A Proof of Concept exploit script, hcidump-crash.c, has been published. | hcidump Bluetooth L2CAP Remote Denial of Service | Secunia Advisory: SA18741, February 8, 2006 Ubuntu Security Notice, USN-256-1, February 21, 2006 | |
Fetchmail 6.x | A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information. There is no exploit code required. | Fetchmail 'fetchmailconf' Information Disclosure | fetchmail-SA-2005-02 Security Announcement, October 21, 2005 Gentoo Linux Security Advisory, GLSA 200511-06, November 6, 2005 Ubuntu Security Notice, USN-215-1, November 07, 2005 Mandriva Linux Security Advisory, MDKSA-2005:209, November 10, 2005 Debian Security Advisory, DSA 900-2 & 900-3, November 21 & 22, 2005 Slackware Security Advisory, SSA:2006-045-01, February 14, 2006 | |
Fetchmail 6.3.0 - prior to 6.3.2 | A remote Denial of Service vulnerability has been reported due to incorrect freeing of an invalid pointer when bouncing a message to the originator or to the local postmaster. Currently we are not aware of any exploits for this vulnerability. | Fetchmail Remote Denial of Service | Fetchmail Security Advisory, fetchmail-SA-2006-01, January 22, 2006 Slackware Security Advisory, SSA:2006-045-01, February 14, 2006 | |
LibAST prior to 0.7 | A buffer overflow vulnerability has been reported in 'conf.c' due to a boundary error in the 'conf_find_file()' function, which could let a malicious user execute arbitrary code. An exploit script, eterm-exploit.c, has been published. | LibAST Buffer Overflow | Secunia Advisory: SA18586, January 25, 2006 Gentoo Linux Security Advisory, GLSA 200601-14, January 29, 2006 Debian Security Advisory, | |
tar 1.15.90, 1.15.1, 1.14.90, 1.15, 1.14 | A buffer overflow vulnerability has been reported when handling PAX extended headers due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Not available | Secunia Advisory: SA18973, February 22, 2006 Mandriva Security Advisory, MDKSA-2006:046, February 21, 2006 Ubuntu Security Notice, USN-257-1, February 23, 2006 | |
GnuPG / gpg prior to 1.4.2.1 | A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.
There is no exploit code required; however, a Proof of Concept exploit has been published. | GnuPG Detached Signature Verification Bypass | 4.9 | GnuPG Advisory, February 15, 2006 Fedora Update Notification, Debian Security Advisory, Mandriva Security Advisory, MDKSA-2006:043, February 17, 2006 Ubuntu Security Notice, USN-252-1, February 17, 2006 Gentoo Linux Security Advisory, GLSA 200602-10, February 18, 2006 SuSE Security Announcement, SUSE-SA:2006:009, February 20, 2006 |
KDE 3.2.0 up to including 3.5.0 | A buffer overflow vulnerability has been reported in 'kjs' in the decoding of UTF-8 encoded URI sequences, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | KDE kjs UTF-8 Encoded URI Buffer Overflow | KDE Security Advisory, January 19, 2006 RedHat Security Advisory, RHSA-2006:0184-11, January 19, 2006 Ubuntu Security Notice, USN-245-1, January 20, 2006 Debian Security Advisory, DSA-948-1, January 20, 2006 SUSE Security Announcement, SUSE-SA:2006:003, January 20, 2006 Mandriva Security Advisory, MDKSA-2006:019, January 20, 2006 Gentoo Linux Security Advisory, GLSA 200601-11, January 22, 2006 Slackware Security Advisory, SSA:2006-045-05, February 14, 2006 | |
LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1 | A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005 Ubuntu Security Notice, SUSE Security Summary Report, SUSE-SR:2005:014, Turbolinux Debian Security Advisory, DSA 755-1, July 13, 2005 SCO Security Advisory, SCO Security Advisory, SCOSA-2006.3, January 3, 2006 Mandriva Security Advisory, MDKSA-2006:042, February 17, 2006 | ||
Melange Chat System 1.10 | A vulnerability has been reported due to a failure to properly secure HTTP request data, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | Melange Chat Information Disclosure | Not Available | Security Focus, Bugtraq ID: 16747, February 21, 2006 |
Metamail 2.7 | A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. Note: According to Security Tracker this is a Linux/Unix vulnerability. Previously classified as multiple operating systems. A Proof of Concept exploit has been published. | Metamail Remote Buffer Overflow | 2.3 | Security Focus, Bugtraq ID: 16611, February 13, 2006 RedHat Security Advisory, RHSA-2006:0217-4, February 21, 2006 Mandriva Security Advisory, MDKSA-2006:047, February 22, 2006 |
Netcool/Neusecure 3.0.236 -1 | Several vulnerabilities have been reported: a vulnerability was reported because passwords are stored in cleartext in configuration files, which could let a malicious user obtain sensitive information; and a vulnerability was reported in the database connection log in the default configuration because it is readable by all users, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing. There is no exploit code. | Micromuse Netcool/ | 1.6 1.6 | Secunia Advisory: SA18922, February 17, 2006 |
Bugzilla 2.17.1-2.21.1 | An SQL injection vulnerability has been reported in 'editparams.cgi' due to insufficient validation of the 'whinedays' parameter, which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required. | Bugzilla SQL Injection | Not Available | Security Focus, Bugtraq ID: 16738, February 21, 2006 |
Bugzilla 2.19.3, 2.20-2.21.2 | A vulnerability has been reported in the login form on the home page due to a design error in the application, which could let a remote malicious user obtain sensitive information. There is no exploit code required. | Bugzilla Information Disclosure | Not Available | Security Focus, Bugtraq ID: 16745, February 21, 2006 |
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2; | Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read Currently we are not aware of any exploits for these vulnerabilities. | Xpdf Buffer Overflows | iDefense Security Advisory, December 5, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005 KDE Security Advisory, advisory-20051207-1, December 7, 2005 SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005 Ubuntu Security Notice, USN-227-1, December 12, 2005 Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005 RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005 Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006 Debian Security Advisory, Debian Security Advisory, DSA-937-1, January 12, 2006 Debian Security Advisory, DSA 938-1, January 12, 2006 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006 RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006 SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006 SGI Security Advisory, 20051201-01-U, January 20, 2006 Debian Security Advisory, DSA-950-1, January 23, 2006 Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006 Debian Security Advisories, Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006 | |
