Summary of Security Items from November 9 through November 16, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Security Tracker Alert ID: 1015230, November 16, 2005
Google Talk prior to 1.0.0.76
A vulnerability has been reported in Google Talk that could let remote malicious users cause a Denial of Service.
Upgrade to version 1.0.0.76 via automatic updates.
There is no exploit code required.
Google Talk Denial Of Service
Low
Security Focus, ID: 15369, November 9, 2005
Kerio
WinRoute Firewall prior to 6.1.3
A vulnerability has been reported in WinRoute Firewall that could let remote malicious users bypass security restrictions. Specifically, formerly authenticated users may be able to authenticate with disabled accounts.
Currently we are not aware of any exploits for this vulnerability.
Macromedia Breeze Communication Server Denial of Service
Low
Macromedia, Security Bulletin MPSB05-10, November 15, 2005
Macromedia
Contribute Publishing Server prior to 1.0, 1.11
A vulnerability has been reported in Contribute Publishing Server that could let remote malicious users to obtain sensitive information. Specifically, the server may utilize a weak password encryption method.
V1.3 Updated to note availability of Microsoft Knowledge Base Article 909596 and to clarify an issue affecting Windows 2000 SP4 customers, also updates of file versions.
V1.4 Updated to note complications of the DirectX 8.1 update on machines running DirectX 9.
Currently we are not aware of any exploits for this vulnerability.
Microsoft DirectX DirectShow Arbitrary Code Execution
Nortel, Security Advisory Bulletin 2005006317, November 11, 2005
Microsoft
Windows Microsoft Distribution Transaction Coordinator (MSDTC) and COM+
A buffer overflow vulnerability has been reported in Windows MSDTC and COM+ that could let local or remote malicious users execute arbitrary code, obtain elevated privileges or cause a Denial of Service.
StoneGate Firewall and VPN Engine Denial of Service
Low
Stonesoft, Security Advisory IKE Vulnerabilities in StoneGate Firewall, November 14, 2005
Walla! Communications
TeleSite prior to version 3.0
An input validation vulnerability has been reported in TeleSite that could let remote malicious users perform SQL injection or conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
There is no exploit code required.; however a Proof of Concept exploit has been published.
Walla! TeleSite SQL Injection or Cross-Site Scripting
A vulnerability has been reported in 'modules/ssl/ssl_engine_
kernel.c' because the 'ssl_hook_Access()' function does not properly enforce the 'SSLVerifyClient require' directive in a per-location context if a virtual host is configured with the 'SSLVerifyCLient optional' directive, which could let a remote malicious user bypass security policies.
Mandriva Linux Security Update Advisory,
MDKSA-2005:
091, May 19,
2005
Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005
SUSE Security Summary
Report, SUSE-SR:2005:015,
June 7, 2005
OpenPKG
Security
Advisory, OpenPKG-
SA-2005.008,
June 10, 2005
RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005
FreeBSD
Security
Advisory,
FreeBSD-SA-05:14, June 29, 2005
Conectiva
Linux Announce
-ment, CLSA-2005:972,
July 6, 2005
Debian
Security Advisory,
DSA 741-1,
July 7, 2005
SGI Security Advisory, 20050605
-01-U,
July 12, 2005
Security Focus, Bugtraq ID: 13657, August 26, 2005
Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005
bzip2
bzip2 1.0.2 & prior
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.
Mandriva Linux Security
Update
Advisory,
MDKSA-2005:
091, May 19,
2005
Debian Security Advisory,
DSA 730-1,
May 27, 2005
Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005
OpenPKG
Security
Advisory, OpenPKG-SA-2005.008,
June 10, 2005
RedHat
Security Advisory,
RHSA-2005
:474-15,
June 16, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:14, June 29, 2005
Conectiva Linux Announce
-ment, CLSA-2005:972,
July 6, 2005
SGI Security Advisory, 20050605-
01-U, July 12, 2005
Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005
Christoph Martin
linux-ftpd-ssl 0.17
A buffer overflow vulnerability has been reported in the 'vsprintf()' function in the FTP server, which could let a remote malicious user execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200511-11, November 14, 2005
Debian Security Advisory, DSA 896-1, November 15, 2005
Cyphor
Cyphor 0.19
An SQL injection vulnerability has ben reported in 'show.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Security Focus, Bugtraq ID: 15418, November 15, 2005
Eric Raymond
Fetchmail 6.2.5
A remote buffer overflow vulnerability has been reported in the POP3 client due to insufficient boundary checks, which could let a malicious user obtain elevated privileges.
