Summary of Security Items from January 26 through February 1, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
Adobe
Acrobat, Creative Suite, Illustrator, InDesign, Pagemaker, Pagemaker Plus, Photoshop Premiere, and Version Cue various versions
Multiple vulnerabilities have been reported in multiple Adobe products that could let local malicious users obtain elevated privileges or execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required.
Adobe Multiple Product Privilege Elevation or Arbitrary Code Execution
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.
Mandriva Linux Security
Update
Advisory,
MDKSA-2005:
091, May 19,
2005
Debian Security Advisory,
DSA 730-1,
May 27, 2005
Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005
OpenPKG
Security
Advisory, OpenPKG-SA-2005.008,
June 10, 2005
RedHat
Security Advisory,
RHSA-2005
:474-15,
June 16, 2005
FreeBSD Security Advisory,
FreeBSD-SA-05:14, June 29, 2005
Conectiva Linux Announcement, CLSA-2005:972,
July 6, 2005
SGI Security Advisory, 20050605-
01-U, July 12, 2005
Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005
Mandriva Security Advisory, MDKSA-2006:026, January 30, 2006
Edgewall Software
Trac 0.9.1, 0.9, 0.8.1- 0.8.4, 0.7.1
An SQL injection vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
Security Focus, Bugtraq ID: 15720, December 5, 2005
Debian Security Advisory, DSA-951-1, January 23, 2006
Debian Security Advisory DSA 951-2, January 30, 2006
Edgewall Software
Trac 0.9.2
An HTML injection vulnerability has been reported in the WikiProcessor Wiki Content due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
Security Focus, Bugtraq ID: 16198, January 10, 2006
Debian Security Advisory, DSA-951-1, January 23, 2006
Debian Security Advisory DSA 951-2, January 30, 2006
Elido
Face Control 0
Multiple Directory Traversal vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Security Focus, Bugtraq ID: 16401, January 27, 2006
ETERM
LibAST prior to 0.7
A buffer overflow vulnerability has been reported in 'conf.c' due to a boundary error in the 'conf_find_file()' function, which could let a malicious user execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200601-14, January 29, 2006
GIT
GIT 1.1.
A buffer overflow vulnerability has been reported in 'git-checkout-index' due to a boundary error when handling of an overly long symbolic link, which could let a remote malicious user execute arbitrary code.
A buffer overflow vulnerability has been reported which could lead to a Denial of Service when processing messages that contain inline XML file attachments with excessively long strings.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Security Focus, Bugtraq ID: 16408, January 30, 2006
GNU
Mailman 2.1-2.1.5, 2.0-2.0.14
A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.
Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005
SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006
Ubuntu Security Notice, USN-242-1 January 16, 2006
Debian Security Advisory, DSA-955-1, January 25, 2006
GNU
zgrep 1.2.4
A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.
HP Security Bulletin, HPSBUX02092, January 18, 2006
Avaya Security Advisory, ASA-2006-018, January 19, 2006
Image
Magick
ImageMagick 6.2.4 .5
A vulnerability has been reported in the delegate code that is used by various ImageMagick utilities when handling an image filename due to an error, which could let a remote malicious user execute arbitrary commands.
Security Focus, Bugtraq ID: 15523, November 22, 2005
Ubuntu Security Notice, USN-221-1, December 01, 2005
Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005
SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005
Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006
Mandriva Security Advisory, MDKSA-2006:020, January 25, 2006
Joshua Chamas
Crypt::SSLeay 0.51
A vulnerability has been reported because a file is employed from a world writable location for its fallback entropy source, which could lead to weak cryptographic operations.
Mandriva Security Advisory, MDKSA-2006:023, January 26, 2006
LSH
LSH 2.0.1
A vulnerability has been reported in 'unix_random.c' because file descriptors that are related to the randomness generator are leaked, which could let a malicious user obtain sensitive information or cause a Denial of Service.