OpenSSH 3.x, 4.x; RedHat Fedora Core3 & Core4 | A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges. There is no exploit code required. | OpenSSH SCP Shell Command Execution | Security Focus, Bugtraq ID: 16369, January 24, 2006 Fedora Security Advisory, FEDORA-2006-056, January 24, 2006 Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006 Security Focus, Bugtraq ID: 16369, January 31, 2006 Secunia Advisory: SA18798, February 13, 2006 SUSE Security Announcement, SUSE-SA:2006:008, February 14, 2006 Slackware Security Advisory, SSA:2006-045-06, February 14, 2006 Gentoo Linux Security Advisory, GLSA 200602-11, February 20, 2006 Ubuntu Security Notice, USN-255-1, February 21, 2006 | |
RedHat Enterprise Linux WS 3, ES 3, AS 3, Desktop 3.0; | A Denial of Service vulnerability has been reported in the 'find_target' function due to a failure to properly handle unexpected conditions when attempting to handle a NULL return value from another function. There is no exploit code required. | Linux Kernel Find_Target | Security Focus, Bugtraq ID: 14965, September 28, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Debian Security Advisory. DSA 921-1, December 14, 2005 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 | |
Royal Institute of Technology Heimdal 0.7, 0.6- 0.6.5, 0.5.0-0.5.3, 0.4 a-f; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha; Ubuntu Ubuntu Linux 5.10 powerpc | A remote Denial of Service vulnerability has been reported in 'telnetd' due to a NULL pointer dereference error. Update to version 0.7.2 or 0.6.6. There is no exploit code required. | Heimdal TelnetD Remote Denial of Service | 3.3 | Bugtraq ID: 16676, February 16, 2006 Debian Security Advisory, Ubuntu Security Notice, USN-253-1, February 17, 2006 |
SuSE Linux Professional | An unspecified Denial of Service vulnerability has been reported when stack fault exceptions are triggered. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Stack Fault Exceptions Denial of Service | 2.3 | Security Focus, 14467, August 3, 2005 SUSE Security Announce- Ubuntu Security Notice, USN-187-1, September 25, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A vulnerability has been reported in the 'PYTHONINSPECT' variable, which could let a malicious user bypass security restrictions and obtain elevated privileges. An exploit script, sudo_local_python_ | Sudo Python Environment Cleaning Security Bypass | Security Focus, Bugtraq ID: 16184, January 9, 2006 Security Focus, Bugtraq ID: 16184, January 12, 2006 Debian Security Advisory, DSA-946-1, January 20, 2006 SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006 Slackware Security Advisory, SSA:2006-045-08, February 14, 2006 Slackware Security Advisory, SSA:2006-045-08, February 14, 2006 | |
Geeklog prior to 1.3.11sr4 & 1.4.0sr1; Media Gallery 1.2.3 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'users.php' and 'lib-sessions.php' due to insufficient sanitization of cookies before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a file include vulnerability was reported in 'lib-common.php' due to insufficient verification of cookies before using to include files, which could let a remote malicious user execute arbitrary php code. There is no exploit code required. | Geeklog SQL Injection & File Inclusion | Security Focus, Bugtraq ID: 16755, February 21, 2006 | |
KDE kword 1.4.2, kpdf 3.4.3, 3.2, KOffice 1.4-1.4.2, kdegraphics 3.4.3, 3.2; | Multiple buffer and integer overflows have been reported, which could let a remote malicious user execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability. | KPdf & KWord Multiple Unspecified Buffer & Integer Overflow CVE-2005-3624
| Not Available | Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006 Ubuntu Security Notice, USN-236-1, January 05, 2006 Fedora Update Notifications, Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006 Ubuntu Security Notice, USN-236-2, January 09, 2006 Debian Security Advisory DSA 931-1, January 9, 2006 Debian Security Advisory, SUSE Security Announcement, SUSE-SA:2006:001, January 11, 2006 RedHat Security Advisories, RHSA-2006:0163-2 & RHSA-2006:0177-5, January 11, 2006 Fedora Update Notifications, Debian Security Advisories, DSA 937-1, 938-1, & 940-1, January 12 & 13, 2006 Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006 Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006 RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006 SGI Security Advisory, 20051201-01-U, January 20, 2006 Debian Security Advisory, DSA-950-1, January 23, 2006 Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006 Gentoo Linux Security Advisory, GLSA 200601-17, January 30, 2006 Debian Security Advisories, Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006 |
Linux kernel 2.6-2.6.12 .3, 2.4-2.4.32 | A Denial of Service vulnerability has been reported in 'IP_VS_CONN_FLUSH' due to a NULL pointer dereference. Kernel versions 2.6.13 and 2.4.32-pre2 are not affected by this issue. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Denial of Service | Security Focus, Bugtraq ID: 15528, November 22, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 RedHat Security Advisory, RHSA-2006:0190-5, February 1, 2006 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 | |
Linux kernel 2.6-2.6.12, 2.4-2.4.31
| A remote Denial of Service vulnerability has been reported due to a design error in the kernel. The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Remote Denial of Service | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 | |
Norman Ramsey Noweb 2.9 a, 2.10 c; | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user overwrite critical files. There is no exploit code required. | Noweb Insecure Temporary File Creation | Not Available | Debian Security Advisory, Ubuntu Security Notice, USN-254-1, February 21, 2006 |
