U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB05-194)

Summary of Security Items from July 6 through July 12, 2005

Original release date: July 13, 2005

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities

The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Capturix Technologies

ScanShare 1.06

A vulnerability has been reported in ScanShare that could let local malicious users disclose passwords.

No workaround or patch available at time of publishing.

There is no exploit code required.

Capturix ScanShare Password Disclosure

CAN-2005-2209

Medium Security Tracker, Alert ID: 1014409, July 7, 2005

ClearSwift

MIMEsweeper 5.1

A vulnerability has been reported in MIMEsweeper that could let remote malicious users inject arbitrary code.

Vendor update available:
http://www.clearswift.com/support/
msw/patch_MswWeb.aspx

There is no exploit code required.

ClearSwift MIMEsweeper Arbitrary Code Injection High Security Tracker Alert ID: 1014456, July 12, 2005

Comersus

Comersus Cart 6.0.41

An input validation vulnerability has been reported in Comersus Cart that could let remote malicious users perform Cross-Site scripting or SQL injection attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Comersus Cart Cross Site Scripting or SQL Injection

CAN-2005-2190
CAN-2005-2191

High Security Tracker, Alert ID: 1014419, July 7, 2005

Elemental Software

CartWiz 1.20

An input validation vulnerability has been reported in CartWiz that could let remote malicious users perform Cross-Site Scripting or SQL injection attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

CartWIZ Cross Site Scripting or SQL Injection

CAN-2005-2206
CAN-2005-2207

High Security Tracker, Alert ID: 1014418, July 7, 2005

Hosting Controller

Hosting Controller 6.1 Hotfix 2.1

Multiple vulnerabilities have been reported in Hosting Controller (AccountActions.asp) that could let remote authenticated, malicious users to modify their credit limit or create new accounts.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Hosting Controller Credit Modification or Account Creation

CAN-2005-2219

Medium Security Tracker Alert ID: 1014443, 1014446, July 11, 2005

K-Meleon

K-Meleon Browser 0.9

An empty javascript function processing vulnerability has been reported in K-Meleon Browser that could let remote malicious users perform a Denial of Service.

As a workaround disable Javascript.

A Proof of Concept exploit has been published.

K-Meleon Denial of Service

CAN-2005-2114

Low

Security Tracker Alert ID: 1014372, July 4, 2005

Advisory erroneously referenced.

MailEnable

MailEnable Professional 1.6

A vulnerability has been reported in MailEnable Professional that could let remote malicious users execute arbitrary code or a Denial of Service during authentication.

Vendor fix available:
http://www.mailenable.com/
download.asp

Currently we are not aware of any exploits for this vulnerability.

MailEnable Professional Arbitrary Code Execution

CAN-2005-2222
CAN-2005-2223

High Security Tracker, Alert ID: 1014427, July 8, 2005

McAfee

Security Management System

Multiple vulnerabilities have been reported in Security Management System that could let remote authenticated, malicious users obtain elevated privileges or perform Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

McAfee Security Management System Elevated Privileges or Cross Site Scripting

CAN-2005-2186
CAN-2005-2187

High Secunia, Advisory: SA15961, July 7, 2005

Microsoft

ASP .NET

An input validation vulnerability has been reported in ASP .NET that could let remote malicious users perform a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASP.NET Denial of Service

CAN-2005-2224

Low Secunia, Advisory: SA16005, July 12, 2005

Microsoft

JView Profiler

A vulnerability has been reported in JView Profiler that could let remote malicious users execute arbitrary code.

Vendor updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-037.mspx

There is no exploit code required; however, a Proof of Concept exploit has been published.

JView Profiler Arbitrary Code Execution

CAN-2005-2087

High

Microsoft Security Bulletin MS05-037, July 12, 2005

USCERT, Vulnerability Note VU#939605, July 12, 2005

Microsoft

MSN Messenger Protocol

A vulnerability has been reported in MSN Messenger Protocol that could let remote malicious users perform a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MSN Messenger Protocol Denial of Service

CAN-2005-2225

Low Security Tracker Alert ID: 1014444, July 11, 2005

Microsoft

MSRPC

Multiple vulnerabilities have been reported in MS remote procedure call that could let remote malicious users disclose information.

Upgrade to Update RollUp 1:
http://www.microsoft.com/
downloads/details.aspx?
amp;displaylang=en&
familyid=c0a2ca36-
1179-431c-80e6-
60a494d3823d&displaylang=en

Currently we are not aware of any exploits for this vulnerability.

Microsoft MSRPC Information Disclosure

CAN-2005-2150

Medium Security Focus, 14177, 14178, July 7, 2005

Microsoft

Outlook Express 6.0

Multiple vulnerabilities have been reported in Outlook Express that could let a remote malicious user disclose information or crash the system.

Vendor update available:
http://support.microsoft.com/
default.aspx/kb/
900930/EN-US/

Some included vulnerabilities are no exploit code required, others may have published exploits.

Microsoft Outlook Express Information Disclosure or System Crash

CAN-2005-2226

Medium Security Focus, 14225, July 12, 2005

Microsoft

Windows Color Management Module

A vulnerability has been reported in Windows Color Management Module that could let remote malicious users cause a buffer overflow, execute arbitrary code, or take complete control of a system.

Vendor updates available:
http://www.microsoft.com/technet/
security/bulletin/ms05-036.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Color Management Module Buffer Overflow or Arbitrary Code Execution

CAN-2005-1219

High

Microsoft Security Bulletin MS05-036, July 12, 2005

USCERT, Vulnerability Note VU#720742, July 12, 2005

Microsoft

Word

A vulnerability has been reported in Word that could let remote malicious users cause a buffer overflow or execute arbitrary code.

Vendor updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-035.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Word Buffer Overflow or Arbitrary Code Execution

CAN-2005-0564

High

Microsoft Security Bulletin MS05-035, July 12, 2005

USCERT, Vulnerability Note VU#218621, July 12, 2005

PrivaShare

PrivaShare 1.3

A vulnerability has been reported in PrivaShare that could let remote malicious users perform a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

PrivaShare Denial of Service

CAN-2005-2208

Low Secunia, Advisory: SA15933, july 7, 2005

Softiacom

WMailserver 1.0

A vulnerability has been reported in WMailserver that could let local malicious users disclosure information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WMailserver Information Disclosure

CAN-2005-2227

Medium Security Focus, 14212, July 11, 2005

Web Wiz

Web Wiz Forums 7.9, 8.0

A vulnerability has been reported in Web Wiz Forums that could let remote malicious users disclose information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Web Wiz Forums Information Disclosure

CAN-2005-2228

Medium Security Focus, 14207, July 11, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Backup Manager

Backup Manager 0.5.8a

Multiple file permission vulnerabilities have been reported in Backup Manager that could let local malicious users obtain elevated privileges or view/ modify the repository.

Update to version 0.5.8b:
http://www.sukria.net/packages/
backup-manager/sources/
backup-manager-0.5.8b.tar.gz

There is no exploit code required.

Backup Manager File Permissions

CAN-2005-2211
CAN-2005-2212

Medium Secunia, Advisory: SA15989, July 11, 2005

blogtorrent.
com

Blog Torrent 0.92

A vulnerability has been reported in Blog Torrent that could let remote malicious users disclose hashed passwords.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Blog Torrent Password Disclosure

CAN-2005-2229

Medium Security Tracker Alert ID: 1014449, July 11, 2005

Debian

Linux 3.1

A 'apt.conf' permission vulnerability has been reported in Debian that could let local malicious users access sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Debian File Permission

CAN-2005-2214

Medium Secunia, Advisory: SA15955, July 7, 2005

Elmo

Elmo 1.3.2

An insecure file creation vulnerability has been reported in Elmo that could let local users arbitrarily overwrite files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Elmo Arbitrary File Overwrite

CAN-2005-2230

Medium Secunia, Advisory: SA15977, July 12, 2005

GNATS

GNATS 4.1.0

A vulnerability has been reported in GNATS that could let local malicious uses overwrite arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

GNATS Arbitrary File Overwriting

CAN-2005-2180

Medium Secunia, Advisory: SA15963, July 7, 2005

GNU

MailWatch For MailScanner 1.0

An XML-RPC for PHP vulnerability has been reported in MailWatch For MailScanner that could let remote malicious users execute arbitrary code.