Debian Security Advisory, DSA-956-1, January 26, 2006
Marc Lehmann
Convert-UUlib 1.50
A buffer overflow vulnerability has been reported in the Convert::UUlib module for Perl due to a boundary error, which could let a remote malicious user execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200504-26, April 26, 2005
Secunia Advisory, SA15130, April 27, 2005
Debian Security Advisory, DSA 727-1, May 20, 2005
SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005
Conectiva Linux Announcement, CLSA-2005:1031, October 13, 2005
Mandriva Security Advisory, MDKSA-2006:022, January 26, 2006
Multiple Vendors
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36
Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.
A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.
Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005
Debian Security Advisory, DSA 696-1 , March 22, 2005
Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005
HP Security Bulletin, HPSBUX01208, June 16, 2005
Secunia, Advisory: SA16193, July 25, 2005
Avaya Security Advisory, ASA-2005-196, September 13, 2005
RedHat Security Advisory, RHSA-2005:674-10, October 5, 2005
Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006
Fedora Legacy Update Advisory, FLSA:152845, January 25, 2006
Multiple Vendors
libpng 1.0.16, 1.0.17, 1.2.6, 1.2.7.
A buffer overflow vulnerability has been reported in 'png_set_strip_alpha()' when handling a PNG image file that contains alpha channels, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.
A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges.
Cross-Site Scripting vulnerabilities have been reported in the 'HTTP_HOST' variable and certain scripts in the libraries directory due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
phpMyAdmin security announcement PMASA-2005-8, December 5, 2005
Gentoo Linux Security Advisory, GLSA 200512-03, December 12, 2005
SuSE Security Announcement, SUSE-SA:2006:004, January 26, 2006
Multiple Vendors
Gentoo Linux;
GNU GDB 6.3
Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.
A format string vulnerability exists when handling malformed file names, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006
Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006
RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006
SGI Security Advisory, 20051201-01-U, January 20, 2006
Debian Security Advisory, DSA-950-1, January 23, 2006
Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006
Gentoo Linux Security Advisory, GLSA 200601-17, January 30, 2006
Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006
Multiple Vendors
Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.
Ubuntu Security Notice, USN-72-1, February 2, 2005
MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005
RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005
IBM SECURITY ADVISORY, February 28, 2005
Fedora Update Notification,
FEDORA-2005-353, May 2, 2005
Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006
Fedora Legacy Update Advisory, FLSA:152845, January 25, 2006
Multiple Vendors
Linux kernel 2.6.15 & prior
Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in 'netlink_rcv_skb()' due to insufficient validation of the 'nlmsg_len' value; a Denial of Service vulnerability was reported due to an error in the 'PPTP NAT' helper when handling inbound 'PPTP_IN_CALL_
REQUEST' packets; and a Denial of Service vulnerability was reported in the 'PPTP NAT' helper when calculating offsets based on the difference between two pointers to the header.
A vulnerability has been reported due to the insecure creation of temporary files when logging is enabled, which could let a malicious user cause a Denial of Service or overwrite files.
Debian Security Advisory,
DSA-960-1, January 31, 2006
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10
A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.
Security Focus, Bugtraq ID: 16248, January 16, 2006
Ubuntu Security Notice, USN-242-1 January 16, 2006
Debian Security Advisory, DSA-955-1, January 25, 2006
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15
A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.
Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005
Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005
RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005
Ubuntu Security Notice, USN-190-1, September 29, 2005
RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005
Conectiva Linux Announcement, CLSA-2005:1032, October 13, 2005
Avaya Security Advisory, ASA-2005-225, October 18, 2005
Conectiva Linux Announcement, CLSA-2005:1050, November 21, 2005
Mandriva Security Advisory, MDKSA-2006:025, January 26, 2006
Net-snmp
Net-snmp 5.x
A vulnerability has been reported in 'fixproc' due to a failure to securely create temporary files in world writeable locations, which could let a malicious user obtain elevated privileges and possibly execute arbitrary code with ROOT privileges.