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; GNU Libtasn1 prior to 1.2.10, | A remote Denial of Service vulnerability has been reported due to improper decoding of DER encoded data. This could possibly lead to the execution of arbitrary code. A Proof of Concept exploit has been published. | GnuTLS libtasn1 DER Decoding Remote Denial of Service | Security Tracker Alert ID: 1015612, February 11, 2006 RedHat Security Advisory, RHSA-2006:0207-01, February 10, 2006 Fedora Update Notification, Mandriva Security Advisory, MDKSA-2006:039, February 13, 2006 Gentoo Linux Security Advisory, GLSA 200602-08, February 16, 2006 Ubuntu Security Notice, USN-251-1, February 16, 2006 | |
RedHat Fedora Core4, Core3; | A remote Denial of Service vulnerability has been reported when Fetchmail is configured in 'multidrop' mode due to a failure to handle unexpected input. There is no exploit code required. | Fetchmail Remote Denial of Service | Security Focus, Bugtraq ID: 15987, December 20, 2005 Fedora Update Notifications Mandriva Linux Security Advisory MDKSA-2005:236, December 23, 2005 Ubuntu Security Notice, USN-233-1 January 02, 2006 Debian Security Advisory, DSA 939-1, January 13, 2006 Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006 Slackware Security Advisory, SSA:2006-045-01, February 14, 2006 | |
SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
| A Denial of Service vulnerability has been reported in FlowLable. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPv6 FlowLable Denial of Service | Security Focus, Bugtraq ID: 15729, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 | |
Tin News Reader 1.8 & prior ; | A off-by-one buffer overflow vulnerability has been reported due to insufficient boundary checks on user-supplied data before using it in a finite-sized buffer, which could let a remote malicious user execute arbitrary code. There is no exploit code required. | Tin News Reader Buffer Overflow | 7 | Security Focus, Bugtraq ID: 16728, February 20, 2006 OpenPKG Security Advisory, OpenPKG-SA-2006.005, February 19, 2006 |
Ubuntu Linux 4.1 ppc, ia64, ia32; | A vulnerability has been reported in the SDLA driver, which could let a malicious user unauthorized access.
Currently we are not aware of any exploits for this vulnerability. | Ubuntu Security Notice, USN-244-1 January 18, 2006 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 | ||
CGIWrap 3.0, 2.0-2.7, 1.0 | A vulnerability was reported because system information is disclosed in an error message when an error occurs during the execution of a script, which could let a remote malicious user obtain sensitive information. Note: This occurs even when the '--with-quiet-errors' option is used. There is no exploit code required. | Nathan Neulinger CGIWrap Information Disclosure | 2.3 | Security Focus, Bugtraq ID: 16669, February 15, 2006 |
| netpbm 10.0 | A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code. There is no exploit code required. | netpbm Arbitrary Code Execution | 7 | Secunia Advisory: SA16184, July 25, 2005 Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005 Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005 Ubuntu Security Notice, USN-164-1, August 11, 2005 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005 RedHat Security Advisory, RHSA-2005:743-08, August 22, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Conectiva Linux Announcement, CLSA-2005:1007, September 13, 2005 Turbolinux Security Advisory, TLSA-2005-90, September 20, 2005 Fedora Update Notification, Fedora Update Notification, |
PEAR::Auth 1.2.4 & prior to 1.3.0r4 | Multiple unspecified SQL injection vulnerabilities have been reported due to insufficient sanitization , which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required. | PEAR::Auth Multiple Unspecified SQL Injection | Not Available | Security Focus, Bugtraq ID: 16758, February 21, 2006 |
PerlBLOG 1.09b & prior | Multiple vulnerabilities have been reported: a vulnerability was reported in 'weblog.ph' in the 'Post Comment' functionality due to insufficient sanitization of the 'reply' parameter, which could let a remote malicious user conduct script insertion attacks; a vulnerability was reported in 'weblog.ph' in the 'Archives' functionality due to insufficient sanitization of the 'month' parameter, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in 'weblog.pl' due to insufficient sanitization of the 'name' and 'body' parameters, which could let a remote malicious user execute arbitrary script code. No workaround or patch available at time of publishing. There is no exploit code required. | PerlBLOG Multiple Vulnerabilities | 2.3 2.3 7 | Security Focus, Bugtraq ID: 16707, February 17, 2006 |
Fedora Directory Server 1.0 | A vulnerability has been reported because the Admin Server exposes the password, which could let a remote malicious user obtain sensitive information. There is no exploit code required. | Fedora Directory Server Admin Server Password Disclosure | Not Available | Secunia Advisory: SA18939, February 20, 2006 |
Fedora Directory Server 1.0 | Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the LDAP component when processing BER packets; a Denial of Service vulnerability was reported in the LDAP component in the 'dn2ancestor' code; and a Denial of Service vulnerability was reported in the LDAP component when processing BER packets when a specially crafted BER sequence is submitted. Currently we are not aware of any exploits for these vulnerabilities. | Fedora Directory Server LDAP Denials of Service | Not Available | Security Focus, Bugtraq ID: 16677, February 16, 2006 |
Heimdal prior to 0.6.6 & 0.7.2 | A vulnerability has been reported in the 'rshd' server when storing forwarded credentials due to an unspecified error, which could let a malicious user obtain elevated privileges. Update to version 0.7.2 or 0.6.6. Currently we are not aware of any exploits for this vulnerability. | Heimdal RSHD Server Elevated Privileges | Security Tracker Alert ID: 1015591, February 7, 2006 Ubuntu Security Notice, USN-247-1, February 09, 2006 Debian Security Advisory, | |
Unixware 7.1.4, 7.1.3 | A vulnerability has been reported in the 'ptrace()' system call due to an unspecified error, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. | SCO UnixWare Ptrace Elevated Privileges | Not Available | SCO Security Advisory, SCOSA-2006.9, February 21, 2006 |
