U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB05-327)

Summary of Security Items from November 17 through November 23, 2005

Original release date: November 23, 2005

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source
AMAX Information Technologies

Winmail Server 4.2

Multiple vulnerabilities have been reported in Winmail Server that could let remote malicious users conduct Cross-Site Scripting and arbitrarily manipulate files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Winmail Server Multiple Vulnerabilities

CVE-2005-3692

Medium Secunia Advisory: SA16665, November 18, 2005
Cerberus FTP Server prior to 2.32

A vulnerability has been reported in Cerberus FTP Server that could let remote malicious users cause a Denial of Service.

Upgrade to newest version:
http://www.cerberusftp.com/
download.htm#download

Currently we are not aware of any exploits for this vulnerability.

Cerberus FTP Server Denial of Service Low Secunia Advisory: SA17650, November 23, 2005

Costal Data Management

e-Quick Cart

An input validation vulnerability has been reported in e-Quick Cart that could let remote malicious user conduct Cross-Site Scripting, perform SQL injection, or execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

e-Quick Cart Multiple Vulnerabilitie

CVE-2005-3735
CVE-2005-3736

High Security Tracker Alert ID: 1015244, November 19, 2005

Eudora WorldMail Server 3.0

A vulnerability has been reported in WorldMail Server that could let remote malicious users disclose information.

No workaround or patch available at time of publishing.

An exploit has been published.

Eudora WorldMail Server Information Disclosure

CVE-2005-3189

Medium Security Tracker, Alert ID: 1015236, November 17, 2005

Hitachi

Cosminexus Collaboration, Groupmax Collaboration

A vulnerability has been reported in Cosminexus Collaboration and Groupmax Collaboration that could let remote malicious users conduct Cross-Site Scripting or cause a Denial of Service.

Vendor solution available:
http://www.hitachi-support.com/
security_e/vuls_e/HS05-023_e
/01-e.html

There is no exploit code required.

Cosminexus Collaboration and Groupmax Collaboration Cross-Site Scripting or Denial of Service
Medium Hitachi, Software Vulnerability Information HS05-023, November 18, 2005
MailEnable Professional 1.6, Enterprise 1.1

A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code or cause a Denial of Service.

Vendor fix available; http://www.mailenable.com/hotfix/

Currently we are not aware of any exploits for this vulnerability.

MailEnable Arbitrary Code Execution or Denial of Service

CVE-2005-3691

High Security Tracker, Alert ID: 1015239, November 18, 2005

Microsoft

Internet Explorer

A vulnerability has been reported in Internet Explorer that could let remote malicious users to obtain unauthorized access.

Vendor solutions available:
http://www.microsoft.com/
technet/security/advisory
/911302.mspx

An exploit script has been published.

Microsoft Internet Explorer Unauthorized Access

CVE-2005-1790

Medium

Microsoft, Security Advisory 911302, November 21, 2005

USCERT, VU#887861

VP-ASP Shopping Cart 5.50

An input validation vulnerability has been reported in VP-ASP Shopping Cart that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however a Proof of Concept exploit has been published.

VP-ASP Shopping Cart Cross-Site Scripting

Medium

Security Tracker, Alert ID: 1015238, November 18, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

common-lisp-controller

common-lisp-controller

A vulnerability has been reported when validating the ownership of the cache directory, which could let a remote malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/c/
common-lisp-controller/
common-lisp-controller
_4.15sarge2_all.deb

Debian:
http://security.debian.
org/pool/updates/
main/c/common-
lisp-controller/

Currently we are not aware of any exploits for this vulnerability.

Common-lisp-controller Elevated Privileges

CVE-2005-2657

Medium

Debian Security Advisory, DSA 811-1, September 14, 2005

Debian Security Advisory, DSA 811-2, November 21, 2005

Eric S Raymond

Fetchmail 6.x

A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information.

Upgrades available at: http://download.
berlios.de/fetchmail/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-06.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/f/fetchmail/

Mandriva:
http://www.mandriva.
com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/f/fetchmail/

http://security.debian.
org/pool/updates/
main/f/fetchmail-ssl/

There is no exploit code required.

