Summary of Security Items from February 16 through February 22, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
Avaya
Various Windows Products
Multiple potential vulnerabilities have been reported in various Avaya products, which run on the Windows platform, in response to Microsoft Security Advisories MS06-004, MS06-005, MS06-006, MS06-007, MS06-008, MS06-009, and MS06-010.
A vulnerability has been reported in ViRobot that could let remote malicious users disclose information or obtain unauthorized access.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
ViRobot Information Disclosure or Unauthorized Access
Not Available
Security Tracker, Alert ID: 1015658, February 22, 2006
IBM
Lotus Notes 6.x, 7.x
Multiple vulnerabilities have been reported: a vulnerability was reported in 'kvarcve.dll' when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in 'uudrdr.dll' when handling 'UUE' files that contain an encoded file with an overly long filename, which could let a remote malicious user execute arbitrary code; a Directory Traversal vulnerability was reported in 'kvarcve.dll' when generating the preview of a compressed file from ZIP, UUE, and TAR archives, which could let a remote malicious user delete arbitrary files; a vulnerability was reported in the 'TAR' reader when extracting files from a TAR archive that contain a long filename, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the HTML speed reader due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in the HTML speed reader when checking if a link references a local file due to a boundary error, which could let a remote malicious user execute arbitrary code.
These issues have been addressed in Lotus Notes versions 6.5.5 and 7.0.1. Please contact the vendor to obtain fixes.
Currently we are not aware of any exploits for these vulnerabilities.
Entry was originally, erroneously listed as multiple OS.
Security Tracker, Alert ID: 1015647, February 20, 2006
Microsoft
Internet Explorer 6.0, 6.0 SP1
A buffer overflow vulnerability has been reported in Internet Explorer that could let remote malicious users to cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Microsoft Internet Explorer Denial of Service or Arbitrary Code Execution
A vulnerability has been reported in Safe'n'Sec that could let local malicious users obtain elevated privileges.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Safe'n'Sec Privilege Elevation
Not Available
Security Focus, ID: 16762, February 21, 2006
True North Software
Internet Anywhere EMailServer Corporate Edition 5.3.4
A buffer overflow vulnerability has been reported in Internet Anywhere EMailServer Corporate Edition that could let remote malicious users to cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Internet Anywhere EMailServer Denial of Service or Arbitrary Code Execution
A vulnerability has been reported in Apple Safari when processing file association meta data stored in the '_MACOSX' folder in ZIP archives, which could let a remote malicious user execute arbitrary commands.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script, safari_safefiles_exec.pm, has been published.
Apple Mac OS X Archive Metadata Arbitrary Command Execution
A remote Denial of Service vulnerability has been reported in '12cap.c' due to an error when handling L2CAP (Logical Link Control and Adaptation Layer Protocol) layer.
Ubuntu Security Notice, USN-256-1, February 21, 2006
Eric S Raymond
Fetchmail 6.x
A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information.
Slackware Security Advisory, SSA:2006-045-01, February 14, 2006
Erik S. Raymond
Fetchmail 6.3.0 - prior to 6.3.2
A remote Denial of Service vulnerability has been reported due to incorrect freeing of an invalid pointer when bouncing a message to the originator or to the local postmaster.
Fetchmail Security Advisory, fetchmail-SA-2006-01, January 22, 2006
Slackware Security Advisory, SSA:2006-045-01, February 14, 2006
ETERM
LibAST prior to 0.7
A buffer overflow vulnerability has been reported in 'conf.c' due to a boundary error in the 'conf_find_file()' function, which could let a malicious user execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200601-14, January 29, 2006
Debian Security Advisory,
DSA-976-1, February 15, 2006
GNU
tar 1.15.90, 1.15.1, 1.14.90, 1.15, 1.14
A buffer overflow vulnerability has been reported when handling PAX extended headers due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Mandriva Security Advisory, MDKSA-2006:046, February 21, 2006
Ubuntu Security Notice, USN-257-1, February 23, 2006
GnuPG
GnuPG / gpg prior to 1.4.2.1
A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.
Fedora Update Notification,
FEDORA-2006-116, February 17, 2006
Debian Security Advisory,
DSA-978-1, February 17, 2006
Mandriva Security Advisory, MDKSA-2006:043, February 17, 2006
Ubuntu Security Notice, USN-252-1, February 17, 2006
Gentoo Linux Security Advisory, GLSA 200602-10, February 18, 2006
SuSE Security Announcement, SUSE-SA:2006:009, February 20, 2006
KDE
KDE 3.2.0 up to including 3.5.0
A buffer overflow vulnerability has been reported in 'kjs' in the decoding of UTF-8 encoded URI sequences, which could let a remote malicious user execute arbitrary code.