Siteframe Beaumont 5.0.2, 5.0.1, 5.0.1a | An HTML injection vulnerability has been reported in 'page.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Siteframe Beaumont HTML Injection | 2.3 | Security Focus, Bugtraq ID: 16695, February 17, 2006 |
Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0 | A buffer overflow vulnerability has been reported in 'Pam_Micasa, which could let a remote malicious user obtain superuser privileges. Currently we are not aware of any exploits for this vulnerability. | SUSE CASA Pam_Micasa Remote Buffer Overflow | Not Available | SUSE Security Announcement, SA:2006:010, February 22, 2006 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
ADOdb 4.71 & prior | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'adodb_pager.inc.php' due to insufficient sanitization of the 'next_page' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'adodb_pager.inc.php' due to the unsafe use of 'PHP_SELF,' which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | ADOdb Multiple Cross-Site Scripting | 2.3 | Secunia Advisory: SA18928, February 20, 2006 |
libapreq2 2.0.6 | A remote Denial of Service vulnerability has been reported due to errors in the 'apreq_parse_headers()' and 'apreq_parse_urlencoded()' functions. Currently we are not aware of any exploits for this vulnerability. | Apache Libapreq2 Remote Denial of Service | 2.3 | Security Focus, Bugtraq ID: 16710, February 17, 2006 |
Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 | A vulnerability has been reported when using 'Deep Content Inspection' because 'CONNECT' rules are not enforced, which could let a remote malicious user bypass connection filters. Currently we are not aware of any exploits for this vulnerability. | Blue Coat ProxySG Policy Error Rules Bypass | Security Tracker Alert ID: 1015644, February 17, 2006 | |
BomberClone prior to 0.11.6.2; Gentoo Linux | A buffer overflow vulnerability has been reported due to a boundary error when processing error messages, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | BomberClone Error Messages Buffer Overflow | 7 | Security Focus, Bugtraq ID: 16697, February 17, 2006 Gentoo Linux Security Advisory, GLSA 200602-09, February 16, 2006 |
Barracuda Directory 1.1 | HTML injection vulnerabilities have been reported in the 'Add URL' and 'Suggest Category' functionality due to insufficient sanitization of various fields, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Barracuda Directory Multiple HTML Injection | Secunia Advisory: SA18965, February 21, 2006 | |
@Mail 4.3 | A vulnerability has been reported due to insufficient sanitization of email messages that contain HTML image tags with 'javascript' URLs that have '	' in the middle, which could let a remote malicious user execute arbitrary JavaScript code. No workaround or patch available at time of publishing. There is no exploit code required. | @Mail HTML Injection | 2.3 | Secunia Advisory: SA18874, February 16, 2006 |
CherryPy 2.1, 2.0 | A Directory Traversal vulnerability has been reported in the 'staticfilter' functionality due to an input validation error, which could let a remote malicious user obtain sensitive information. There is no exploit code required. | CherryPy Directory Traversal | Secunia Advisory: SA18944, February 21, 2006 | |
Clever Copy 3.0 | An HTML injection vulnerability has been reported in the Private Messages functionality due to insufficient sanitization of the 'Subject' field before storing, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Clever Copy Private Message HTML Injection | 2.3 | Secunia Advisory: SA18873, February 16, 2006 |
CPG Dragonfly Dragonfly CMS 9.0.6 .1 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'linking.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. The vulnerability has been fixed in the CVS repository. Vulnerability can be exploited through a web client. | CPG Dragonfly CMS Cross-Site Scripting & SQL Injection | 2.3 7 | Secunia Advisory: SA18919, February 22, 2006 |
Admbook 1.2.2 | A vulnerability has been reported in the 'content-data.php' file due to insufficient sanitization of the 'X-Forwarded-For' header in the HTTP request, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, admbook_122_xpl.pl, has been published. | Admbook Remote Arbitrary PHP Code Execution | 7 | Security Focus, Bugtraq ID: 16753, February 21, 2006 |
PHP-Fusion 4.x, 5.x, 6.x
| Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'shoutbox_panel.php' due to insufficient sanitization of the 'shout_name' field and in 'comments_include.php' due to insufficient of certain unspecified fields, which could let a remote malicious user execute arbitrary HTML and script code; and an unspecified vulnerability was reported in 'messages.php' due to the way the 'srch_text' parameter is handed. Currently we are not aware of any exploits for these vulnerabilities. | PHP-Fusion Cross-Site Scripting | Secunia Advisory: SA18949, February 21, 2006 | |
DWL-G700AP 2.01, DWL-G700AP 2.00 | A remote Denial of Service vulnerability has been reported in the 'httpd' service due to a failure to properly handle malformed data. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts, death_link.c and DWL-G700AP.txt, have been published. | D-Link DWL-G700AP Remote Denial of Service | 2.3 | Security Focus, Bugtraq ID: 16690, February 17, 2006 |
Dovecot 1.0.beta2, 1.0 | A remote Denial of Service vulnerability has been reported in 'pop3-login' and 'imap-login' due to a double free error when processing certain requests. Currently we are not aware of any exploits for this vulnerability. | Dovecot Double Free Remote Denial of Service | 2.3 | Security Focus, Bugtraq ID: 16672, February 15, 2006 |
HostAdmin 3.0 | A file include vulnerability has been reported in 'index.php' due to insufficient verification of the 'path' parameter, which could let a remote malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts, XOR-HostAdmin.txt and HostAdmin_rm-inc.php, have been published. | DreamCost HostAdmin Remote File Include | 7 | XOR Crew Security Advisory, February 11, 2006 |