Fetchmail 'fetchmailconf' Information Disclosure

CVE-2005-3088

Medium

fetchmail-SA-2005-02 Security Announcement, October 21, 2005

Gentoo Linux Security Advisory, GLSA 200511-06, November 6, 2005

Ubuntu Security Notice, USN-215-1, November 07, 2005

Mandriva Linux Security Advisory, MDKSA-2005:209, November 10, 2005

Debian Security Advisory, DSA 900-2 & 900-3, November 21 & 22, 2005

GpsDrive

GpsDrive 2.0 9

A format string vulnerability has been reported in 'Friendsd,' which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.
org/pool/updates/
main/g/gpsdrive/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Proof of Concept exploits have been published.

GpsDrive Remote Format String

CVE-2005-3523

High

Security Focus, Bugtraq ID: 15319, November 4, 2005

Debian Security Advisory, DSA 891-1, November 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Hewlett Packard Company

HP-UX B.11.23, B.11.11, B.11.00

A remote Denial of Service vulnerability has been reported due to security flaws in HP's IPSec implementation.

Updates available at: http://www.hp.com/
go/softwaredepot

Vulnerability can be reproduced using the PROTOS ISAKMP Test Suite.

HP-UX IPSec Remote Denial of Service

CVE-2005-3670

Low
HP Security Bulletin, HPSBUX02076, November 16, 2005

IBM

WebSphere Application Server for z/OS 5.0

A remote Denial of Service vulnerability has been reported in the 'BBOORB' module due to a double-free error.

Update available at:
http://www-1.ibm.com/
support/docview.wss?
uid=swg1PK13936#more

Currently we are not aware of any exploits for this vulnerability.

IBM WebSphere Application Server for z/OS Remote Denial of Service

CVE-2005-3760

Low
IBM Advisory, PK13936, November 22, 2005

Info-ZIP

UnZip 5.52

A vulnerability has been reported due to a security weakness when extracting an archive to a world or group writeable directory, which could let a malicious user modify file permissions.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SCO:
ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.39/507

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/unzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/u/unzip/

There is no exploit code required.

Info-ZIP UnZip File Permission Modification

CVE-2005-2475

Medium

Security Focus, 14450, August 2, 2005

Fedora Update Notification,
FEDORA-2005-844, September 9, 2005

SCO Security Advisory, SCOSA-2005.39, September 28, 2005

Ubuntu Security Notice, USN-191-1, September 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0053, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:197, October 26, 2005

Debian Security Advisory, DSA 903-1, November 21, 2005

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

Upgrades available at:
http://prdownloads.sourceforge.
net/ipsec-tools/ipsec-tools-
0.6.3.tar.bz2?download

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Low
Security Focus, Bugtraq ID: 15523, November 22, 2005

libpng

pnmtopng 2.38, 2.37.3-2.37.6

A buffer overflow vulnerability has been reported in 'Alphas_Of
_Color' due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng-
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Currently we are not aware of any exploits for this vulnerability.

PNMToPNG Remote Buffer Overflow

CVE-2005-3662

High

Security Focus, Bugtraq ID: 15427, November 15, 2005

Debian Security Advisory, DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1, November 21, 2005

Lite Speed Technologies

LiteSpeed Web Server 2.1.5

A Cross-Site Scripting vulnerability has been reported in 'admin'/config'confMgr.php' due to insufficient sanitization of the 'm' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

LiteSpeed Web Server Cross-Site Scripting

CVE-2005-3695

Medium
Secunia Advisory: SA17587, November 17, 2005

Multiple Vendors

gnump3d 2.9-2.9.7; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

Several vulnerabilities have been reported: a vulnerability was reported in the 'index.lok' lock file when indexing music files due to the insecure creation of temporary files, which could let a remote malicious user overwrite arbitrary files; and a Directory Traversal vulnerability was reported when processing certain CGI parameters and cookie values due to an input validation error, which could let a remote malicious user obtain sensitive information.

Update available at:
http://savannah.gnu.
org/download/
gnump3d/

Debian:
http://security.debian.
org/pool/updates/
main/g/gnump3d/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-16.xml

There is no exploit code required.

GNU gnump3d Insecure Temporary File Creation & Directory Traversal

CVE-2005-3349
CVE-2005-3355

Medium

Secunia Advisory: SA17647, November 18, 2005

Debian Security Advisory, DSA 901-1, November 19, 2005

Gentoo Linux Security Advisory, GLSA 200511-16, November 21, 2005

Multiple Vendors

Linux Kernel Linux kernel 2.6- 2.6.14

A Denial of Service vulnerability has been reported in 'net/ipv6/
udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Upgrades available at:
http://kernel.org/
pub/linux/kernel/
v2.6/linux-
2.6.14.tar.bz2

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPV6 Denial of Service

CVE-2005-2973

Low

Secunia Advisory: SA17261, October 21, 2005

Fedora Update Notifications,
FEDORA-2005-1007 & 1013, October 20, 2005

Security Focus, Bugtraq ID: 15156, October 31, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1

A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.