Gentoo Linux Security Advisory, GLSA 200505-18, May 23, 2005
Fedora Update Notifications,
FEDORA-2005
-561 & 562,
July 13, 2005
RedHat Security Advisory, RHSA-2005:373-23, September 28, 2005
RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005
Avaya Security Advisory, ASA-2005-225, October 18, 2005
Mandriva Security Advisory, MDKSA-2006:025, January 26, 2006
phpMyAdmin
phpMyAdmin 2.7 .0-beta1, 2.7
A vulnerability has been reported in the register_globals emulation layer in 'grab_globals.php' because the 'import_blacklist' variable is not properly protected, which could let a remote malicious user execute arbitrary HTML and script code and include arbitrary files.
Gentoo Linux Security Advisory, GLSA 200512-03, December 12, 2005
SuSE Security Announcement, SUSE-SA:2006:004, January 26, 2006
SCO
Unixware 7.1.4, 7.1.3
A buffer overflow vulnerability has been reported in 'UIDAdmin' when processing excessive data, which could let a malicious user obtain superuser privileges.
SuSE Security Announcement, SUSE-SA:2006:005, January 25, 2006
Sylpheed
Sylpheed 2.0-2.0.3, 1.0.0-1.0.5
A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_get_line()' function when importing a LDIF file into the address book, which could let a remote malicious user obtain unauthorized access.
Fedora Update Notification,
FEDORA-2005-1063, November 9, 2005
Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005
Debian Security Advisory, DSA 906-1, November 22, 2005
Debian Security Advisory, DSA 908-1, November 23, 2005
SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005
Conectiva Linux Security Advisory, CLSA-2006:1061, January 23, 2006
unalz
unalz 0.52, 0.51, 0.31, 0.23, 0.22, 0.2-0.5
A buffer overflow vulnerability has been reported when handling the '.alz' archive due to a boundary error, which could let a remote malicious user execute arbitrary code.
Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Description
Common Name
CVSS
Resources
AndoNET
AndoNet Blog 2004.9.2
An SQL injection vulnerability has been reported in 'comentarios.php' due to insufficient sanitization of the 'entrada' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Security Focus, Bugtraq ID: 16400, January 27, 2006
Apache Software Foundation
Apache prior to 1.3.35-dev, 2.0.56-dev
A Cross-Site Scripting vulnerability has been reported in the 'Referer' directive in 'mod_imap' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.
Security Tracker Alert ID: 1015344, December 13, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.029, December 14, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005
Mandriva Linux Security Advisory, MDKSA-2006:007, January 6, 2006
Ubuntu Security Notice, USN-241-1, January 12, 2006
RedHat Security Advisory, RHSA-2006:0158-4, January 17, 2006
Fedora Security Advisory, FEDORA-2006-052, January 23, 2006
Turbolinux Security Advisory, TLSA-2006-1, January 25, 2006
Ashwebstudio
Ashnews 0.83
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a file include vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Ashwebstudio Ashnews Cross-Site Scripting & File Include
Security Focus, Bugtraq ID: 16438, January 31, 2006
BrowserCRM
BrowserCRM 0
A Cross-Site Scripting vulnerability has been reported in 'results.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Security Focus, Bugtraq ID: 16435, January 31, 2006
Calendarix
Calendarix 0.6.20050830
SQL injection vulnerabilities have been reported in 'cal_day.php' due to insufficient sanitization of the 'catview' parameter and in in 'admin/cal_login.php' due to insufficient sanitization of the 'login' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
A vulnerability has been reported in the '/admin/htmlarea/popups/
file/files.php' script due to insufficient authentication, which could let a remote malicious user upload/create/delete arbitrary files.
No workaround or patch available at time of publishing.
An HTML vulnerability has been reported due to insufficient sanitization of various fields when posting a comment, which could let a remote malicious user execute arbitrary HLTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
A vulnerability has been reported in the AAA (Authentication, Authorization, and Accounting) command due to insufficient authorization checks, which could let a remote malicious user obtain elevated privileges.