Update to version 1.0.1:
http://sourceforge.net/project/
showfiles.php?group_id=87163

There is no exploit code required.

MailWatch Arbitrary Code Execution

CAN-2005-1921

High Secunia, Advisory: SA15947, July 7, 2005

High Availability Linux Project

Heartbeat 1.2.3

An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Heartbeat Arbitrary File Overwrite

CAN-2005-2231

Medium Secunia Advisory: SA16039, July 12, 2005

IBM

AIX 5.3

Buffer overflow vulnerabilities have been reported in the 'invscout,' 'paginit,' 'diagTasksWebSM,' 'getlvname,' and 'swcons' commands and multiple 'p' commands, which could let a malicious user execute arbitrary code, potentially with root privileges.

IBM has released an advisory (IBM-06-10-2005) to address this and other issues.

Vendor fix available:
http://www-1.ibm.com/
servers/eserver/support/
pseries/aixfixes.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

High

Security Tracker Alert, 1014132, June 8, 2005

IBM Security Advisory, IBM-06-10-2005, June 10, 2005

Security Focus, 13909, July 7, 2005

IBM

ftpd

A timeout vulnerability has been reported in ftpd, on IBM AIX, that could let remote malicious users perform a Denial of Service.

Vendor fix available:
ftp://aix.software.ibm.com/aix/
efixes/security/ftpd_ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM ftpd Denial of Service

CAN-2005-2238

Low

Security Tracker, Alert ID: 1014421, July 8, 2005

USCERT, Vulnerability Note VU#118125, July 7, 2005

Lantronix

SecureLinx SLC Console Manager

A file access vulnerability has been reported in SecureLinx SLC Console Manager that could let remote malicious users access sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

SecureLinx SLC Console Manager File Disclosure

CAN-2005-2189

Medium Secunia, Advisory: SA15979, July 8, 2005

MediaWiki

MediaWiki 1.4.5

A vulnerability has been reported in MediaWiki that could let remote malicious users perform Cross-Site Scripting attacks.

Update to version 1.4.6:
http://sourceforge.net/project/
showfiles.php?group_id=34373

There is no exploit code required.

MediaWiki Cross Site Scripting

CAN-2005-2215

High Security Focus, 14181, July 7, 2005

MMS Ripper

MMS Ripper 0.6

A buffer overflow vulnerability has been reported in MMS Ripper that could let remote malicious users to execute arbitrary code.

Update to version 0.6.4:
http://nbenoit.tuxfamily.org/
projects.php?rq=mmsrip

Currently we are not aware of any exploits for this vulnerability.

MMS Ripper Arbitrary Code Execution

CAN-2005-2213

High Secunia, Advisory: SA15987, July 11, 2005

Mozilla

Bugzilla 2.18.2

 

A vulnerability has been reported in Bugzilla that could let remote malicious users disclose private summaries or modify flags.

Vendor fix available:
http://www.bugzilla.org/
download.html

There is no exploit code required.

Bugzilla Private Summary Disclosure or Flag Modification

CAN-2005-2173
CAN-2005-2174

Medium Security Tracker, Alert ID: 1014428, July 8, 2005

Multiple Vendors

dhcpcd 1.3.22

A vulnerability has been reported in dchpcd that could let a remote user perform a Denial of Service.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

dhcpcd Denial of Service

CAN-2005-1848

Low Secunia, Advisory: SA15982, July 11, 2005

Multiple Vendors

Linux Kernel 2.4, 2.6

A race condition in ia32 emulation, vulnerability has been reported in the Linux Kernel that could let local malicious users obtain root privileges or create a buffer overflow.

Patch Available:
http://kernel.org/pub/linux/
kernel/v2.4/testing/
patch-2.4.32-pre1.bz2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Race Condition and Buffer Overflow

CAN-2005-1768

High Security Focus, 14205, July 11, 2005

PunBB

PunBB 1.2.5

An input validation vulnerability has been reported in PunBB that could let remote malicious users execute arbitrary code or perform SQL injection attacks.

Update to version 1.2.6:
http://www.punbb.org/download/

There is no exploit code required; however, a Proof of Concept exploit has been published.

PunBB SQL Injection or Arbitrary Code Execution

CAN-2005-2193

High Security Tracker, Alert ID: 1014420, July 8, 2005

SGI

SGI ArrayD ARShell 3.0, 4.0

A vulnerability has been reported in SGI ArrayD ARShell that could let remote malicious users obtain elevated root privileges.

Vendor patches available: http://support.sgi.com/

Currently we are not aware of any exploits for this vulnerability.

SGI ARShell Elevated Privileges

CAN-2005-1859

High Security Focus, 14218, July 12, 2005

TikiWiki

TikiWiki 1.x

A vulnerability has been reported in TikiWiki that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

TikiWiki Arbitrary Code Execution

CAN-2005-1921

High Secunia, Advisory: SA15944, July 7, 2005

XPVM

XPVM 1.2.5

An insecure file creation vulnerability has been reported in XPVM that could let local malicious users arbitrarily overwrite files.

No workaround or patch available at time of publishing.

There is no exploit code required.

XPVM Arbitrary File Overwrite

CAN-2005-2240

Medium Secunia Advisory: SA16040, July 12, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Ampache

Ampache 3.3.1

An XML-RPC for PHP vulnerability has been reported in Ampache that could let remote malicious users execute arbitrary code.

Update to version 3.3.1.2:
http://www.ampache.org/
download.php

There is no exploit code required.

Ampache Arbitrary Code Execution

CAN-2005-1921

High Secunia, Advisory: SA15957, July 8, 2005

Appalachian State University

phpWebSite 0.10.1

Multiple vulnerabilities have been reported in phpWebSite that could let remote malicious users perform SQL injection or execute arbitrary code.

Vendor Patch Available:
http://www.phpwebsite.
appstate.edu/
index.php?module=announce&
ANN_user_op=
view&ANN_id=989

There is no exploit code required; however, a Proof of Concept exploit has been published.

phpWebSite SQL Injection or Arbitrary Code Execution

CAN-2005-1921

High Secunia, Advisory: SA15958, SA16001, July 8, 2005

CA Computer Associates (Netegrity)

eTrust SiteMinder 5.5

An input validation vulnerability has been reported in eTrust SiteMinder (smpwservicescgi.exe) that could let remote malicious users perform Cross-Site Scripting attacks

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

eTrust SiteMinder Cross-Site Scripting

CAN-2005-2204

High Security Tracker, Alert ID: 1014433, July 9, 2005

Cisco Systems

CallManager V3.3

Multiple vulnerabilities have been reported in CallManager that could let remote malicious users perform Denial of Service or arbitrary code execution.

Vendor updates available:
http://www.cisco.com/en/US/
products/products_security_
advisory09186a00804c0c26.
shtml

Currently we are not aware of any exploits for this vulnerability.

Cisco CallManager Denial of Service or Arbitrary Code Execution

CAN-2005-2241
CAN-2005-2242
CAN-2005-2243
CAN-2005-2244

High Security Focus, 14227, July 12, 2005

Cisco Systems

Cisco 7940 & 7960 Series Phones

A vulnerability has been reported in Cisco 7940 & 7960 Series Phones that could let remote malicious users spoof SIP notify messages packets.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Cisco 7940/7960 SIP Packet Spoofing

CAN-2005-2181

Medium Security Tracker, Alert ID: 1014406, July 6, 2005

Dansie

Dansie Shopping Cart

A vulnerability has been reported in Dansie Shopping Cart that could let remote malicious users disclose the variable file.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Dansie Shopping Cart Variables Disclosure

CAN-2005-2217

Medium
Security Tracker, Alert ID: 1014396, July 6, 2005

Download Protect

Download Protect 1.0.2b

An input validation vulnerability has been reported in Download Protect that could let remote malicious users disclose sensitive information.