Upgrades available at:
http://www.squid-cache.
org/Versions/v2/2.5/
squid-2.5.STABLE
11.tar.gz

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/squid/

Debian:
http://security.debian.
org/pool/updates/
main/s/squid/

Mandriva:
http://www.mandriva.
com/security/
advisories

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44

SUSE:
ftp://ftp.suse.com
/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM Authentication Remote Denial of Service

CVE-2005-2917

Low

Secunia Advisory: SA16992, September 30, 2005

Ubuntu Security Notice, USN-192-1, September 30, 2005

Debian Security Advisory, DSA 828-1, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
TouchTunes Rhapsody,
TouchTunes Maestro;
SuSE UnitedLinux 1.0, Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 10.0, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Enterprise Server 9, 8, Linux Desktop 1.0;
RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, 2.1 IA64, 2.1, AS 4, AS 3, AS 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; GTK+ 2.8.6, 2.6.4, 2.4.14, 2.4.13, 2.4.10, 2.4.9, 2.4.1, 2.2.4, 2.2.3;
GNOME GdkPixbuf 0.22;
Gentoo Linux ; Ardour 0.99

Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' due to the insufficient validation of the 'n_col' value before using to allocate memory, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when processing an XPM file that contains a large number of colors; and an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when performing calculations using the height, width, and colors of a XPM file, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

Updates available at:
ftp://ftp.gtk.org/
pub/gtk/v2.8/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-810.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-14.xml

SuSE:
ftp://ftp.suse.com/
pub/suse/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

Mandriva:
http://www.mandriva.
com/security/
advisories

Trustix:
http://http.trustix.
org/pub/trustix/

Currently we are not aware of any exploits for these vulnerabilities.

GTK+ GdkPixbuf XPM Image Rendering Library

CVE-2005-2975
CVE-2005-2976
CVE-2005-3186

High

Fedora Update Notifications
FEDORA-2005-1085 & 1086, November 15, 2005

RedHat Security Advisory, RHSA-2005:810-9, November 15, 2005

Gentoo Linux Security Advisory GLSA 200511-14, November 16, 2005

SUSE Security Announcement, SUSE-SA:2005:065, November 16, 2005

Ubuntu Security Notice, USN-216-1, November 16, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005


Multiple Vendors

GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2

A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-344.html

http://rhn.redhat.com/
errata/RHSA-
2005-343.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

SGI:
ftp://patches.sgi.com
/support/free/security/
advisories/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000958

Mandriva:
http://www.mandriva.
com/security/
advisories

Currently we are not aware of any exploits for this vulnerability.

GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service

CVE-2005-0891

Low

Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268, March 30, 2005

RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005

Ubuntu Security Notice, USN-108-1 April 05, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005

SGI Security Advisory, 20050403-01-U, April 15, 2005

Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005

Conectiva Security Advisory, CLSA-2005:958, June 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Multiple Vendors

Gnome-DB libgda 1.2.1;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

Format string vulnerabilities have been reported in 'gda-log.c' due to format string errors in the 'gda_log_error()' and 'gda_
log_message()' functions, which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.
org/pool/updates/
main/libg/libgda2/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/libg/libgda2/

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-01.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/3/

Currently we are not aware of any exploits for these vulnerabilities.

GNOME-DB
LibGDA Multiple Format String

CVE-2005-2958

High

Security Focus, Bugtraq ID: 15200, October 25, 2005

Debian Security Advisory,
DSA-871-1 & 871-2, October 25, 2005

Ubuntu Security Notice, USN-212-1, October 28, 2005

Mandriva Linux Security Advisory, MDKSA-2005:203, November 1, 2005

Gentoo Linux Security Advisory, GLSA 200511-01, November 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Fedora Update Notification,
FEDORA-2005-1029, November 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

GNU gnump3d 2.9-2.9.5;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

A vulnerability has been reported in GNUMP3d that could let remote malicious users conduct Cross-Site Scripting or traverse directories.

