Summary of Security Items from January 12 through January 18, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
AmbiCom
Blue Neighbors Bluetooth 2.50 build 2500
A buffer overflow vulnerability has been reported in AmbiCom Blue Neighbors Bluetooth that could let remote malicious users to execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
AmbiCom Blue Neighbors Bluetooth Arbitrary Code Execution
A buffer overflow vulnerability has been reported in the 'You've Got Pictures' ActiveX control due to a runtime error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
A format string vulnerability has been reported in 'snmptrapd' when handling a SNMP trap request packet, which could let a malicious user cause a Denial of Service and potentially execute arbitrary code.
The product is no longer being maintained.
Currently we are not aware of any exploits for this vulnerability.
A buffer overflow vulnerability has been reported when attempting to handle compressed UPX files due to an unspecified boundary error in "libclamav/upx.c, which could let a remote malicious user execute arbitrary code.
SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006
Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006
Gentoo Linux Security Advisory, GLSA 200601-07, January 13, 2006
Mandriva Security Advisory, MDKSA-2006:016, January 16, 2006
DCP-Portal
DCP-Portal 6.1.1, 6.1, 6.0, 5.3-5.3.2
Multiple Cross-Site Scripting vulnerabilities have been reported in 'calendar.php' due to insufficient sanitization of the 'day' parameter and in 'search.php' due to insufficient sanitization of the input form, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
Security Focus, Bugtraq ID: 16232, January 13, 2006
FreeBSD
FreeBSD 6.0 -STABLE, 6.0 -RELEASE
A buffer overflow vulnerability has been reported in the 'net80211' module when handling corrupt IEEE 802.11 beacons or probe response frames when scanning for existing wireless networks, which could let a remote malicious user execute arbitrary code.
FreeBSD Security Advisory, FreeBSD-SA-06:05.80211, January 18, 2006
GNU
Mailman 2.1-2.1.5, 2.0-2.0.14
A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.
Security Focus, Bugtraq ID: 16261, January 16, 2006
Multiple Vendors
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36
Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.
Debian Security Advisory, DSA 938-1, January 12, 2006
Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006
SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006
Multiple Vendors
Hylafax 4.2-4.2.3;
Gentoo Linux
Several vulnerabilities have been reported: a vulnerability was reported in 'hfaxd' when compiled with PAM support disabled, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported due to insufficient sanitization of the 'notify' script, which could let a remote malicious user execute arbitrary commands; and a vulnerability was reported in the 'faxrcvd' script due to insufficient sanitization, which could let a remote malicious user execute arbitrary commands.
Gentoo Linux Security Advisory GLSA 200601-03, January 6, 2006
Mandriva Security Advisory, MDKSA-2006:015, January 16, 2006
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Todd Miller Sudo 1.6-1.6.8, 1.5.6-1.5.9
A vulnerability has been reported in the 'PYTHONINSPECT' variable, which could let a malicious user bypass security restrictions and obtain elevated privileges.
Security Focus, Bugtraq ID: 16184, January 9, 2006
Security Focus, Bugtraq ID: 16184, January 12, 2006
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
TouchTunes Rhapsody,
TouchTunes Maestro;
SuSE UnitedLinux 1.0, Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 10.0, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Enterprise Server 9, 8, Linux Desktop 1.0;
RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, 2.1 IA64, 2.1, AS 4, AS 3, AS 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; GTK+ 2.8.6, 2.6.4, 2.4.14, 2.4.13, 2.4.10, 2.4.9, 2.4.1, 2.2.4, 2.2.3;
GNOME GdkPixbuf 0.22;
Gentoo Linux ; Ardour 0.99
Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' due to the insufficient validation of the 'n_col' value before using to allocate memory, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in '/gtk+/gdk-pixbuf/
io-xpm.c' when processing an XPM file that contains a large number of colors; and an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/
io-xpm.c' when performing calculations using the height, width, and colors of a XPM file, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
A vulnerability has been reported in the 'kantiword' and 'gantiword' scripts due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.
Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006
Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006
Multiple Vendors
Linux kernel 2.6-2.6.13.1
A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function.
Security Tracker Alert ID: 1014944, September 21, 2005
Ubuntu Security Notice, USN-187-1, September 25, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14
Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in 'mm/mempolicy.c' when handling the policy system call; a remote Denial of Service vulnerability was reported in 'net/ipv4/fib_
frontend.c' when validating the header and payload of fib_lookup netlink messages; an off-by-one buffer overflow vulnerability was reported in 'kernel/sysctl.c,' which could let a malicious user cause a Denial of Service and potentially execute arbitrary code; and a buffer overflow vulnerability was reported in the DVB (Digital Video Broadcasting) driver subsystem, which could let a malicious user cause a Denial of Service or potentially execute arbitrary code.