Update to version 1.0.3:
http://php.reinsveien.com/
DP/download.php

There is no exploit code required.

Download Protect Information Disclosure

CAN-2005-2248

Medium Secunia, Advisory: SA16003, July 11, 2005

F5

Big-IP 9.0.2-9.1

A SSl authentication vulnerability has been reported in Big-IP that could let remote malicious users bypass authentication.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

BIG-IP Authentication Bypassing

CAN-2005-2245

Medium Secunia, Advisory: SA16008, July 12, 2005

Grandstream Networks

BudgeTone 100 Series Phones

A vulnerability has been reported in BudgeTone 100 Series Phones that could let remote malicious users spoof SIP-notify-messages packets.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

BudgeTone 100 SIP Packet Spoofing

CAN-2005-2182

Medium Security Tracker, Alert ID: 1014407, July 6, 2005

IBM

Tivoli Management Framework Endpoint Service (Icfd) 4.1.1

A vulnerability has been reported in Tivoli Management Framework Endpoint Service (Icfd) that could let remote malicious users perform a Denial of Service.

Vendor patch available:
http://www-1.ibm.com/support/
docview.wss?uid=swg21210334


There is no exploit code required.

Tivoli Management Framework Endpoint Service (lcfd) Denial of Service

CAN-2005-2170

Low IBM Flash Alert, Reference #:
1210334, July 7, 2005

Id Team

Id Board 1.1.3

An input validation vulnerability has been reported in Id Board that could let a remote malicious user perform SQL injection attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Id Board SQL Injection

CAN-2005-2197

High Secunia, Advisory: SA15976, July 11, 2005

Interspire

ArticleLive 2005

Multiple vulnerabilities have been reported which could let a remote malicious user obtain administrative access and execute arbitrary HTML and script code.

Update to ArticleLive 2005.0.5:
http://www.interspire.com/
articlelive/

There is no exploit code required; however, a Proof of Concept exploit has been published.

Interspire ArticleLive Multiple Remote Vulnerabilities

CAN-2005-1482
CAN-2005-1483

High

Security Focus,
13493, May 4, 2005

Security Focus, 13493, July 7, 2005

iPhoto Album

iPhotoAlbum 1.1

An include file vulnerability has been reported in IPhotoAlbum Gallery that could let remote malicious users execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

iPhotoAlbum Arbitrary Command Execution

CAN-2005-2246

High Security Tracker Alert ID: 1014448, July 11, 2005

Jinzora

Jinzora 2.0.1

A file inclusion vulnerability has been reported in Jinzora that could allow a remote malicious user to include arbitrary files.

Update to version 2.1:
http://www.jinzora.org/
pages.php?
pn=downloads

There is no exploit code required.

Jinzora Arbitrary File Inclusion

CAN-2005-2249

Medium Secunia, Advisory: SA15952, July 7, 2005

Moodle

Moodle 1.5.1

Multiple vulnerabilities have been reported in Moodle that could let users perform unknown actions.

Vendor fix available:
http://download.moodle.org/

Currently we are not aware of any exploits for this vulnerability.

Moodle Vulnerabilities

CAN-2005-2247

Not Specified Security Tracker Alert ID: 1014453, July 12, 2005

Nokia

Affix BTFTP

A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code.

Vendor patch available:
Affix_320_sec.patch
http://affix.sourceforge.net/
affix_320_sec.patch

Affix_212_sec.patch
http://affix.sourceforge.net/
affix_212_sec.patch

An exploit has been published.

Nokia Affix BTFTP Arbitrary Code Execution High Security Focus, 14230, July 12, 2005

Novell

NetMail 3.5

A vulnerability has been reported in NetMail that could let remote malicious users to insert scripts into mail.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Novell Netmail Script Insertion Vulnerability

CAN-2005-2176

High Secunia, Advisory: SA15962, July 8, 2005

PHP Secure Pages

PHP Secure Pages 0.28Beta

An input validation vulnerability has been reported in PHP Secure Pages that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

phpSecurePages Arbitrary Code Execution

CAN-2005-2251


High Security Tracker, Alert ID: 1014410, July 7, 2005

PHPAuction

PHPAuction 2.5

Multiple vulnerabilities have been reported in PHPAuction that could let remote malicious users perform Cross-Site Scripting, SQL injection, or bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPAuction Cross-Site Scripting, SQL Injection, or Authentication Bypassing

CAN-2005-2252
CAN-2005-2253
CAN-2005-2254
CAN-2005-2255

High Security Tracker, Alert ID: 1014423, July 8, 2005

PhpSplash.org

PhpSplash 0.8.0

An access control vulnerability has been reported in phpSplash (saveProfile()) that could let remote malicious users hijack user accounts or obtain elevated privileges.

Vendor fix issued:
http://sourceforge.net/project/
showfiles.php?group_id=10566

There is no exploit code required.

phpSlash Account Hijacking or Elevated Privileges

CAN-2005-2257

Medium Secunia, Advisory: SA15936, July 8, 2005

phpWishList

phpWishList 0.1.15

A vulnerability has been reported in phpWishList that could let remote malicious users obtain unauthorized administrative access.

Vendor fix available:
http://sourceforge.net/project/
showfiles.php?group_id=121847

There is no exploit code required.

phpWishList Unauthorized Administrative Access

CAN-2005-2203

High Security Tracker Alert ID: 1014432, July 9, 2005

PhpXMail

PhpXMail 1.1

A vulnerability has been reported in PhpXMail that could allow a remote malicious user to bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required.

PhpXmail Authentication Bypassing

CAN-2005-2183

Medium Secunia, Advisory: SA15951, July 7, 2005

pngren

pngren

An input validation vulnerability has been reported in pngren (kaiseki.cgi) that could let remote malicious users execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

pngren Arbitrary Command Execution

CAN-2005-2205

High Security Tracker, Alert ID: 1014426, July 8, 2005

Sheddtech

PhotoGal 1.5

A vulnerability has been reported in PhotoGal that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PhotoGal Arbitrary Code Execution

CAN-2005-2216

High Security Tracker Alert ID: 1014397, July 6, 2005

Simple PHP Blog

Simple PHP Blog 0.4.0

A vulnerability has been reported in Simple PHP Blog that could let remote malicious users obtain the password file.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Simple PHP Blog Password Exposure

CAN-2005-2192

Medium Secunia, Advisory: SA15954, July 8, 2005

SPiD

SPiD 1.3.0

A vulnerability has been reported in SPiD that could let remote malicious users include arbitrary files to execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SPiD Arbitrary File Inclusion

CAN-2005-2198

High Security Focus, 14208, July 11, 2005

Squito Soft

Squito Gallery 1.33

An include file vulnerability has been reported in Squito Gallery that could let remote malicious users execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Squito Gallery Arbitrary Commands Execution

CAN-2005-2258

High Security Tracker Alert ID: 1014447, July 11, 2005

USANet Creations

MakeBid Deluxe Auction, USANet Shopping Mall, Domain Name Auction, Standard Classified Ads, MakeBid Reverse Auction, MakeBid Standard Auction

An input validation vulnerability has been reported in MakeBid Deluxe Auction, USANet Shopping Mall, Domain Name Auction, Standard Classified Ads, MakeBid Reverse Auction, MakeBid Standard Auction that could let remote malicious users execute commands.

Vendor fix available:
http://www.usanetcreations.com/
updates/index.html

There is no exploit code required.

USANet Remote Command Execution

CAN-2005-2259

High Security Tracker, Alert ID: 1014411, July 7, 2005

Xerox

Workcentre Pro C2128, C2636, C3545

A vulnerability has been reported in WorkCentre Pro that could let remote malicious users bypass authentication, access files, modify web pages, or perform a Denial of Service.

Vendor patch available:
http://www.xerox.com/
downloads/usa/en/c/
cert_P22_NIAP_
WCP_C_Only.zip

There is no exploit code required.