Fedora Update Notifications,
FEDORA-2005-613 & 614, July 21, 2005
Redhat Security Advisory, RHSA-2005:640-08, July 25, 2005
Ubuntu Security Notice, USN-153-1, July 26, 2005
Gentoo Security Advisory, GLSA 200507-21, July 25, 2005
Debian Security Advisory, DSA 774-1, August 12, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Turbolinux Security Advisory, TLSA-2005-84, August 18, 2005
Conectiva Linux Announce-ment, CLSA-2005:1005, September 13, 2005
Mandriva Linux Security Advisory, MDKSA-2005:209, November 10, 2005
Eric S Raymond
Fetchmail 6.x
A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information.
fetchmail-SA-2005-02 Security Announcement, October 21, 2005
Gentoo Linux Security Advisory, GLSA 200511-06, November 6, 2005
Ubuntu Security Notice, USN-215-1, November 07, 2005
Mandriva Linux Security Advisory, MDKSA-2005:209, November 10, 2005
FreeBSD
FreeBSD 5.4 & prior
A vulnerability has been reported in the 'sendfile()' system call due to a failure to secure sensitive memory before distributing it over the network, which could let a malicious user obtain sensitive information.
Security Focus, Bugtraq ID: 12993, November 10, 2005
GNU
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6
A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005
Mandriva
Linux Security Update Advisory, MDKSA2005:
116, July 12,
2005
RedHat Security Advisory, RHSA-2005:378-17, July 21, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
SCO Security Advisory, SCOSA-2005.32, August 18, 2005
Avaya Security Advisory, ASA-2005-191, September 6, 2005
Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005
Ubuntu Security Notice, USN-189-1, September 29, 2005
Debian Security Advisory, DSA 846-1, October 7, 2005
RedHat Security Advisory, RHSA-2005:806-8, November 10, 2005
GNU
Mailman 2.1-2.1.5, 2.0-2.0.14
A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.
No workaround or patch available at time of publishing.
There is no exploit code required.
GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service
A vulnerability has been reported in 'cpio/main.c' due to a failure to create files securely, which could let a malicious user obtain sensitive information.
SGI Security Advisory, 20050204-01-U, March 7, 2005
Turbolinux Security Advisory, TLSA-2005-30, March 10, 2005
Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005
RedHat Security Advisory, RHSA-2005:806-8, November 10, 2005
GNU
zgrep 1.2.4
A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.
Several vulnerabilities have been reported: a vulnerability was reported due to the way the application stores the key to encrypted backup files, which could let a malicious user obtain sensitive information; and a vulnerability was reported due to a race condition when the application changes the ownership on the file before it is encrypted, which could let a malicious user decrypt backup files.
IPCop Backup Key Information Disclosure & Race Condition
Medium
Security Focus, Bugtraq ID: 15377 & 15378, November 10, 2005
libpng
pnmtopng 2.38, 2.37.3-2.37.6
A buffer overflow vulnerability has been reported in 'Alphas_Of
_Color' due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
PNMToPNG Remote Buffer Overflow
High
Security Focus, Bugtraq ID: 15427, November 15, 2005
lm_sensors
lm_sensors 2.9.1
A vulnerability has been reported in the 'pwmconfig' script due to the insecure creation of temporary files, which could result in a loss of data or a Denial of Service.