A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005
Ubuntu Security Notice,
USN-130-1, May 19, 2005
SUSE Security Summary Report, SUSE-SR:2005:014,
June 7, 2005
Turbolinux
Security Advisory, TLSA-2005-72, June 28, 2005
Debian Security Advisory, DSA 755-1, July 13, 2005
SCO Security Advisory,
SCOSA-2005.34,
September 19, 2005
SCO Security Advisory, SCOSA-2006.3, January 3, 2006
Mandriva Security Advisory, MDKSA-2006:042, February 17, 2006
Melange
Melange Chat System 1.10
A vulnerability has been reported due to a failure to properly secure HTTP request data, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required.
Melange Chat Information Disclosure
Not Available
Security Focus, Bugtraq ID: 16747, February 21, 2006
Metamail
Metamail 2.7
A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. Note: According to Security Tracker this is a Linux/Unix vulnerability. Previously classified as multiple operating systems.
Security Focus, Bugtraq ID: 16611, February 13, 2006
RedHat Security Advisory, RHSA-2006:0217-4, February 21, 2006
Mandriva Security Advisory, MDKSA-2006:047, February 22, 2006
Micromuse
Netcool/Neusecure 3.0.236 -1
Several vulnerabilities have been reported: a vulnerability was reported because passwords are stored in cleartext in configuration files, which could let a malicious user obtain sensitive information; and a vulnerability was reported in the database connection log in the default configuration because it is readable by all users, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code.
Micromuse Netcool/
Neusecure Information Disclosure
An SQL injection vulnerability has been reported in 'editparams.cgi' due to insufficient validation of the 'whinedays' parameter, which could let a remote malicious user execute arbitrary SQL code.
Security Focus, Bugtraq ID: 16738, February 21, 2006
Mozilla.org
Bugzilla 2.19.3, 2.20-2.21.2
A vulnerability has been reported in the login form on the home page due to a design error in the application, which could let a remote malicious user obtain sensitive information.
Security Focus, Bugtraq ID: 16745, February 21, 2006
Multiple Vendors
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36
Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.
Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005
RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005
KDE Security Advisory, advisory-20051207-1, December 7, 2005
SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005
Ubuntu Security Notice, USN-227-1, December 12, 2005
Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005
RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005
Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006
Debian Security Advisory,
DSA-936-1, January 11, 2006
Debian Security Advisory, DSA-937-1, January 12, 2006
Debian Security Advisory, DSA 938-1, January 12, 2006
Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006
SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006
RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006
SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006
SGI Security Advisory, 20051201-01-U, January 20, 2006
Debian Security Advisory, DSA-950-1, January 23, 2006
Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006
Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006
Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006
Multiple Vendors
OpenSSH 3.x, 4.x; RedHat Fedora Core3 & Core4
A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges.
Security Focus, Bugtraq ID: 16369, January 24, 2006
Fedora Security Advisory, FEDORA-2006-056, January 24, 2006
Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006
Security Focus, Bugtraq ID: 16369, January 31, 2006
Secunia Advisory: SA18798, February 13, 2006
SUSE Security Announcement, SUSE-SA:2006:008, February 14, 2006
Slackware Security Advisory, SSA:2006-045-06, February 14, 2006
Gentoo Linux Security Advisory, GLSA 200602-11, February 20, 2006
Ubuntu Security Notice, USN-255-1, February 21, 2006
Multiple Vendors
RedHat Enterprise Linux WS 3, ES 3, AS 3, Desktop 3.0;
Linux kernel 2.4-2.4.28
A Denial of Service vulnerability has been reported in the 'find_target' function due to a failure to properly handle unexpected conditions when attempting to handle a NULL return value from another function.
SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005
Ubuntu Security Notice, USN-187-1, September 25, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005
Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Todd Miller Sudo 1.6-1.6.8, 1.5.6-1.5.9
A vulnerability has been reported in the 'PYTHONINSPECT' variable, which could let a malicious user bypass security restrictions and obtain elevated privileges.
Security Focus, Bugtraq ID: 16184, January 9, 2006
Security Focus, Bugtraq ID: 16184, January 12, 2006
Debian Security Advisory, DSA-946-1, January 20, 2006
SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006
Slackware Security Advisory, SSA:2006-045-08, February 14, 2006
Slackware Security Advisory, SSA:2006-045-08, February 14, 2006
Multiple Vendors
Geeklog prior to 1.3.11sr4 & 1.4.0sr1; Media Gallery 1.2.3
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'users.php' and 'lib-sessions.php' due to insufficient sanitization of cookies before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a file include vulnerability was reported in 'lib-common.php' due to insufficient verification of cookies before using to include files, which could let a remote malicious user execute arbitrary php code.