A remote Denial of Service vulnerability has been reported when handling a specially-crafted HTTP packet.
The vendor reports that the vulnerability has been fixed in software version 4.7.2.B. However, this is not correct according to the discoverer of the vulnerability.
Currently we are not aware of any exploits for this vulnerability.
Cisco VPN 3000 Concentrator Remote Denial of Service
Cisco Security Advisory, cisco-sa-20060126, January 26, 2006
Daffodil CRM
Daffodil CRM 1.5
An SQL injection vulnerability has been reported in 'userlogin.asp' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Security Focus, Bugtraq ID: 16433, January 30, 2006
Dragoran Portal
Dragoran Portal 1.3
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'site' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, an exploit script , ipbpro.pl, has been published.
Multiple vulnerabilities have been reported: an input validation vulnerability was reported when filtering HTML code, which could let a remote malicious user inject arbitrary JavaScript code; an input validation vulnerability was reported due to an error in the attachment handling, which could let a remote malicious user upload a malicious image and inject arbitrary HTTP headers; and a vulnerability was reported in the 'access user profile' permission can a remote malicious user can bypass it.
Debian Security Advisory,
DSA-958-1, January 27, 2006
EasyCMS
EasyCMS 0
Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
The vendor has announced that fixes for this issue are pending.
Security Focus, Bugtraq ID: 16430, January 31, 2006
E-Post Corporation
Mail Server 4.x, Mail Server Enterprise 4.x, SMTP Server 4.x, SMTP Server Enterprise 4.x,
SPA-PRO Mail @Solomon 4.x,
SPA-PRO Mail @Solomon Enterprise 4.x.
SPA-PRO SMTP @Solomon 4.x
Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the SMTP service due to a boundary error when handling the username supplied to the 'AUTH PLAIN' and 'AUTH LOGIN' commands, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in the POP3 service when handling the username supplied to the APOP command, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the IMAP service when handling the mailbox name passed to the DELETE command; a vulnerability was reported in the IMAP service due to an input validation error when handling arguments passed to the LIST command, which could let a remote malicious user obtain sensitive information and cause a Denial of Service; input validation vulnerabilities were reported in the IMAP service when handling the APPEND, COPY, and RENAME commands, which could let a remote malicious user create 'MSG' files and arbitrary directories; and a remote Denial of Service vulnerability was reported in the IMAP service when handling the APPEND command.
The vendor has released patches and updates to address these issues
Currently we are not aware of any exploits for these vulnerabilities.
E-Post Mail Server Products Multiple Vulnerabilities
A file include vulnerability has been reported in 'loginout.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Security Focus, Bugtraq ID: 16440, January 31, 2006
Gallery Project
Gallery 1.5.2-RC2
An HTML injection vulnerability has been reported due to insufficient sanitization of the user's fullname before using, which could let a remote malicious user execute arbitrary HTML and script code.
Gentoo Linux Security Advisory, GLSA 200601-13, January 26, 2006
Groupee.com
UBBThreads 6.3 & prior
An SQL injection vulnerability has been reported in the 'showflat.php' script due to insufficient validation of the 'Number' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
UBBThreads SQL Injection
Not available
Security Tracker Alert ID: 1015549, January 29, 2006
MiniGal
MG2 0.5.1
An HTML-injection vulnerability has been reported in the 'Name' form field when adding a comment on a picture, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Security Focus, Bugtraq ID: 16428, January 30, 2006
MiniNuke
MiniNuke CMS 1.8.2
Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code and change an arbitrary user's password.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits and an exploit script, mininuke_182.pl, have been published.
MiniNuke Multiple Input Validation
Not available
Security Focus, Bugtraq ID: 16416, January 30, 2006
Mozilla
Firefox 1.5 & prior
A Cross-Domain Scripting vulnerability has been reported in the '-moz-binding' property which could lead to the executio