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14
A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'
Ubuntu Security Notice, USN-219-1, November 22, 2005
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Multiple Vendors
Linux Kernel 2.6-2.6.14
Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_mempolicy' function when a malicious user submits a negative first argument; a Denial of Service vulnerability was reported when threads are sharing memory mapping via 'CLONE_VM'; a Denial of Service vulnerability was reported in 'fs/exec.c' when one thread is tracing another thread that shares the same memory map; a Denial of Service vulnerability was reported in 'mm/ioremap.c' when performing a lookup of a non-existent page; a Denial of Service vulnerability was reported in the HFS and HFS+ (hfsplus) modules; and a remote Denial of Service vulnerability was reported due to a race condition in 'ebtables.c' when running on a SMP system that is operating under a heavy load.
Ubuntu Security Notice, USN-199-1, October 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005
RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005
Mandriva Linux Security Advisories, MDKSA-2005: 219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Multiple Vendors
Linux kernel 2.6-2.6.15
A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space.
A buffer overflow vulnerability has been reported in the 'nbd-server' when handling specially crafted requests, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 16283, January 17, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Ubuntu Security Notice, USN-244-1, January 18, 2006
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, ES 4, ES 3, AS 4, AS 3, Desktop 4.0, 3.0; mod_auth_pgsql 2.0.1
A format string vulnerability has been reported in 'mod_auth_pgsql' when logging information, which could let a remote malicious user execute arbitrary code.
RedHat Security Advisory, RHSA-2006:0164-7, January 5, 2006
Fedora Update Notifications,
FEDORA-2005-014 & 015, January 6, 2005
Mandriva Linux Security Advisory, MDKSA-2006:009, January 7, 2006
Ubuntu Security Notice, USN-239-1, January 09, 2006
Debian Security Advisory, DSA 935-1, January 10, 2006
Gentoo Linux Security Advisory, GLSA 200601-05, January 10, 2006
Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006
Multiple Vendors
RedHat Fedora Core4, Core3;
Eric Raymond Fetchmail 6.3.0, 6.2.5 .4, 6.2.5 .2, 6.2.5.1, 6.2.5
A remote Denial of Service vulnerability has been reported when Fetchmail is configured in 'multidrop' mode due to a failure to handle unexpected input.
Ubuntu Security Notice, USN-219-1, November 22, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
Debian Security Advisory, DSA 922-1, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Multiple Vendors
util-linux 2.8-2.13;
Andries Brouwer util-linux 2.11 d, f, h, i, k, l, n, u, 2.10 s
A vulnerability has been reported because mounted filesystem options are improperly cleared due to a design flaw, which could let a remote malicious user obtain elevated privileges.
A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.
Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005
SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005
Ubuntu Security Notice, USN-222-2, December 12, 2005
Fedora Update Notifications,
FEDORA-2005-1144 & 1145, December 14, 2005
SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005
RedHat Security Advisory, RHSA-2005:880-8, December 20, 2005
Security Focus, Bugtraq ID: 15629, January 4, 2006
Debian Security Advisory, DSA-943-1, January 16, 2006
RedKernel Softwares
Referrer Tracker 1.1 .0-3
A Cross-Site Scripting vulnerability has been reported in 'Rkrt_stats.PHP' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
A Denial of Service vulnerability has been reported when the find(1) command is used to perform a search on the '/proc' filesystem due to an unspecified error.
Sun(sm) Alert Notification
Sun Alert ID: 102108, January 11, 2006
Sun Microsystems, Inc.
Solaris 10.0 _x86, 10.0, 9.0 _x86, 9.0, 8.0 _x86, 8.0
Several vulnerabilities have been reported in 'lpsched(1M)' which could let a malicious user modify system/user information or cause a Denial or Service.
Sun(sm) Alert Notification
Sun Alert ID: 102066, January 11, 2006
SuSE
Open-Enterprise-Server 9.0
A heap overflow vulnerability has been reported in the Novell Remote Manager (novell-nrm) due to improper handling of
HTTP POST requests that contain a negative Content-Length parameter, which could let a remote malicious user arbitrary code.
SUSE Security Announcement, SUSE-SA:2006:002, January 13, 2006
Todd Miller
Sudo prior to 1.6.8p12
A vulnerability has been reported due to an error when handling the 'PERLLIB,' 'PERL5LIB,' and 'PERL5OPT' environment variables when tainting is ignored, which could let a malicious user bypass security restrictions and include arbitrary library files.
Security Focus, Bugtraq ID: 15394, November 11, 2005
Mandriva Linux Security Advisory, MDKSA-2005:234, December 20, 2005
Ubuntu Security Notice, USN-235-1, January 05, 2006
Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006
Widexl
Download Tracker 1.0.6
A Cross-Site Scripting vulnerability has been reported in 'Down.PL' due to insufficient sanitization of the 'ID' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Security Focus, Bugtraq ID: 16265, January 16, 2006
xloadimage
xloadimage 4.1
A buffer overflow vulnerability has been reported when handling the title of a NIFF image when performing zoom, reduce, or rotate functions, which could let a remote malicious user execute arbitrary code.
Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Description
Common Name
CVSS
Resources
Advantage Century Telecommunication Corporation
ACT WLAN Phone P202S
Multiple vulnerabilities have been reported: a vulnerability was reported on port 17185/udp because connections are allowed from the VxWorks WDB remote debugger, which could let a remote malicious user obtain sensitive information; a vulnerability was reported on port 7/tcp because connections to the echo service are allowed, which could lead to a Denial of Service; and a vulnerability was reported on port 513/tcp because connections to the rlogin service are allowed, which could let a remote malicious user obtain unauthorized access.