Debian Security Advisory,
DSA-968-1, February 13, 2006
Ubuntu Security Notice, USN-254-1, February 21, 2006
Multiple Vendors
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; GNU Libtasn1 prior to 1.2.10,
GnuTLS prior to 1.2.10
A remote Denial of Service vulnerability has been reported due to improper decoding of DER encoded data. This could possibly lead to the execution of arbitrary code.
Security Tracker Alert ID: 1015612, February 11, 2006
RedHat Security Advisory, RHSA-2006:0207-01, February 10, 2006
Fedora Update Notification,
FEDORA-2006-107, February 10, 2006
Mandriva Security Advisory, MDKSA-2006:039, February 13, 2006
Gentoo Linux Security Advisory, GLSA 200602-08, February 16, 2006
Ubuntu Security Notice, USN-251-1, February 16, 2006
Multiple Vendors
RedHat Fedora Core4, Core3;
Eric Raymond Fetchmail 6.3.0, 6.2.5 .4, 6.2.5 .2, 6.2.5.1, 6.2.5
A remote Denial of Service vulnerability has been reported when Fetchmail is configured in 'multidrop' mode due to a failure to handle unexpected input.
Security Focus, Bugtraq ID: 15729, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006
Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006
RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006
Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006
Multiple Vendors
Tin News Reader 1.8 & prior ;
OpenPKG 2.5, 2.4, 2.3, OpenPKG Current
A off-by-one buffer overflow vulnerability has been reported due to insufficient boundary checks on user-supplied data before using it in a finite-sized buffer, which could let a remote malicious user execute arbitrary code.
Ubuntu Security Notice, USN-244-1 January 18, 2006
Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006
Nathan Neulinger
CGIWrap 3.0, 2.0-2.7, 1.0
A vulnerability was reported because system information is disclosed in an error message when an error occurs during the execution of a script, which could let a remote malicious user obtain sensitive information. Note: This occurs even when the '--with-quiet-errors' option is used.
Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005
Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005
Ubuntu Security Notice, USN-164-1, August 11, 2005
Fedora Update Notifications,
FEDORA-2005-727 & 728, August 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
RedHat Security Advisory, RHSA-2005:743-08, August 22, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
Conectiva Linux Announcement, CLSA-2005:1007, September 13, 2005
Turbolinux Security Advisory, TLSA-2005-90, September 20, 2005
Fedora Update Notification,
FEDORA-2005-000, January 5, 2006
Fedora Update Notification,
FEDORA-2006-112, February 16, 2006
PEAR
PEAR::Auth 1.2.4 & prior to 1.3.0r4
Multiple unspecified SQL injection vulnerabilities have been reported due to insufficient sanitization , which could let a remote malicious user execute arbitrary SQL code.
Security Focus, Bugtraq ID: 16758, February 21, 2006
Perl
BLOG
PerlBLOG 1.09b & prior
Multiple vulnerabilities have been reported: a vulnerability was reported in 'weblog.ph' in the 'Post Comment' functionality due to insufficient sanitization of the 'reply' parameter, which could let a remote malicious user conduct script insertion attacks; a vulnerability was reported in 'weblog.ph' in the 'Archives' functionality due to insufficient sanitization of the 'month' parameter, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in 'weblog.pl' due to insufficient sanitization of the 'name' and 'body' parameters, which could let a remote malicious user execute arbitrary script code.
No workaround or patch available at time of publishing.
Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the LDAP component when processing BER packets; a Denial of Service vulnerability was reported in the LDAP component in the 'dn2ancestor' code; and a Denial of Service vulnerability was reported in the LDAP component when processing BER packets when a specially crafted BER sequence is submitted.
Security Focus, Bugtraq ID: 16677, February 16, 2006
Royal Institute of Technology
Heimdal prior to 0.6.6 & 0.7.2
A vulnerability has been reported in the 'rshd' server when storing forwarded credentials due to an unspecified error, which could let a malicious user obtain elevated privileges.
Security Tracker Alert ID: 1015591, February 7, 2006
Ubuntu Security Notice, USN-247-1, February 09, 2006
Debian Security Advisory,
DSA-977-1, February 16, 2006
SCO
Unixware 7.1.4, 7.1.3
A vulnerability has been reported in the 'ptrace()' system call due to an unspecified error, which could let a malicious user obtain elevated privileges.
SCO Security Advisory, SCOSA-2006.9, February 21, 2006
Siteframe
Siteframe Beaumont 5.0.2, 5.0.1, 5.0.1a
An HTML injection vulnerability has been reported in 'page.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Description
Common Name
CVSS
Resources
ADOdb
ADOdb 4.71 & prior
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'adodb_pager.inc.php' due to insufficient sanitization of the 'next_page' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'adodb_pager.inc.php' due to the unsafe use of 'PHP_SELF,' which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Security Focus, Bugtraq ID: 16710, February 17, 2006
BlueCoat Systems
Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1
A vulnerability has been reported when using 'Deep Content Inspection' because 'CONNECT' rules are not enforced, which could let a remote malicious user bypass connection filters.