Upgrade to version 2.9.6:
http://savannah.gnu.
org/download/
gnump3d/
gnump3d-2.9.6.tar.gz

Debian:
http://security.debian.
org/pool/updates/
main/g/gnump3d/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-05.xml

There is no exploit code required; however, Proof of Concept exploits have been published.

GNUMP3d Cross-Site Scripting or Directory Traversal

CVE-2005-3122
CVE-2005-3123

Medium

Security Focus Bugtraq IDs: 15226 & 15228, October 28, 2005

Debian Security Advisory DSA 877-1, October 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Gentoo Linux Security Advisory, GLSA 200511-05, November 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

GNU gnump3d 2.9-2.9.5;
Gentoo Linux

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.gnu.org/
software/gnump3d/
download.html#
Download

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-05.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required.

GNU gnump3d Unspecified Cross-Site Scripting

CVE-2005-3425

Medium

Gentoo Linux Security Advisory GLSA 200511-05, November 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

Linux Kernel 2.4.x, 2.6 prior to 2.6.11.11

A vulnerability has been reported in the Linux kernel in the Radionet Open Source Environment (ROSE) implementation in the 'rose_rt_ioctl()' function due to insufficient validation of a new routes' ndigis argument. The impact was not specified.

Updates available at:
http://linux.bkbits.
net:8080/linux-2.4/
cset@41e2cf515Tpixc
VQ8q8HvQvCv9E6zA

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Radionet Open Source Environment (ROSE) ndigis Input Validation

CVE-2005-3273

 

Not Specified

Security Tracker Alert, 1014115, June 7, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.12 .3, 2.4-2.4.32

A Denial of Service vulnerability has been reported in 'IP_VS_
CONN_FLUSH' due to a NULL pointer dereference.

Kernel versions 2.6.13 and 2.4.32-pre2 are not affected by this issue.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Denial of Service

CVE-2005-3274

Low

Security Focus, Bugtraq ID: 15528, November 22, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/
request_key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.

Patches available at:
http://kernel.org/pub/
linux/kernel/v2.6/testing/
patch-2.6.14-rc4.bz2

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-808.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

There is no exploit code required.

Linux Kernel Denial of Service & Information Disclosure

CVE-2005-3119
CVE-2005-3180
CVE-2005-3181

Medium

Secunia Advisory: SA17114, October 12, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

Fedora Update Notifications,
FEDORA-2005-1013, October 20, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.14

A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'

Upgrades available at:
http://kernel.org/pub/
linux/kernel/v2.6/
linux-2.6.14.1.tar.bz2

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

There is no exploit code required.

Linux Kernel 'Sysctl' Denial of Service

CVE-2005-2709

Low

Secunia Advisory: SA17504, November 9, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-514.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel USB Subsystem Denials of Service

CVE-2005-2873
CVE-2005-3055

Low

Secunia Advisory: SA16969, September 27, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Miklos Szeredi FUSE 2.4 .0, 2.3.0, 2.3 -rc1, 2.2.1, 2.2;
Gentoo Linux

 

A vulnerability has been reported because fusermount fails to securely handle special characters specified in mount points, which could let a malicious user cause a Denial of Service or add arbitrary mount points.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-17.xml

There is no exploit code required.

FUSE Mount Options Corruption

CVE-2005-3531

Medium
Gentoo Linux Security Advisory, GLSA 200511-17, November 22, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10

A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_SSLV2_
RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.

OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml

Slackware:
ftp://ftp.slackware.
com/pub/
slackware/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/

OpenPKG:
ftp://ftp.openpkg.org/
release/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/

NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804

BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
\2005-2969.html

Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Number=63500&page
=0&view=collapsed&
sb=5&o=&fpart=
1#63500

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.48

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Board=UBB1&Number
=63678&Forum=All_
Forums&Words=
4.028&Searchpage=
0&Limit=25&Main=
63678&Search=true&
where=bodysub&Name=
&daterange=1&newerval=
1&newertype=m&olderval=
&oldertype=&bodyprev=
#Post63678

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors OpenSSL Insecure Protocol Negotiation

CVE-2005-2969

Medium

OpenSSL Security Advisory, October 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005

RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005

Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005

Slackware Security Advisory, SSA:2005-286-01, October 13, 2005

Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005

Ubuntu Security Notice, USN-204-1, October 14, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005

SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Debian Security Advisory DSA 875-1, October 27, 2005

NetBSD Security Update, November 1, 2005

BlueCoat Systems Advisory, November 3, 2005

Debian Security Advisory, DSA 888-1, November 7, 2005

Astaro Security Linux Announce-ment, November 9, 2005

SCO Security Advisory, SCOSA-2005.48, November 15, 2005

Astaro Security Linux Update, November 16, 2005

Multiple Vendors

SpamAssassin 3.0.4;
RedHat Fedora Core3

A vulnerability has been reported due to a failure to handle exceptional conditions, which could let a remote malicious user bypass spam detection.