e107 website system 0.7.2 | An HTML injection vulnerability has been reported in the Chatbox plugin due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | E107 Website System HTML Injection | Not Available | Security Focus, Bugtraq ID: 16719, February 18, 2006 |
E-Blah Platinum 9.7 | An HTML injection vulnerability has been reported in 'Routines.PL' due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | E-Blah HTML Injection | 2.3 | Security Focus, Bugtraq ID: 16713, February 17, 2006 |
EmuLinker prior to 0.99.17 | A remote Denial of Service vulnerability has been reported due to a failure to properly handle malformed network packets from other game players. Currently we are not aware of any exploits for this vulnerability. | EmuLinker Remote Denial of Service | Secunia Advisory: SA18938, February 20, 2006 | |
Ethereal 0.10-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7 | A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_ Currently we are not aware of any exploits for this vulnerability. | iDefense Security Advisory, December 9, 2005 Debian Security Advisory DSA 920-1, December 13, 2005 Gentoo Linux Security Advisory, GLSA 200512-06, December 14, 2005 Mandriva Linux Security Advisory MDKSA-2005:227, December 15, 2005 Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006 Fedora Update Notification RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006 Avaya Security Advisory, ASA-2006-046, February 13, 2006 | ||
Ethereal 0.9.1-0.10.13. | A remote Denial of Service vulnerability has been reported in the IRC and GTP dissectors when a malicious user submits a specially crafted packet. Currently we are not aware of any exploits for this vulnerability. | Ethereal IRC & GTP Dissectors Remote Denial of Service | Ethereal Security Advisory, enpa-sa-00022, December 27, 2005 Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006 RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006 Avaya Security Advisory, ASA-2006-046, February 13, 2006 | |
PHP-Nuke 7.8 & prior | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization the 'Your_Account' module before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required; however, Proof of Concept exploit scripts, PHPNuke-Your_Account.txt and phpnuke-sp3x.c, have been published. | PHPNuke SQL Injection | 7 | Secunia Advisory: SA18931, February 17, 2006 |
Coppermine Photo Gallery 1.4.3 & prior | Several vulnerabilities have been reported: a file include vulnerability was reported in 'include/init.inc.php' due to insufficient verification of the 'lang' parameter, which could let a remote malicious user execute arbitrary PHP code; and a file include vulnerability was reported in 'docs/showdoc.php' due to insufficient verification of the 'f' parameter, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits and an exploit script, cpg_143_incl_xpl, have been published. | Coppermine Photo Gallery File Include | Not Available | Security Tracker Alert ID: 1015646, February 18, 2006 |
Guestbox 0.6 | Multiple vulnerabilities have been reported: a vulnerability was reported in the authentication process due to an error, which could let a remote malicious user obtain unauthorized access and post comments; a vulnerability was reported in 'guestbox.php' when posting an entry due to insufficient sanitization of the 'url' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'gblog' file because IP addresses are stored insecurely, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing. There is no exploit code required. | Guestbox Vulnerabilities | Not Available | Secunia Advisory: SA18946, February 21, 2006 |
HTML::BBCode 1.04, 1.03 | An HTML injection vulnerability has been reported due to insufficient sanitization of the '[url]' and '[img]' BBcode tags before converting to HTML, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required; however, a Proof of Concept exploit has been published. | HTML::BBCode HTML Injection | Not Available | Security Focus, Bugtraq ID: 16680, February 16, 2006 |
ilchClan 1.0.5 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'pid' parameter due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and an SQL injection vulnerability was reported in 'login.php' due to insufficient sanitization of the 'login_name' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, ilchclan_poc, has been published. | ilchClan SQL Injection | 7 7 | Security Focus, Bugtraq ID: 16735, February 21, 2006 |
VistaPortal Standard Edition 2.0 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'PortalSE' due to insufficient sanitization, which could let a remote malicious user obtain sensitive information; and an input validation vulnerability was reported due to the way server field is handled, which could let a remote malicious user obtain sensitive information. The vendor has released a hotfix (IV00038969) to address this issue. Users are advised to contact the vendor for information on obtaining the appropriate updates. Vulnerability may be exploited with a web client. | InfoVista VistaPortal Directory Traversal & Input Validation | Not Available | IRM Security Advisory No. 017, February 17, 2006 |
FS-3830N Printer 0 | A vulnerability has been reported due to insufficient authentication before granting access to printer functions, which could let a remote malicious user obtain sensitive information or modify system information. No workaround or patch available at time of publishing. There is no exploit code required. | Kyocera 3830 Printer Unauthorized Access | 2.3 | Security Focus, Bugtraq ID: 16685, February 17, 2006 |
Blog 3.5 | Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient access restriction to 'txt' files using '.htaccess,' which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the 'blog.cgi' script due to insufficient validation of the password submitted via the cookie when validating administrator access, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because an administrative user can edit the full path to the 'sendmail' program when modifying the blog, which could let a remote malicious user execute arbitrary shell commands; and an HTML injection vulnerability was reported due to insufficient sanitization of the 'HTTP_REFERER' and 'HTTP_USER_AGENT HTTP' request headers before saving, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Leif M. Wright's Blog Multiple Vulnerabilities | 2.3 7 4.2 2.3 | Secunia Advisory: SA18923, February 17, 2006 |