Security Tracker Alert ID: 1015644, February 17, 2006
BomberClone
BomberClone prior to 0.11.6.2; Gentoo Linux
A buffer overflow vulnerability has been reported due to a boundary error when processing error messages, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 16697, February 17, 2006
Gentoo Linux Security Advisory, GLSA 200602-09, February 16, 2006
BoonEx
Barracuda Directory 1.1
HTML injection vulnerabilities have been reported in the 'Add URL' and 'Suggest Category' functionality due to insufficient sanitization of various fields, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A vulnerability has been reported due to insufficient sanitization of email messages that contain HTML image tags with 'javascript' URLs that have '	' in the middle, which could let a remote malicious user execute arbitrary JavaScript code.
No workaround or patch available at time of publishing.
A Directory Traversal vulnerability has been reported in the 'staticfilter' functionality due to an input validation error, which could let a remote malicious user obtain sensitive information.
An HTML injection vulnerability has been reported in the Private Messages functionality due to insufficient sanitization of the 'Subject' field before storing, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'linking.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
The vulnerability has been fixed in the CVS repository.
Vulnerability can be exploited through a web client.
A vulnerability has been reported in the 'content-data.php' file due to insufficient sanitization of the 'X-Forwarded-For' header in the HTTP request, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script, admbook_122_xpl.pl, has been published.
Security Focus, Bugtraq ID: 16753, February 21, 2006
Digital Dominion
PHP-Fusion 4.x, 5.x, 6.x
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'shoutbox_panel.php' due to insufficient sanitization of the 'shout_name' field and in 'comments_include.php' due to insufficient of certain unspecified fields, which could let a remote malicious user execute arbitrary HTML and script code; and an unspecified vulnerability was reported in 'messages.php' due to the way the 'srch_text' parameter is handed.
Security Focus, Bugtraq ID: 16690, February 17, 2006
Dovecot
Dovecot 1.0.beta2, 1.0
A remote Denial of Service vulnerability has been reported in 'pop3-login' and 'imap-login' due to a double free error when processing certain requests.
Security Focus, Bugtraq ID: 16672, February 15, 2006
Dreamcost
HostAdmin 3.0
A file include vulnerability has been reported in 'index.php' due to insufficient verification of the 'path' parameter, which could let a remote malicious user include arbitrary files.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploit scripts, XOR-HostAdmin.txt and HostAdmin_rm-inc.php, have been published.
An HTML injection vulnerability has been reported in the Chatbox plugin due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
E107 Website System HTML Injection
Not Available
Security Focus, Bugtraq ID: 16719, February 18, 2006
E-Blah
E-Blah Platinum 9.7
An HTML injection vulnerability has been reported in 'Routines.PL' due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_
prefix()' function in the OSPF protocol dissector due to a boundary error when converting received binary data to a human readable string, which could let a remote malicious user execute arbitrary code.
Ethereal Security Advisory, enpa-sa-00022, December 27, 2005
Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006
RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006
Avaya Security Advisory, ASA-2006-046, February 13, 2006
Francisco Burzi
PHP-Nuke 7.8 & prior
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization the 'Your_Account' module before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
Several vulnerabilities have been reported: a file include vulnerability was reported in 'include/init.inc.php' due to insufficient verification of the 'lang' parameter, which could let a remote malicious user execute arbitrary PHP code; and a file include vulnerability was reported in 'docs/showdoc.php' due to insufficient verification of the 'f' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits and an exploit script, cpg_143_incl_xpl, have been published.
Coppermine Photo Gallery File Include
Not Available
Security Tracker Alert ID: 1015646, February 18, 2006
Guestbox
Guestbox 0.6
Multiple vulnerabilities have been reported: a vulnerability was reported in the authentication process due to an error, which could let a remote malicious user obtain unauthorized access and post comments; a vulnerability was reported in 'guestbox.php' when posting an entry due to insufficient sanitization of the 'url' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'gblog' file because IP addresses are stored insecurely, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required.
Guestbox Vulnerabilities
Not Available
Secunia Advisory: SA18946, February 21, 2006
HTML::BBCode
HTML::BBCode 1.04, 1.03
An HTML injection vulnerability has been reported due to insufficient sanitization of the '[url]' and '[img]' BBcode tags before converting to HTML, which could let a remote malicious user execute arbitrary HTML and script code.
There is no exploit code required; however, a Proof of Concept exploit has been published.
HTML::BBCode HTML Injection
Not Available
Security Focus, Bugtraq ID: 16680, February 16, 2006
ilch.de
ilchClan 1.0.5
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'pid' parameter due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and an SQL injection vulnerability was reported in 'login.php' due to insufficient sanitization of the 'login_name' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