Xerox WorkCentre Pro Authentication Bypassing, Unauthorized Files Access, Web Page Modification, or Denial of Service

CAN-2005-2200
CAN-2005-2201
CAN-2005-2202

Medium Security Tracker, Alert ID: 1014429, July 8, 2005

WrYBiT

PPA 0.5.6

An include flag vulnerability has been reported in PPA that could let remote malicious users execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PPA Arbitrary Command Execution

CAN-2005-2199

High Security Tracker Alert ID: 1014436, July 10, 2005

Zlib

Zlib 1.2.2

A buffer overflow vulnerability has been reported in Zlib that could let remote malicious users execute arbitrary code.

Updates available, see USCERT Vulnerability Note:
http://www.kb.cert.org/vuls/
id/680620

Currently we are not aware of any exploits for this vulnerability.

Zlib Arbitrary Code Execution

CAN-2005-2096

High

Security Focus, 14162, July 11, 2005

USCERT, Vulnerability Note VU#680620, July 12, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • New Security Tools Sniff Out WLAN Attacks: New tools and features from two manufacturers of wireless security software will help network administrators sniff out rogue wireless systems and spot attacks that spread over wireless links. AirDefense Inc. and Newbury Networks Inc. each announced software in the past two weeks that gives administrators new ways to inventory authorized wireless devices; spot attacks; and even spot rogue devices lurking in unsuspected places, a process known as wardriving. Source: http://www.eweek.com/article2/0,1895,1834899,00.asp.

Wireless Vulnerabilities

  • New Wireless “Zero-Day” Attack Discovered: The security threat of wireless networks to the enterprise keeps growing. The discover of a new wireless attack, “phlooding”, targets businesses central authentication server with the goal of overloading it and cause a Denial of Service attack. The “phlooding” attack, discovered by AirMagnet, describes a group of simultaneous but geographically distributed attacks that targets wireless access points with login requests using multiple password combination in what are known as dictionary attacks. Source: http://www.ebcvg.com/articles.php?id=802.

[back to top] 

Recent Exploit Scripts/Techniques

The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
July 12, 2005 blogtorrent092.txt Yes

Proof of Concept exploit for Blog Torrent password disclosure.

July 12, 2005 hostingCreate.txt No Proof of Concept exploit for Hosting Controller Credit Modification or Account Creation vulnerability.
July 12, 2005 idboard113SQL.txt No

Proof of concept exploit for Id Board SQL Injection vulnerability.

July 8, 2005 kaiseki.txt No

Proof of Concept exploit for pngren Arbitrary Command Execution, in kaiseki.cgi, vulnerability.

July 8, 2005 simplephpBlog040.txt Yes

Proof of concept exploit for Simple PHP Blog Password Exposure vulnerability.

July 7, 2005 aspjarSQL.txt No

Proof of Concept for ASPJar SQl Injection vulnerability.

July 7, 2005 btftp.txt Yes Exploit for Nokia Affix BTFTP Arbitrary Code Execution vulnerability.
July 7, 2005 cartwizMulti.txt No Proof of Concept exploit for CartWIZ Cross Site Scripting or SQL Injection vulnerability.
July 7, 2005 comersusMulti.txt No

Proof of concept exploit for Comersus Cart Cross Site Scripting or SQL Injection vulnerability.

July 7, 2005 dosPlanet.txt No

Proof of Concept exploit for PlanetFileServer Denial of Service vulnerability.

July 7, 2005 druppy461.pl.txt Yes Exploit for Drupal Arbitrary PHP Code Execution vulnerability.
July 7, 2005 eRoomVuln.txt No Exploit for the eRoom Plug-In Insecure File Download Handling vulnerability.
July 7, 2005 gnats.txt Yes Proof of Concept exploit for GNATS Arbitrary File Overwriting vulnerability.
July 7, 2005 idm405.txt No Proof of concept exploit for Internet Download Manager Arbitrary Code Execution vulnerability.
July 7, 2005 iejavaprxyexploit.pl.txt Yes

Proof of Concept exploit for Microsoft Internet Explorer javaprxy.dll COM object vulnerability.

July 7, 2005 imail.cookie.txt Yes Proof of Concept exploit for IMail Password Disclosure vulnerability.
July 7, 2005 kpopper10.txt No Exploit for the KPopper Insecure Temporary File Creation vulnerability.
July 7, 2005 McAfeeIPS.txt No

Proof of Concept exploit for McAfee Security Management System Elevated Privileges or Cross Site Scripting vulnerability.

July 7, 2005 myguestbook_advisory.txt No Proof of Concept exploit for MyGuestbook 'Form.Inc.PHP3' Remote File Include vulnerability.
July 7, 2005 pearxmlrpc.pl.txt
Yes
Exploit for the Multiple Vendors XML-RPC for PHP Remote Code Injection vulnerability.
July 7, 2005 phpAuctionMulti.txt No Proof of Concept exploit for PHPAuction Cross-Site Scripting, SQL Injection, or Authentication Bypassing vulnerability.
July 7, 2005 phpbb2015.py.txt
Yes
Exploit for the php 2.0.15 viewtopic.php remote command execution vulnerability.
July 7, 2005 phpbb2015dad.txt
Yes
Exploit for the php 2.0.15 viewtopic.php remote command execution vulnerability.
July 7, 2005 phpsource.traverse.txt No Proof of Concept exploit for Quick & Dirty PHPSource Printer Directory Traversal vulnerability.
July 7, 2005 phpwebsiteSQL.txt Yes

Proof of Concept exploit for phpWebSite SQL Injection or Arbitrary Code Execution vulnerability.

July 7, 2005 r57xoops.pl Yes Exploit for the Multiple Vendors XML-RPC for PHP Remote Code Injection vulnerability.
July 7, 2005 solsockjack.c Yes Proof of Concept exploit for the Solaris SO_REUSEADDR Hijack vulnerability.
July 7, 2005 xmlrpcAnti.pl.txt Yes Exploit for the Multiple Vendors XML-RPC for PHP Remote Code Injection vulnerability.

[back to top]

Trends

  • ICANN warns world of domain hijacking: A report by the internet's leading security experts has warned the world of the risk of domain name hijacking. ICANN's Security and Stability Advisory Committee has outlined several famous and recent thefts of websites, including Panix.com, Hushmail.com and HZ.com, and listed where the system went wrong and what can be done to correct the flaws. Source: http://www.theregister.co.uk/2005/07/12/icann_domain_hijacking/.
  • Zombie bots fuel spyware boom: Zombie bots such as Gaobot, MyTob and SDbot are often central to the spread of spyware. In just the first and second quarters of 2005, the number of exploited machines using backdoor techniques has increased over 63 per cent from the total at the end of 2004. Source: http://www.theregister.co.uk/2005/07/11/malware_report_mcafee/.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P
Win 32 Worm Slight Increase March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2 Zafi-D Win 32 Worm Increase December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
3 Mytob.c Win 32 Worm Decrease March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
4 Netsky-Q Win 32 Worm Slight Decrease March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
4 Mytob-BE Win 32 Worm New June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
6 Lovgate.w Win 32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
6 Netsky-Z Win 32 Worm Increase April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
6 Mytob-AS Win 32 Worm New June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
9 Netsky-D Win 32 Worm Decrease March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
10 Mytob-EP Win 32 Worm New June 2005 Another slight variant of the mass-mailing worm that utilizes an IRC backdoor and LSASS vulnerability to propagate. Also propagates by email, harvesting addresses from the Windows address book.

Table Updated July 11, 2005

Viruses or Trojans Considered to be a High Level of Threat

  • Targeted Trojan Email Attacks: The United States Computer Emergency Readiness Team (US-CERT) has received reports of an email based technique for spreading trojan horse programs. A trojan horse is an attack method by which malicious or harmful code is contained inside apparently harmless files. Once opened, the malicious code can collect unauthorized information that can be exploited for various purposes, or permit computers to be used surreptitiously for other malicious activity. The emails are sent to specific individuals rather than the random distributions associated with a phishing attack or other trojan activity. Source: Technical Cyber Security Alert TA05-189A, http://www.us-cert.gov/cas/techalerts/TA05-189A.html.