Mambo Open Source 4.5-4.5.3, 4.0.14 | An unspecified vulnerability has been reported, which potentially could let a remote malicious user compromise a vulnerable system. Currently we are not aware of any exploits for this vulnerability. | Mambo Unspecified System Compromise | Not Available | Security Focus, Bugtraq ID: 16775, February 21, 2006 |
MiniNuke CMS 1.8.2 | An SQL injection vulnerability has been reported in 'Pages.ASP' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, MiniNukeCMS.txt, has been published. | MiniNuke CMS SQL Injection | Not Available | Security Focus, Bugtraq ID: 16730, February 20, 2006 |
Thunderbird 1.5 | A remote Denial of Service vulnerability has been reported when handling a specially crafted address book file. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Mozilla Thunderbird Remote Denial of Service | 1.3 | Security Focus, Bugtraq ID: 16716, February 17, 2006 |
Firefox prior to 1.5.0.1 | A remote Denial of Service vulnerability has been reported when parsing certain malformed HTML content. A Proof of Concept exploit has been published. | Mozilla Firefox HTML Parsing Remote Denial of Service | Not Available | BuHa Security-Advisory #8, February 15, 2006 |
Thunderbird 1.0.7 & prior | A script execution vulnerability has been reported when a remote malicious user submits a specially crafted email that contains malicious script code in an IFRAME, which could lead to the execution of arbitrary Javascript code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Mozilla Thunderbird IFRAME JavaScript Execution | Not Available | Security Focus, Bugtraq ID: 16770, February 22, 2006 |
M. Blom HTML-BBCode 1.04, 1.03; | An HTML injection vulnerability has been reported due to insufficient sanitization of BBcode tags before using, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required; however, a Proof of Concept exploit has been published. | My Blog BBCode HTML Injection | 2.3 | Security Focus, Bugtraq ID: 16659, February 15, 2006 |
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2; | A vulnerability has been reported in Ethereal IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service. Currently we are not aware of any exploits for this vulnerability. | Ethereal Denial of Service | 3.3 | Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005 Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Conectiva Security Announcement, CLSA-2005:1043, November 8, 2005 Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006 Avaya Security Advisory, ASA-2006-046, February 13, 2006 |
Raven Software Soldier Of Fortune 2 1.0 3, 2 1.0 2; PunkBuster 1.180 & prior | A format string vulnerability has been reported due to insufficient sanitization of user-supplied input before using in a formatted-printing function, which could let a remote malicious user execute arbitrary code. The vulnerability has reportedly been fixed by the vendor. Currently we are not aware of any exploits for this vulnerability. | PunkBuster Module Remote Format String | Not Available | Security Focus, Bugtraq ID: 16703, February 17, 2006 |
My BulletinBoard 1.0.3 | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'managegroup.php' due to insufficient sanitization of the 'gid' and 'request[ ]' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'managegroup'.php' due to insufficient sanitization of the 'gid' parameter before returning to the user in an error message, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in 'private.php' due to insufficient sanitization of the 'folder[ ]' and 'check[ [ ]' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; an SQL injection vulnerability was reported due to insufficient sanitization of the referrer uid before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and unspecified vulnerabilities were reported when 'register_globals' is enabled. There is no exploit code required; however, Proof of Concept exploits have been published. | MyBB Cross-Site Scripting & SQL Injection | Not Available | Secunia Advisory: SA18897, February 17, 2006 |
MySQL 4.0 .0-4.0.11, 5.0 .0- 5.0.4 | A vulnerability has been reported in the 'mysql_install_db' script due to the insecure creation of temporary files, which could let a malicious user obtain unauthorized access. There is no exploit code required. | MySQL 'mysql_install_db' Insecure Temporary File Creation | Security Focus, 13660, Fedora Update Notification, Debian Security Advisory, DSA 783-1, August 24, 2005 RedHat Security Advisory, RHSA-2005:685-5, October 5, 2005 Mandriva Linux Security Advisory, MDKSA-2006:045, February 21, 2006 | |
LiveUser 0.16.8 & prior | A file access vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user delete arbitrary files. There is no exploit code required. | PEAR LiveUser Unauthorized File Access | Not Available | GulfTech Security Research Team Security Advisory, February 21, 2006 |
Noah's Classifieds 1.3 & prior | Multiple vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the Search page due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and file include vulnerabilities were reported which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits and an exploit script, noah_1.3_rce.php, have been published. | Noah's Classifieds Multiple Vulnerabilities | Not Available | KAPDA Advisory #29, February 22, 2006 |
PHP-Nuke 6.0- 7.9 | A vulnerability has been reported in the CAPTCHA security feature due to an error, which could let a remote malicious user bypass security features. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPNuke CAPTCHA Bypass | 7 | waraxe-2006-SA#045, February 18, 2006 |
PostgreSQL 8.1.2, 8.1.1, 8.1 | Several vulnerabilities have been reported: a vulnerability was reported in the 'SET ROLE" command when previous role settings are restored after an error, which could let a malicious user obtain superuser privileges; and a Denial of Service vulnerability was reported due to an error in the 'SET SESSION AUTHORIZATION' command if compiled with 'Asserts' enabled. There is no exploit code required. | PostgreSQL Privilege Escalation & Denial of Service | Not Available | Secunia Advisory: SA18890, February 15, 2006 OpenPKG Security Advisory, OpenPKG-SA-2006.004, February 19, 2005 |