Security Focus, Bugtraq ID: 14624, August 22, 2005
Ubuntu Security Notice, USN-172-1, August 23, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:149, August 25, 2005
Gentoo Linux Security Advisory, GLSA 200508-19, August 30, 2005
Debian Security Advisory, DSA 814-1, September 15, 2005
Conectiva Linux Announce-
ment, CLSA-2005:1012, September 23, 2005
Fedora Update Notifications,
FEDORA-
2005-1053 & 1054, November 7, 2005
RedHat Security Advisory, RHSA-2005:825-13, November 10, 2005
Mike Neuman
osh 1.7
A buffer overflow vulnerability has been reported in 'main.c' due to an error when handling environment variable substitutions, which could let a remote malicious user execute arbitrary with superuser privileges.
No workaround or patch available at time of publishing.
There is no exploit code required; however a Proof of Concept exploit script has been published.
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
TouchTunes Rhapsody,
TouchTunes Maestro;
SuSE UnitedLinux 1.0, Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 10.0, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Enterprise Server 9, 8, Linux Desktop 1.0;
RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, 2.1 IA64, 2.1, AS 4, AS 3, AS 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; GTK+ 2.8.6, 2.6.4, 2.4.14, 2.4.13, 2.4.10, 2.4.9, 2.4.1, 2.2.4, 2.2.3;
GNOME GdkPixbuf 0.22;
Gentoo Linux ; Ardour 0.99
Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' due to the insufficient validation of the 'n_col' value before using to allocate memory, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when processing an XPM file that contains a large number of colors; and an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when performing calculations using the height, width, and colors of a XPM file, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
Fedora Update Notifications
FEDORA-2005-1085 & 1086, November 15, 2005
RedHat Security Advisory, RHSA-2005:810-9, November 15, 2005
Gentoo Linux Security Advisory GLSA 200511-14, November 16, 2005
SUSE Security Announcement, SUSE-SA:2005:065, November 16, 2005
Ubuntu Security Notice, USN-216-1, November 16, 2005
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10
A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.
FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005
RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005
Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005
Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005
Slackware Security Advisory, SSA:2005-286-01, October 13, 2005
Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005
Ubuntu Security Notice, USN-204-1, October 14, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005
SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
SGI Security Advisory, 20051003-01-U, October 26, 2005
Debian Security Advisory DSA 875-1, October 27, 2005
NetBSD Security Update, November 1, 2005
BlueCoat Systems Advisory, November 3, 2005
Debian Security Advisory, DSA 888-1, November 7, 2005
Astaro Security Linux Announce-ment, November 9, 2005
SCO Security Advisory, SCOSA-2005.48, November 15, 2005
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, WS 2.1, IA64, ES 4, ES 3, ES 2.1, IA64, AS 4, AS 3, 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64;
libungif libungif 4.1.3,
4.1, giflib 4.1.3;
Gentoo Linux
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error; and a vulnerability was reported due to a boundary error that causes an out-of-bounds memory access, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Fedora Update Notification,
FEDORA-2005-1065, November 9, 2005
Openswan
Openswan 2.2-2.4, 2.1.4-2.1.6, 2.1.2, 2.1.1
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling IKE packets that have an invalid 3DES key length; and a remote Denial of Service vulnerability was reported when handling certain specially crafted IKE packets.
Vulnerabilities can be reproduced using the PROTOS ISAKMP Test Suite.
Openswan IKE Message Remote Denials of Service
Low
CERT-FI & NISCC Joint Vulnerability Advisory, November 15, 2005
PADL Software Pty Ltd
MigrationTools 46
A vulnerability has been reported due to the insecure creation of 'nis.$$.ldif' temporary files, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005
Debian Security Advisory, DSA 821-1, September 28, 2005
Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005
Turbolinux Security Advisory, TLSA-2005-92, October 3, 2005
Avaya Security Advisory, ASA-2005-216, October 18, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
HP Security Bulletin, HPSBUX02074, November 16, 2005
Pearl Forums
Pearl Forums 2.0
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'forumsld' and 'topicld' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'index.php' due to insufficient verification of the 'mode' parameter before used to include files, which could let a remote malicious user include arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Pearl Forums SQL Injection & File Inclusion
Medium
Secunia Advisory: SA17533, November 15, 2005
PEEL
PEEL 2.7, 2.6
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'rubid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Security Focus, Bugtraq ID: 15177, October 24, 2005
Gentoo Linux Security Advisory, GLSA 200511-08, November 14, 2005
RedHat
Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, 2.1, ES 4, ES 3, 2.1, AS 4, AS 3, 2.1, Advanced Workstation for the Itanium Processor 2.1
A vulnerability has been reported in sysreport due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information.