[back to top

 

 
Last updated

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities

The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Capturix Technologies

ScanShare 1.06

A vulnerability has been reported in ScanShare that could let local malicious users disclose passwords.

No workaround or patch available at time of publishing.

There is no exploit code required.

Capturix ScanShare Password Disclosure

CAN-2005-2209

Medium Security Tracker, Alert ID: 1014409, July 7, 2005

ClearSwift

MIMEsweeper 5.1

A vulnerability has been reported in MIMEsweeper that could let remote malicious users inject arbitrary code.

Vendor update available:
http://www.clearswift.com/support/
msw/patch_MswWeb.aspx

There is no exploit code required.

ClearSwift MIMEsweeper Arbitrary Code Injection High Security Tracker Alert ID: 1014456, July 12, 2005

Comersus

Comersus Cart 6.0.41

An input validation vulnerability has been reported in Comersus Cart that could let remote malicious users perform Cross-Site scripting or SQL injection attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Comersus Cart Cross Site Scripting or SQL Injection

CAN-2005-2190
CAN-2005-2191

High Security Tracker, Alert ID: 1014419, July 7, 2005

Elemental Software

CartWiz 1.20

An input validation vulnerability has been reported in CartWiz that could let remote malicious users perform Cross-Site Scripting or SQL injection attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

CartWIZ Cross Site Scripting or SQL Injection

CAN-2005-2206
CAN-2005-2207

High Security Tracker, Alert ID: 1014418, July 7, 2005

Hosting Controller

Hosting Controller 6.1 Hotfix 2.1

Multiple vulnerabilities have been reported in Hosting Controller (AccountActions.asp) that could let remote authenticated, malicious users to modify their credit limit or create new accounts.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Hosting Controller Credit Modification or Account Creation

CAN-2005-2219

Medium Security Tracker Alert ID: 1014443, 1014446, July 11, 2005

K-Meleon

K-Meleon Browser 0.9

An empty javascript function processing vulnerability has been reported in K-Meleon Browser that could let remote malicious users perform a Denial of Service.

As a workaround disable Javascript.

A Proof of Concept exploit has been published.

K-Meleon Denial of Service

CAN-2005-2114

Low

Security Tracker Alert ID: 1014372, July 4, 2005

Advisory erroneously referenced.

MailEnable

MailEnable Professional 1.6

A vulnerability has been reported in MailEnable Professional that could let remote malicious users execute arbitrary code or a Denial of Service during authentication.

Vendor fix available:
http://www.mailenable.com/
download.asp

Currently we are not aware of any exploits for this vulnerability.

MailEnable Professional Arbitrary Code Execution

CAN-2005-2222
CAN-2005-2223

High Security Tracker, Alert ID: 1014427, July 8, 2005

McAfee

Security Management System

Multiple vulnerabilities have been reported in Security Management System that could let remote authenticated, malicious users obtain elevated privileges or perform Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

McAfee Security Management System Elevated Privileges or Cross Site Scripting

CAN-2005-2186
CAN-2005-2187

High Secunia, Advisory: SA15961, July 7, 2005

Microsoft

ASP .NET

An input validation vulnerability has been reported in ASP .NET that could let remote malicious users perform a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASP.NET Denial of Service

CAN-2005-2224

Low Secunia, Advisory: SA16005, July 12, 2005

Microsoft

JView Profiler

A vulnerability has been reported in JView Profiler that could let remote malicious users execute arbitrary code.

Vendor updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-037.mspx

There is no exploit code required; however, a Proof of Concept exploit has been published.

JView Profiler Arbitrary Code Execution

CAN-2005-2087

High

Microsoft Security Bulletin MS05-037, July 12, 2005

USCERT, Vulnerability Note VU#939605, July 12, 2005

Microsoft

MSN Messenger Protocol

A vulnerability has been reported in MSN Messenger Protocol that could let remote malicious users perform a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MSN Messenger Protocol Denial of Service

CAN-2005-2225

Low Security Tracker Alert ID: 1014444, July 11, 2005

Microsoft

MSRPC

Multiple vulnerabilities have been reported in MS remote procedure call that could let remote malicious users disclose information.

Upgrade to Update RollUp 1:
http://www.microsoft.com/
downloads/details.aspx?
amp;displaylang=en&
familyid=c0a2ca36-
1179-431c-80e6-
60a494d3823d&displaylang=en

Currently we are not aware of any exploits for this vulnerability.

Microsoft MSRPC Information Disclosure

CAN-2005-2150

Medium Security Focus, 14177, 14178, July 7, 2005

Microsoft

Outlook Express 6.0

Multiple vulnerabilities have been reported in Outlook Express that could let a remote malicious user disclose information or crash the system.

Vendor update available:
http://support.microsoft.com/
default.aspx/kb/
900930/EN-US/

Some included vulnerabilities are no exploit code required, others may have published exploits.

Microsoft Outlook Express Information Disclosure or System Crash

CAN-2005-2226

Medium Security Focus, 14225, July 12, 2005

Microsoft

Windows Color Management Module

A vulnerability has been reported in Windows Color Management Module that could let remote malicious users cause a buffer overflow, execute arbitrary code, or take complete control of a system.

Vendor updates available:
http://www.microsoft.com/technet/
security/bulletin/ms05-036.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Color Management Module Buffer Overflow or Arbitrary Code Execution

CAN-2005-1219

High

Microsoft Security Bulletin MS05-036, July 12, 2005

USCERT, Vulnerability Note VU#720742, July 12, 2005

Microsoft

Word

A vulnerability has been reported in Word that could let remote malicious users cause a buffer overflow or execute arbitrary code.

Vendor updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-035.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Word Buffer Overflow or Arbitrary Code Execution

CAN-2005-0564

High

Microsoft Security Bulletin MS05-035, July 12, 2005

USCERT, Vulnerability Note VU#218621, July 12, 2005

PrivaShare

PrivaShare 1.3

A vulnerability has been reported in PrivaShare that could let remote malicious users perform a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

PrivaShare Denial of Service

CAN-2005-2208

Low Secunia, Advisory: SA15933, july 7, 2005

Softiacom

WMailserver 1.0

A vulnerability has been reported in WMailserver that could let local malicious users disclosure information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WMailserver Information Disclosure

CAN-2005-2227

Medium Security Focus, 14212, July 11, 2005

Web Wiz

Web Wiz Forums 7.9, 8.0

A vulnerability has been reported in Web Wiz Forums that could let remote malicious users disclose information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Web Wiz Forums Information Disclosure

CAN-2005-2228

Medium Security Focus, 14207, July 11, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Backup Manager

Backup Manager 0.5.8a

Multiple file permission vulnerabilities have been reported in Backup Manager that could let local malicious users obtain elevated privileges or view/ modify the repository.

Update to version 0.5.8b:
http://www.sukria.net/packages/
backup-manager/sources/
backup-manager-0.5.8b.tar.gz

There is no exploit code required.

Backup Manager File Permissions

CAN-2005-2211
CAN-2005-2212

Medium Secunia, Advisory: SA15989, July 11, 2005

blogtorrent.
com

Blog Torrent 0.92

A vulnerability has been reported in Blog Torrent that could let remote malicious users disclose hashed passwords.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Blog Torrent Password Disclosure

CAN-2005-2229

Medium Security Tracker Alert ID: 1014449, July 11, 2005

Debian

Linux 3.1

A 'apt.conf' permission vulnerability has been reported in Debian that could let local malicious users access sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

Debian File Permission

CAN-2005-2214

Medium Secunia, Advisory: SA15955, July 7, 2005

Elmo

Elmo 1.3.2

An insecure file creation vulnerability has been reported in Elmo that could let local users arbitrarily overwrite files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Elmo Arbitrary File Overwrite

CAN-2005-2230

Medium Secunia, Advisory: SA15977, July 12, 2005

GNATS

GNATS 4.1.0

A vulnerability has been reported in GNATS that could let local malicious uses overwrite arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

GNATS Arbitrary File Overwriting

CAN-2005-2180

Medium Secunia, Advisory: SA15963, July 7, 2005

GNU

MailWatch For MailScanner 1.0

An XML-RPC for PHP vulnerability has been reported in MailWatch For MailScanner that could let remote malicious users execute arbitrary code.