PostNuke 0.761 & prior | Multiple vulnerabilities have been reported: a vulnerability was reported in 'pnVarCleanFromInput()' and 'pnAntiCracker()' because it is possible to bypass the HTML tag filter; a Cross-Site Scripting vulnerability was reported in the 'NS-Languages' module due to insufficient sanitization of the 'language' parameter and in 'user.php' due to insufficient sanitization of the 'htmltext' parameter, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'admin.php' due to an access control error, which could let a remote malicious user obtain unauthorized access; and an SQL injection vulnerability was reported in the 'NS-Languages' module due to insufficient sanitization of the 'language' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required; however, Proof of Concept exploits have been published. | PostNuke Multiple Vulnerabilities | 2.3 7 2.3 | SecurityReason Security Alert 33, February 19, 2006 |
BirthSys 3.1 | SQL injection vulnerabilities have been reported in 'show.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | BirthSys Multiple SQL Injection | 7 | Security Focus, Bugtraq ID: 16684, February 17, 2006 |
RunCMS 1.2, 1.1 A, 1.1, 1.3.a2, 1.3.a | A Cross-Site Scripting vulnerability has been reported in 'ratefile.php' due to insufficient sanitization of the 'lid' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | RunCMS Cross-Site Scripting | Not available | Security Focus, Bugtraq ID: 16769, February 22, 2006 |
RunCMS 1.3a3 | An SQL injection vulnerability has been reported in '/modules/messages There is no exploit code required; however, a Proof of Concept exploit script, RUNCMS1.3a-sql.tyxt, has been published. | RunCMS SQL Injection | 7 | Secunia Advisory: SA18831, February 14, 2006 Security Focus, Bugtraq ID: 16652, February 18, 2006 |
Business Connector 4.7, 4.6, Connector Core Fix 7 | Several vulnerabilities have been reported: a vulnerability was reported in the Monitoring function due to an unspecified error which could let a remote malicious user read/delete arbitrary files; and a vulnerability was reported due to an unspecified error which could let a remote malicious user conduct spoofing attacks against the SAP BC administrator. The vendor has reportedly released fixes addressing this issue. Users of affected packages should contact the vendor for further information on obtaining fixes. There is no exploit code required. | SAP Business Connector Arbitrary File Access & Spoofing | 2.6 4.7
| Security Tracker Alert ID, 1015639, February 16, 2006 |
Snort 2.4.3 | A vulnerability has been reported in the Frag3 preprocessor due to a failure to properly analyze certain packets, which could let a remote malicious user bypass intrusion detection.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Snort Frag3 Processor Intrusion Detection Bypass | 2.3 | Security Focus, Bugtraq ID: 16705, February 17, 2006 |
SquirrelMail 1.4.5 & prior | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'webmail.php' due to insufficient sanitization of the 'right_main' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to comments in styles before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'sqimap_mailbox_select mailbox' parameter due to insufficient sanitization before using in an IMAP query, which could let a remote malicious user inject arbitrary IMAP commands. The vulnerabilities have been fixed in the CVS repository and fixes will be included in the upcoming 1.4.6 version. There is no exploit code required. | SquirrelMail Multiple Cross-Site Scripting & IMAP Injection | Not Available | Secunia Advisory: SA18985, February 22, 2006 |
Squishdot 1.5 | A vulnerability has been reported in the 'mail_html' template due to insufficient sanitization before using to construct email messages, which could let a remote malicious user bypass security restrictions. There is no exploit code required. | Squishdot Mail Header Injection | 2.3 | Secunia Advisory: SA18868, February 17, 2006 |
Guestex 1.0 | Several input validation vulnerabilities have been reported: a vulnerability was reported in 'guestex.pl' due to insufficient sanitization of the 'mail' parameter before passing to sendmail as an argument, which could let a remote malicious user execute arbitrary shell commands; and a vulnerability was reported due to insufficient sanitization of the 'url' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Teca Scripts Guestex Input Validation | 2.3 7 | Secunia Advisory: SA18927, February 17, 2006 |
Quirex 2.0.2 & prior | A vulnerability has been reported in 'convert.cgi' due to insufficient sanitization of the 'quiz_head,' 'quiz_foot,' and 'template' parameters before using to display files, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | Teca Scripts Quirex Information Disclosure | 2.3 | Security Focus, Bugtraq ID: 16709, February 17, 2006 |
Teca Diary Personal Edition 1.0 | An SQL injection vulnerability has been reported in 'functions.php' due to insufficient sanitization of the 'yy,' 'mm,' and 'dd' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Teca Diary Personal Edition SQL Injection | 7 | Secunia Advisory: SA18876, February 17, 2006 |
V-webmail 1.6.2 | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'newid' parameter due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'frameset.php' due to insufficient verification of the 'rframe' parameter, which could let a remote malicious user conduct phishing attacks; and a vulnerability was reported when the 'help.php' id accessed with invalid parameters, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | V-webmail Cross-Site Scripting & Information Disclosure | 2.3 2.3 2.3 | Secunia Advisory: SA18776, February 17, 2006 |
webSPELL 4.01.00 & prior | An SQL injection vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'title_op' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required. | WebSPELL SQL Injection | 7 | Security Focus, Bugtraq ID: 16673, February 15, 2006 |
Wimpy MP3 Player 5 | A vulnerability has been reported in 'wimpy_trackplays.php' due to insufficient authentication, which could let a remote malicious user modify certain data. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Wimpy MP3 Player Text File Overwrite | 3.7 | Security Focus, Bugtraq ID: 16696, February 17, 2006 |