No workaround or patch available at time of publishing.
There is no exploit code required.
ACT P202S VOIP WIFI Phones Multiple Remote Vulnerabilities
Not available
Secunia Advisory: SA18514, January 17, 2006
Albatross
Albatross 1.20
A vulnerability has been reported in 'context.py' due to an error when validating certain user-supplied data, which could let a remote malicious user execute arbitrary commands.
Debian Security Advisory, DSA-942-1, January 16, 2006
AlstraSoft
Template Seller Pro
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of 'fullview.php' before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
AlstraSoft Template Seller Pro Cross-Site Scripting
Security Focus, Bugtraq ID: 16233, January 13, 2006
aoblogger
aoblogger 2.3
Multiple input validation vulnerabilities have been reported: a vulnerability was when posting a comment via the 'url' bbcode tag due to insufficient verification, which could let a remote malicious user execute arbitrary script code; an SQL injection vulnerability was reported in 'login.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'create.php' when the 'uza' parameter is set to '1' due to an error in the authorization handling, which could let a remote malicious user obtain unauthorized access.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user compromise the application, or obtain/modify information.
Security Focus, Bugtraq ID: 16260, January 16, 2006
Apache Software Foundation
Apache prior to 1.3.35-dev, 2.0.56-dev
A Cross-Site Scripting vulnerability has been reported in the 'Referer' directive in 'mod_imap' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.
Security Tracker Alert ID: 1015344, December 13, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.029, December 14, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005
Mandriva Linux Security Advisory, MDKSA-2006:007, January 6, 2006
Ubuntu Security Notice, USN-241-1, January 12, 2006
RedHat Security Advisory, RHSA-2006:0158-4, January 17, 2006
BEA Systems, Inc.
WebLogic Server & Express 6.1, 7.0, and 8.1, on all platforms
An information disclosure vulnerability was reported due to improper disclosure of configuration information, which could let a remote malicious user obtain sensitive information.
BEA Security Advisory: BEA03-43.00, January 12, 2006
Benders Calendar
Benders Calendar 1.0
SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of certain parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Security Tracker Alert ID: 1015491, January 16, 2006
Bit 5 Blog
Bit 5 Blog 8.1
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'processlogin.php' due to insufficient sanitization of the 'username' and 'password' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'addcomment.php' due to insufficient sanitization of the 'comment' parameter, which could let a remote malicious user execute arbitrary script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
A vulnerability has been reported in the 'CCMAdmin' web interface when Multi Level Administration is enabled due to insufficient access controls, which could let a remote malicious user obtain elevated privileges.
Cisco Security Advisory, cisco-sa-20060118-ccmpe, January 18, 2006
Cisco Systems
Cisco IOS 11.x
A vulnerability has been reported in data that is received in CDP (Cisco Discovery Protocol) packets due to insufficient sanitization before displayed in the CDP status page, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required.
Cisco IOS CDP Status Page HTML Injection
Not available
iDefense Security Advisory, January 17, 2006
Clipcomm
CPW-100E VOIP WIFI Phone 1.1.12, CP-100E VOIP WIFI Phone 1.1.60
A vulnerability has been reported on port 60023/tcp because connections are allowed to an undocumented debug service, which could let a malicious user obtain unauthorized access.
No workaround or patch available at time of publishing.
There is no exploit code required.
Clipcomm CWP-100/CP-100E Debug Service Unauthorized Access
Security Focus, Bugtraq ID: 16289, January 17, 2006
CounterPath
eyeBeam
A buffer overflow vulnerability has been reported in the SIP Header data due to insufficient validation of the length of user-supplied strings prior to copying them into static process buffers, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept Denial of Service exploit, eyeBeam_dos.c, has been published.
CounterPath eyeBeam Remote Buffer Overflow
Not available
Security Focus, Bugtraq ID: 16253, January 16, 2006
CubeCart
CubeCart 3.0.7 -pl1
Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of unspecified user-supplied input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
Security Focus, Bugtraq ID: 16259, January 16, 2006
Dual DHCP DNS Server
Dual DHCP DNS Server 1.0
A buffer overflow vulnerability has been reported in the DHCP options field due to a boundary error, which could let a remote malicious user cause a Denial of Service or execution of arbitrary code.
Security Tracker Alert ID: 1015495, January 17, 2006
EMC Legato
Legato Networker 7.2.1
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling corrupted RPC packets due to an error; and a vulnerability was reported due to two unspecified errors, which could let a remote malicious user obtain unauthorized access and execute arbitrary code.
Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the '_duration,' 'file,' and 'cmd' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
Security Focus, Bugtraq ID: 16251, January 16, 2006
Fog Creek Software
FogBugz 4.0 29
A Cross-Site Scripting vulnerability has been reported in 'default.asp' due to insufficient sanitization of the 'dest' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
The vendor has released version 4.030 to address this issue; please contact the vendor for upgrades and further information.
There is no exploit code required; however, a Proof of Concept exploit has been published.