Update to version 1.0.1:
http://sourceforge.net/project/
showfiles.php?group_id=87163

There is no exploit code required.

MailWatch Arbitrary Code Execution

CAN-2005-1921

High Secunia, Advisory: SA15947, July 7, 2005

High Availability Linux Project

Heartbeat 1.2.3

An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Heartbeat Arbitrary File Overwrite

CAN-2005-2231

Medium Secunia Advisory: SA16039, July 12, 2005

IBM

AIX 5.3

Buffer overflow vulnerabilities have been reported in the 'invscout,' 'paginit,' 'diagTasksWebSM,' 'getlvname,' and 'swcons' commands and multiple 'p' commands, which could let a malicious user execute arbitrary code, potentially with root privileges.

IBM has released an advisory (IBM-06-10-2005) to address this and other issues.

Vendor fix available:
http://www-1.ibm.com/
servers/eserver/support/
pseries/aixfixes.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

High

Security Tracker Alert, 1014132, June 8, 2005

IBM Security Advisory, IBM-06-10-2005, June 10, 2005

Security Focus, 13909, July 7, 2005

IBM

ftpd

A timeout vulnerability has been reported in ftpd, on IBM AIX, that could let remote malicious users perform a Denial of Service.

Vendor fix available:
ftp://aix.software.ibm.com/aix/
efixes/security/ftpd_ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM ftpd Denial of Service

CAN-2005-2238

Low

Security Tracker, Alert ID: 1014421, July 8, 2005

USCERT, Vulnerability Note VU#118125, July 7, 2005

Lantronix

SecureLinx SLC Console Manager

A file access vulnerability has been reported in SecureLinx SLC Console Manager that could let remote malicious users access sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

SecureLinx SLC Console Manager File Disclosure

CAN-2005-2189

Medium Secunia, Advisory: SA15979, July 8, 2005

MediaWiki

MediaWiki 1.4.5

A vulnerability has been reported in MediaWiki that could let remote malicious users perform Cross-Site Scripting attacks.

Update to version 1.4.6:
http://sourceforge.net/project/
showfiles.php?group_id=34373

There is no exploit code required.

MediaWiki Cross Site Scripting

CAN-2005-2215

High Security Focus, 14181, July 7, 2005

MMS Ripper

MMS Ripper 0.6

A buffer overflow vulnerability has been reported in MMS Ripper that could let remote malicious users to execute arbitrary code.

Update to version 0.6.4:
http://nbenoit.tuxfamily.org/
projects.php?rq=mmsrip

Currently we are not aware of any exploits for this vulnerability.

MMS Ripper Arbitrary Code Execution

CAN-2005-2213

High Secunia, Advisory: SA15987, July 11, 2005

Mozilla

Bugzilla 2.18.2

 

A vulnerability has been reported in Bugzilla that could let remote malicious users disclose private summaries or modify flags.

Vendor fix available:
http://www.bugzilla.org/
download.html

There is no exploit code required.

Bugzilla Private Summary Disclosure or Flag Modification

CAN-2005-2173
CAN-2005-2174

Medium Security Tracker, Alert ID: 1014428, July 8, 2005

Multiple Vendors

dhcpcd 1.3.22

A vulnerability has been reported in dchpcd that could let a remote user perform a Denial of Service.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

dhcpcd Denial of Service

CAN-2005-1848

Low Secunia, Advisory: SA15982, July 11, 2005

Multiple Vendors

Linux Kernel 2.4, 2.6

A race condition in ia32 emulation, vulnerability has been reported in the Linux Kernel that could let local malicious users obtain root privileges or create a buffer overflow.

Patch Available:
http://kernel.org/pub/linux/
kernel/v2.4/testing/
patch-2.4.32-pre1.bz2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Race Condition and Buffer Overflow

CAN-2005-1768

High Security Focus, 14205, July 11, 2005

PunBB

PunBB 1.2.5

An input validation vulnerability has been reported in PunBB that could let remote malicious users execute arbitrary code or perform SQL injection attacks.

Update to version 1.2.6:
http://www.punbb.org/download/

There is no exploit code required; however, a Proof of Concept exploit has been published.

PunBB SQL Injection or Arbitrary Code Execution

CAN-2005-2193

High Security Tracker, Alert ID: 1014420, July 8, 2005

SGI

SGI ArrayD ARShell 3.0, 4.0

A vulnerability has been reported in SGI ArrayD ARShell that could let remote malicious users obtain elevated root privileges.

Vendor patches available: http://support.sgi.com/

Currently we are not aware of any exploits for this vulnerability.

SGI ARShell Elevated Privileges

CAN-2005-1859

High Security Focus, 14218, July 12, 2005

TikiWiki

TikiWiki 1.x

A vulnerability has been reported in TikiWiki that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

TikiWiki Arbitrary Code Execution

CAN-2005-1921

High Secunia, Advisory: SA15944, July 7, 2005

XPVM

XPVM 1.2.5

An insecure file creation vulnerability has been reported in XPVM that could let local malicious users arbitrarily overwrite files.

No workaround or patch available at time of publishing.

There is no exploit code required.

XPVM Arbitrary File Overwrite

CAN-2005-2240

Medium Secunia Advisory: SA16040, July 12, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Ampache

Ampache 3.3.1

An XML-RPC for PHP vulnerability has been reported in Ampache that could let remote malicious users execute arbitrary code.

Update to version 3.3.1.2:
http://www.ampache.org/
download.php

There is no exploit code required.

Ampache Arbitrary Code Execution

CAN-2005-1921

High Secunia, Advisory: SA15957, July 8, 2005

Appalachian State University

phpWebSite 0.10.1

Multiple vulnerabilities have been reported in phpWebSite that could let remote malicious users perform SQL injection or execute arbitrary code.

Vendor Patch Available:
http://www.phpwebsite.
appstate.edu/
index.php?module=announce&
ANN_user_op=
view&ANN_id=989

There is no exploit code required; however, a Proof of Concept exploit has been published.

phpWebSite SQL Injection or Arbitrary Code Execution

CAN-2005-1921

High Secunia, Advisory: SA15958, SA16001, July 8, 2005

CA Computer Associates (Netegrity)

eTrust SiteMinder 5.5

An input validation vulnerability has been reported in eTrust SiteMinder (smpwservicescgi.exe) that could let remote malicious users perform Cross-Site Scripting attacks

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

eTrust SiteMinder Cross-Site Scripting

CAN-2005-2204

High Security Tracker, Alert ID: 1014433, July 9, 2005

Cisco Systems

CallManager V3.3

Multiple vulnerabilities have been reported in CallManager that could let remote malicious users perform Denial of Service or arbitrary code execution.

Vendor updates available:
http://www.cisco.com/en/US/
products/products_security_
advisory09186a00804c0c26.
shtml

Currently we are not aware of any exploits for this vulnerability.

Cisco CallManager Denial of Service or Arbitrary Code Execution

CAN-2005-2241
CAN-2005-2242
CAN-2005-2243
CAN-2005-2244

High Security Focus, 14227, July 12, 2005

Cisco Systems

Cisco 7940 & 7960 Series Phones

A vulnerability has been reported in Cisco 7940 & 7960 Series Phones that could let remote malicious users spoof SIP notify messages packets.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Cisco 7940/7960 SIP Packet Spoofing

CAN-2005-2181

Medium Security Tracker, Alert ID: 1014406, July 6, 2005

Dansie

Dansie Shopping Cart

A vulnerability has been reported in Dansie Shopping Cart that could let remote malicious users disclose the variable file.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Dansie Shopping Cart Variables Disclosure

CAN-2005-2217

Medium
Security Tracker, Alert ID: 1014396, July 6, 2005

Download Protect

Download Protect 1.0.2b

An input validation vulnerability has been reported in Download Protect that could let remote malicious users disclose sensitive information.

Update to version 1.0.3:
http://php.reinsveien.com/
DP/download.php

There is no exploit code required.