WorkCentre Pro 275, 265, 255, 245, 238, 232, WorkCentre 275, 265, 255, 245, 238, 232 | Multiple vulnerabilities have been reported: a vulnerability was reported in the authentication process due to unspecified errors, which could let a remote malicious user obtain unauthorized access; a remote Denial of Service vulnerability was reported when processing Postscript requests; an HTML injection vulnerability was reported due to insufficient sanitization of unspecified input passed to certain web pages, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to unspecified errors which could reduce the effectiveness of certain security features. There is no exploit code required. | Xerox ESS/ Network Controller and MicroServer Vulnerabilities | 7 2.3 2.3 2.3 | XEROX Security Bulletin, XRX06-001, February 20, 2006 |
Xpdf 3.01 | A heap-based buffer overflow vulnerability has been reported when handling PDF splash images with overly large dimensions, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Xpdf PDF Splash Remote Buffer Overflow | Secunia Advisory: SA18677, February 1, 2006 Gentoo Linux Security Advisories, GLSA 200602-04 & GLSA 200602-05, February 12, 2006 Fedora Update Notifications, RedHat Security Advisories, RHSA-2006:0201-3 & RHSA-2006:0206-3, February 13, 2006 Ubuntu Security Notice, USN-249-1, February 13, 2006 Debian Security Advisories, Slackware Security Advisories, SSA:2006-045-04& SSA:2006-045-09, February 14, 2006 Gentoo Linux Security Advisory, GLSA 200602-12, February 21, 2006 | |
Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code
that has been identified during the current reporting period.
- hcidump Bluetooth L2CAP Remote Denial of Service: Ubuntu has released an update for the Denial of Service vulnerability in the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer.
- Mobile Security: Another Hole To Plug: Securing devices are moving up the priority list as companies grant more network and application access via handheld devices such as smart phones.
Mobile devices are vulnerable to attacks because users usually aren't behind a firewall. Many smart phones and PDAs now come standard with advanced functions, including Wi-Fi, Bluetooth, and Web-browsing capabilities, which make them more vulnerable. - Mobile virus growth outpaces PC malware: According to security software vendor McAfee, the number of mobile viruses is climbing faster than PC viruses. Data on virus numbers since 2004 was compared to the number of PC viruses since 1990 and the results show that mobile malware numbers are rising faster than for PCs. So far over 200 mobile viruses have been detected in the wild.
- Firms urged to tackle Wi-Fi hotspot risks: According to a new report compiled by law firm Charles Russell in association with managed Wisp iBahn, firms need to do more to ensure the security of mobile devices used by staff in Wi-Fi hotspots provided by wireless internet service providers (Wisps) or other third parties. Failure to do so could result in legal problems if, for example, data is stolen.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
- Public Exploit Code for a Vulnerability in Apple Safari Browser: US-CERT is aware of publicly available exploit code for a vulnerability in Apple Safari Browser. The Apple Safari browser will automatically open "safe" file types, such as pictures, movies, and archive files. A system may be compromised if a user accesses an HTML document that references a specially crafted archive file. Successful exploitation may allow a remote, unauthenticated attacker to execute arbitrary commands with the privileges of the user.
- Public Exploit Code for Buffer Overflow Vulnerability in Microsoft Windows Media Player Plug-in for Non-IE Browsers: US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in Windows Media Player plug-in for browsers other than Internet Explorer (IE).
- Public Exploit Code for Buffer Overflow Vulnerability in Microsoft Windows Media Player: US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in Windows Media Player. The vulnerability exists because Windows Media Player fails to properly validate bitmap image files.
- Cybercrime is an organized and sophisticated business: In a town hall meeting held at the 2006 RSA Security Conference by Business Software Alliance (BSA), top law enforcement officials from the United States and Europe said that combating cybercrime requires industry coordination with law enforcement officials on both sides of the Atlantic.
- First Mac OS virus: The first worm, OSX.Leap.A, targeting Apple Computer's Mac OS X operating system has surfaced. This could be an indication that hackers, who have targeted the Windows PC market, are expanding their attacks. The worm is designed to spread over iChat.
- More Than Half Receive At Least One Phish Daily: According to a survey conducted by Sophos of 600 business users, 58 percent reported seeing one or more phishing mails in their inboxes daily. More than 1 in 5 (22 percent) receive five or more each day.
- Three Out Of Four Say Business Security Has Improved:According to a survey conducted by Forsythe Technology, Inc., nearly 30% of IT security pros indicate they have little or no confidence that their companies detected all data security beaches last year. In addition, about 26% of survey respondents rated their current IT environments as more vulnerable than a year ago. Many of the survey respondents blamed increased security vulnerability on organizational changes and "people issues," including mergers and acquisitions and outsourcing.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. |
| 2 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
| 3 | Mytob-GH | Win32 Worm | Stable | November 2005 | A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. |
| 4 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 5 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 6 | Mytob-BE | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 7 | Sober-Z | Win32 Worm | Stable | December 2005 | This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security. |
| 8 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
| 9 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
| 10 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
Table updated February 20, 2006
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.