Sun(sm) Alert Notification,
102030, November 8, 2005
Sylpheed
Sylpheed 2.0-2.0.3, 1.0.0-1.0.5
A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_
get_line()' function when importing a LDIF file into the address book, which could let a remote malicious user obtain unauthorized access.
Fedora Update Notification,
FEDORA-2005-1063, November 9, 2005
Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005
Todd Miller
Sudo 1.x
A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges.
Debian Security Advisory, DSA 870-1, October 25, 2005
Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005
Ubuntu Security Notice, USN-213-1, October 28, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Security Focus, Bugtraq ID: 15191, November 10, 2005
Todd Miller
Sudo prior to 1.6.8p12
A vulnerability has been reported due to an error when handling the 'PERLLIB,' 'PERL5LIB,' and 'PERL5OPT' environment variables when tainting is ignored, which could let a malicious user bypass security restrictions and include arbitrary library files.
There is no exploit code required; however, a Proof of Concept exploit script has been published.
Todd Miller Sudo Security Bypass
Medium
Security Focus, Bugtraq ID: 15394, November 11, 2005
Uim
Uim 0.5 .0, 0.4.9
A vulnerability has been reported in 'uim/uim-custom.c' due to the incorrect use of several environment variables, which could let a malicious user obtain elevated privileges.
Multiple stack-based buffer overflow vulnerabilities have been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer while importing RTF files, which could let a remote malicious user execute arbitrary code.
The vendor has addressed this issue in AbiWord version 2.2.11. Users are advised to contact the vendor to obtain the appropriate update.
Ubuntu Security Notice, USN-203-1, October 13, 2005
Fedora Update Notification,
FEDORA-2005-989, October 13, 2005
Conectiva Linux Announcement, CLSA-2005:1035, October 14, 2005
Gentoo Linux Security Advisory, GLSA 200510-17, October 20, 2005
Debian Security Advisory, DSA 894-1, November 14, 2005
Active
Campaign
ActiveCampaign 1-2-All Broadcast Email 4.0 7
An SQL injection vulnerability has been reported in the Admin Control Panel Username due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
ActiveCampaign 1-2-All SQL Injection
Medium
Security Focus Bugtraq ID: 15400, November 12, 2005
AlstraSoft
Template Seller Pro 3.25
Several vulnerabilities have been reported: a vulnerability was reported in 'include/paymentplugins/
payment_paypal.php' due to insufficient verification of the 'config[basepath]' parameter before used to include files, which could let a remote malicious user execute arbitrary code; and an SQL injection vulnerability was reported in the administration interface due to insufficient sanitization of the username field when logging in, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
AlstraSoft Template Seller Pro File Inclusion & SQL Injection
High
Secunia Advisory: SA17603, November 16, 2005
Antharia
OnContent // CMS
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'pid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required.
Antharia OnContent // CMS SQL Injection
Medium
Secunia Advisory: SA17596, November 16, 2005
Antville
Antville 1.1
A Cross-Site Scripting vulnerability has been reported in 'notfound.skin' due to insufficient sanitization of the query string, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Fedora Update Notification
FEDORA-2005-638 & 639, August 2, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:129, August 3, 2005
Ubuntu Security Notice, USN-160-1, August 04, 2005
Turbolinux Security Advisory, TLSA-2005-81, August 9, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
SUSE Security Announcement, SUSE-SA:2005:046, August 16, 2005
Debian Security Advisory DSA 803-1, September 8, 2005
Ubuntu Security Notice, USN-160-2, September 07, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
Security Focus, Bugtraq ID: 14106, September 21, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
Slackware Security Advisory, SSA:2005-310-04, November 7, 2005
HP Security Bulletin, HPSBUX02074, November 16, 2005
Audience
View Software Corporation
AudienceView
A Cross-Site Scripting vulnerability has been reported in 'error.asp' due to insufficient sanitization of the 'TSerrorMessage' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