Download Protect Information Disclosure

CAN-2005-2248

Medium Secunia, Advisory: SA16003, July 11, 2005

F5

Big-IP 9.0.2-9.1

A SSl authentication vulnerability has been reported in Big-IP that could let remote malicious users bypass authentication.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

BIG-IP Authentication Bypassing

CAN-2005-2245

Medium Secunia, Advisory: SA16008, July 12, 2005

Grandstream Networks

BudgeTone 100 Series Phones

A vulnerability has been reported in BudgeTone 100 Series Phones that could let remote malicious users spoof SIP-notify-messages packets.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

BudgeTone 100 SIP Packet Spoofing

CAN-2005-2182

Medium Security Tracker, Alert ID: 1014407, July 6, 2005

IBM

Tivoli Management Framework Endpoint Service (Icfd) 4.1.1

A vulnerability has been reported in Tivoli Management Framework Endpoint Service (Icfd) that could let remote malicious users perform a Denial of Service.

Vendor patch available:
http://www-1.ibm.com/support/
docview.wss?uid=swg21210334


There is no exploit code required.

Tivoli Management Framework Endpoint Service (lcfd) Denial of Service

CAN-2005-2170

Low IBM Flash Alert, Reference #:
1210334, July 7, 2005

Id Team

Id Board 1.1.3

An input validation vulnerability has been reported in Id Board that could let a remote malicious user perform SQL injection attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Id Board SQL Injection

CAN-2005-2197

High Secunia, Advisory: SA15976, July 11, 2005

Interspire

ArticleLive 2005

Multiple vulnerabilities have been reported which could let a remote malicious user obtain administrative access and execute arbitrary HTML and script code.

Update to ArticleLive 2005.0.5:
http://www.interspire.com/
articlelive/

There is no exploit code required; however, a Proof of Concept exploit has been published.

Interspire ArticleLive Multiple Remote Vulnerabilities

CAN-2005-1482
CAN-2005-1483

High

Security Focus,
13493, May 4, 2005

Security Focus, 13493, July 7, 2005

iPhoto Album

iPhotoAlbum 1.1

An include file vulnerability has been reported in IPhotoAlbum Gallery that could let remote malicious users execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

iPhotoAlbum Arbitrary Command Execution

CAN-2005-2246

High Security Tracker Alert ID: 1014448, July 11, 2005

Jinzora

Jinzora 2.0.1

A file inclusion vulnerability has been reported in Jinzora that could allow a remote malicious user to include arbitrary files.

Update to version 2.1:
http://www.jinzora.org/
pages.php?
pn=downloads

There is no exploit code required.

Jinzora Arbitrary File Inclusion

CAN-2005-2249

Medium Secunia, Advisory: SA15952, July 7, 2005

Moodle

Moodle 1.5.1

Multiple vulnerabilities have been reported in Moodle that could let users perform unknown actions.

Vendor fix available:
http://download.moodle.org/

Currently we are not aware of any exploits for this vulnerability.

Moodle Vulnerabilities

CAN-2005-2247

Not Specified Security Tracker Alert ID: 1014453, July 12, 2005

Nokia

Affix BTFTP

A buffer overflow vulnerability has been reported in Affix BTFTP that could let remote malicious users execute arbitrary code.

Vendor patch available:
Affix_320_sec.patch
http://affix.sourceforge.net/
affix_320_sec.patch

Affix_212_sec.patch
http://affix.sourceforge.net/
affix_212_sec.patch

An exploit has been published.

Nokia Affix BTFTP Arbitrary Code Execution High Security Focus, 14230, July 12, 2005

Novell

NetMail 3.5

A vulnerability has been reported in NetMail that could let remote malicious users to insert scripts into mail.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Novell Netmail Script Insertion Vulnerability

CAN-2005-2176

High Secunia, Advisory: SA15962, July 8, 2005

PHP Secure Pages

PHP Secure Pages 0.28Beta

An input validation vulnerability has been reported in PHP Secure Pages that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

phpSecurePages Arbitrary Code Execution

CAN-2005-2251


High Security Tracker, Alert ID: 1014410, July 7, 2005

PHPAuction

PHPAuction 2.5

Multiple vulnerabilities have been reported in PHPAuction that could let remote malicious users perform Cross-Site Scripting, SQL injection, or bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPAuction Cross-Site Scripting, SQL Injection, or Authentication Bypassing

CAN-2005-2252
CAN-2005-2253
CAN-2005-2254
CAN-2005-2255

High Security Tracker, Alert ID: 1014423, July 8, 2005

PhpSplash.org

PhpSplash 0.8.0

An access control vulnerability has been reported in phpSplash (saveProfile()) that could let remote malicious users hijack user accounts or obtain elevated privileges.

Vendor fix issued:
http://sourceforge.net/project/
showfiles.php?group_id=10566

There is no exploit code required.

phpSlash Account Hijacking or Elevated Privileges

CAN-2005-2257

Medium Secunia, Advisory: SA15936, July 8, 2005

phpWishList

phpWishList 0.1.15

A vulnerability has been reported in phpWishList that could let remote malicious users obtain unauthorized administrative access.

Vendor fix available:
http://sourceforge.net/project/
showfiles.php?group_id=121847

There is no exploit code required.

phpWishList Unauthorized Administrative Access

CAN-2005-2203

High Security Tracker Alert ID: 1014432, July 9, 2005

PhpXMail

PhpXMail 1.1

A vulnerability has been reported in PhpXMail that could allow a remote malicious user to bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required.

PhpXmail Authentication Bypassing

CAN-2005-2183

Medium Secunia, Advisory: SA15951, July 7, 2005

pngren

pngren

An input validation vulnerability has been reported in pngren (kaiseki.cgi) that could let remote malicious users execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

pngren Arbitrary Command Execution

CAN-2005-2205

High Security Tracker, Alert ID: 1014426, July 8, 2005

Sheddtech

PhotoGal 1.5

A vulnerability has been reported in PhotoGal that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PhotoGal Arbitrary Code Execution

CAN-2005-2216

High Security Tracker Alert ID: 1014397, July 6, 2005

Simple PHP Blog

Simple PHP Blog 0.4.0

A vulnerability has been reported in Simple PHP Blog that could let remote malicious users obtain the password file.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Simple PHP Blog Password Exposure

CAN-2005-2192

Medium Secunia, Advisory: SA15954, July 8, 2005

SPiD

SPiD 1.3.0

A vulnerability has been reported in SPiD that could let remote malicious users include arbitrary files to execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SPiD Arbitrary File Inclusion

CAN-2005-2198

High Security Focus, 14208, July 11, 2005

Squito Soft

Squito Gallery 1.33

An include file vulnerability has been reported in Squito Gallery that could let remote malicious users execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Squito Gallery Arbitrary Commands Execution

CAN-2005-2258

High Security Tracker Alert ID: 1014447, July 11, 2005

USANet Creations

MakeBid Deluxe Auction, USANet Shopping Mall, Domain Name Auction, Standard Classified Ads, MakeBid Reverse Auction, MakeBid Standard Auction

An input validation vulnerability has been reported in MakeBid Deluxe Auction, USANet Shopping Mall, Domain Name Auction, Standard Classified Ads, MakeBid Reverse Auction, MakeBid Standard Auction that could let remote malicious users execute commands.

Vendor fix available:
http://www.usanetcreations.com/
updates/index.html

There is no exploit code required.

USANet Remote Command Execution

CAN-2005-2259

High Security Tracker, Alert ID: 1014411, July 7, 2005

Xerox

Workcentre Pro C2128, C2636, C3545

A vulnerability has been reported in WorkCentre Pro that could let remote malicious users bypass authentication, access files, modify web pages, or perform a Denial of Service.

Vendor patch available:
http://www.xerox.com/
downloads/usa/en/c/
cert_P22_NIAP_
WCP_C_Only.zip

There is no exploit code required.

Xerox WorkCentre Pro Authentication Bypassing, Unauthorized Files Access, Web Page Modification, or Denial of Service

CAN-2005-2200
CAN-2005-2201
CAN-2005-2202

Medium Security Tracker, Alert ID: 1014429, July 8, 2005

WrYBiT

PPA 0.5.6

An include flag vulnerability has been reported in PPA that could let remote malicious users execute arbitrary commands.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PPA Arbitrary Command Execution

CAN-2005-2199

High Security Tracker Alert ID: 1014436, July 10, 2005

Zlib

Zlib 1.2.2

A buffer overflow vulnerability has been reported in Zlib that could let remote malicious users execute arbitrary code.

Updates available, see USCERT Vulnerability Note:
http://www.kb.cert.org/vuls/
id/680620

Currently we are not aware of any exploits for this vulnerability.

Zlib Arbitrary Code Execution

CAN-2005-2096

High

Security Focus, 14162, July 11, 2005

USCERT, Vulnerability Note VU#680620, July 12, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • New Security Tools Sniff Out WLAN Attacks: New tools and features from two manufacturers of wireless security software will help network administrators sniff out rogue wireless systems and spot attacks that spread over wireless links. AirDefense Inc. and Newbury Networks Inc. each announced software in the past two weeks that gives administrators new ways to inventory authorized wireless devices; spot attacks; and even spot rogue devices lurking in unsuspected places, a process known as wardriving. Source: http://www.eweek.com/article2/0,1895,1834899,00.asp.

Wireless Vulnerabilities

  • New Wireless “Zero-Day” Attack Discovered: The security threat of wireless networks to the enterprise keeps growing. The discover of a new wireless attack, “phlooding”, targets businesses central authentication server with the goal of overloading it and cause a Denial of Service attack. The “phlooding” attack, discovered by AirMagnet, describes a group of simultaneous but geographically distributed attacks that targets wireless access points with login requests using multiple password combination in what are known as dictionary attacks. Source: http://www.ebcvg.com/articles.php?id=802.

[back to top] 

Recent Exploit Scripts/Techniques

The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
July 12, 2005 blogtorrent092.txt Yes

Proof of Concept exploit for Blog Torrent password disclosure.

July 12, 2005 hostingCreate.txt No Proof of Concept exploit for Hosting Controller Credit Modification or Account Creation vulnerability.
July 12, 2005 idboard113SQL.txt No

Proof of concept exploit for Id Board SQL Injection vulnerability.

July 8, 2005 kaiseki.txt No

Proof of Concept exploit for pngren Arbitrary Command Execution, in kaiseki.cgi, vulnerability.

July 8, 2005 simplephpBlog040.txt Yes

Proof of concept exploit for Simple PHP Blog Password Exposure vulnerability.

July 7, 2005 aspjarSQL.txt No

Proof of Concept for ASPJar SQl Injection vulnerability.

July 7, 2005 btftp.txt Yes Exploit for Nokia Affix BTFTP Arbitrary Code Execution vulnerability.
July 7, 2005 cartwizMulti.txt No Proof of Concept exploit for CartWIZ Cross Site Scripting or SQL Injection vulnerability.
July 7, 2005 comersusMulti.txt No

Proof of concept exploit for Comersus Cart Cross Site Scripting or SQL Injection vulnerability.

July 7, 2005 dosPlanet.txt No

Proof of Concept exploit for PlanetFileServer Denial of Service vulnerability.

July 7, 2005 druppy461.pl.txt Yes Exploit for Drupal Arbitrary PHP Code Execution vulnerability.
July 7, 2005 eRoomVuln.txt No Exploit for the eRoom Plug-In Insecure File Download Handling vulnerability.
July 7, 2005 gnats.txt Yes Proof of Concept exploit for GNATS Arbitrary File Overwriting vulnerability.
July 7, 2005 idm405.txt No Proof of concept exploit for Internet Download Manager Arbitrary Code Execution vulnerability.
July 7, 2005 iejavaprxyexploit.pl.txt Yes

Proof of Concept exploit for Microsoft Internet Explorer javaprxy.dll COM object vulnerability.

July 7, 2005 imail.cookie.txt Yes Proof of Concept exploit for IMail Password Disclosure vulnerability.
July 7, 2005 kpopper10.txt No Exploit for the KPopper Insecure Temporary File Creation vulnerability.
July 7, 2005 McAfeeIPS.txt No

Proof of Concept exploit for McAfee Security Management System Elevated Privileges or Cross Site Scripting vulnerability.

July 7, 2005 myguestbook_advisory.txt No Proof of Concept exploit for MyGuestbook 'Form.Inc.PHP3' Remote File Include vulnerability.
July 7, 2005 pearxmlrpc.pl.txt
Yes
Exploit for the Multiple Vendors XML-RPC for PHP Remote Code Injection vulnerability.
July 7, 2005 phpAuctionMulti.txt No Proof of Concept exploit for PHPAuction Cross-Site Scripting, SQL Injection, or Authentication Bypassing vulnerability.
July 7, 2005 phpbb2015.py.txt
Yes
Exploit for the php 2.0.15 viewtopic.php remote command execution vulnerability.
July 7, 2005 phpbb2015dad.txt
Yes
Exploit for the php 2.0.15 viewtopic.php remote command execution vulnerability.
July 7, 2005 phpsource.traverse.txt No Proof of Concept exploit for Quick & Dirty PHPSource Printer Directory Traversal vulnerability.
July 7, 2005 phpwebsiteSQL.txt Yes

Proof of Concept exploit for phpWebSite SQL Injection or Arbitrary Code Execution vulnerability.

July 7, 2005 r57xoops.pl Yes Exploit for the Multiple Vendors XML-RPC for PHP Remote Code Injection vulnerability.
July 7, 2005 solsockjack.c Yes Proof of Concept exploit for the Solaris SO_REUSEADDR Hijack vulnerability.
July 7, 2005 xmlrpcAnti.pl.txt Yes Exploit for the Multiple Vendors XML-RPC for PHP Remote Code Injection vulnerability.

[back to top]

Trends

  • ICANN warns world of domain hijacking: A report by the internet's leading security experts has warned the world of the risk of domain name hijacking. ICANN's Security and Stability Advisory Committee has outlined several famous and recent thefts of websites, including Panix.com, Hushmail.com and HZ.com, and listed where the system went wrong and what can be done to correct the flaws. Source: http://www.theregister.co.uk/2005/07/12/icann_domain_hijacking/.
  • Zombie bots fuel spyware boom: Zombie bots such as Gaobot, MyTob and SDbot are often central to the spread of spyware. In just the first and second quarters of 2005, the number of exploited machines using backdoor techniques has increased over 63 per cent from the total at the end of 2004. Source: http://www.theregister.co.uk/2005/07/11/malware_report_mcafee/.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P
Win 32 Worm Slight Increase March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2 Zafi-D Win 32 Worm Increase December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
3 Mytob.c Win 32 Worm Decrease March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
4 Netsky-Q Win 32 Worm Slight Decrease March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
4 Mytob-BE Win 32 Worm New June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
6 Lovgate.w Win 32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
6 Netsky-Z Win 32 Worm Increase April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
6 Mytob-AS Win 32 Worm New June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
9 Netsky-D Win 32 Worm Decrease March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
10 Mytob-EP Win 32 Worm New June 2005 Another slight variant of the mass-mailing worm that utilizes an IRC backdoor and LSASS vulnerability to propagate. Also propagates by email, harvesting addresses from the Windows address book.

Table Updated July 11, 2005

Viruses or Trojans Considered to be a High Level of Threat

  • Targeted Trojan Email Attacks: The United States Computer Emergency Readiness Team (US-CERT) has received reports of an email based technique for spreading trojan horse programs. A trojan horse is an attack method by which malicious or harmful code is contained inside apparently harmless files. Once opened, the malicious code can collect unauthorized information that can be exploited for various purposes, or permit computers to be used surreptitiously for other malicious activity. The emails are sent to specific individuals rather than the random distributions associated with a phishing attack or other trojan activity. Source: Technical Cyber Security Alert TA05-189A, http://www.us-cert.gov/cas/techalerts/TA05-189A.html.

[back to top

 

 
Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top