SpamAssassin:
http://spamassassin.
apache.org/downloads.
cgi?update=
200509141634

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

There is no exploit code required.

SpamAssassin Spam Detection Bypass

CVE-2005-3351

Medium

Fedora Update Notification,
FEDORA-2005-1065, November 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0064, November 22, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0, 9.20 -9.25; libpng pnmtopng 2.38, 2.37.3-2.37.6;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

libpng:
http://prdownloads.sourceforge.
net/png-mng/pnmtopng-
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Currently we are not aware of any exploits for this vulnerability.

NetPBM PNMToPNG Remote Buffer Overflow

CVE-2005-3632

High

Debian Security Advisory DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1 November 21, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64;
Linux kernel 2.6-2.6.12 .3

An information disclosure vulnerability has been reported in 'SYS_GET_THREAD_AREA,' which could let a malicious user obtain sensitive information.

Kernel versions 2.6.12.4 and 2.6.13 are not affected by this issue.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Information Disclosure

CVE-2005-3276

Medium
Ubuntu Security Notice, USN-219-1, November 22, 2005

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available at:
http://sourceforge.net
/project/showfiles.
php?group_id=
12694&package_
id =11571
&release_id=338899

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-720.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/net-snmp/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-395.html

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-225.pdf

SUSE:
ftp://ftp.SUSE.
com/pub/SUSE

Debian:
http://security.debian.
org/pool/updates/
main/n/net-snmp/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/ucd-snmp

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial of Service

CVE-2005-2177

Low

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005

Ubuntu Security Notice, USN-190-1, September 29, 2005

RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005

Conectiva Linux Announcement, CLSA-2005:1032, October 13, 2005

Avaya Security Advisory, ASA-2005-225, October 18, 200

SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005

Debian Security Advisory, DSA 873-1, October 26, 2005

Ubuntu Security Notice, USN-190-2, November 21, 2005

Openswan

Openswan 2.2-2.4, 2.1.4-2.1.6, 2.1.2, 2.1.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling IKE packets that have an invalid 3DES key length; and a remote Denial of Service vulnerability was reported when handling certain specially crafted IKE packets.

Upgrades available at:
http://www.openswan.
org/download/opens
wan-2.4.2.tar.gz

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Board=UBB1&Number
=63678&Forum=All_
Forums&Words=
4.028
&Searchpage=
0&Limit=25&Main=
63678&Search=true
&where=bodysub&Name=
&daterange=1&newerval=
1&newertype=m&olderval=
&oldertype=&bodyprev=
#Post63678

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Vulnerabilities can be reproduced using the PROTOS ISAKMP Test Suite.

Openswan IKE Message Remote Denials of Service

CVE-2005-3671

Low

CERT-FI & NISCC Joint Vulnerability Advisory, November 15, 2005

Astaro Security Linux Update, November 16, 2005

Fedora Update Notifications,
FEDORA-2005-1092 & 1093, November 21, 2005

Opera Software

Opera Web Browser 8.5, 8.0-8.0 2

A vulnerability has been reported due to insufficient sanitization of user-supplied data passed through a URI, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.opera.com/
download/

There is no exploit code required.

Opera Web Browser Arbitrary Command Execution

CVE-2005-3750

High
Secunia Advisory: SA16907, November 22, 2005

PCRE

PCRE 6.1, 6.0, 5.0

A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code.

Updates available at:
http://www.pcre.org/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/pcre3/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200508-17.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

Ubuntu:
http://security.ubuntu.
com/ubuntu/
pool/main/

Debian:
http://security.debian.
org/pool/updates/
main/p/pcre3/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Slackware:
ftp://ftp.slackware.
com/pub/slackware/
slackware-10.1/
testing/packages/
php-5.0.5/php-
5.0.5-i486-1.tgz

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-08.xml

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Gentoo:
http://security.gentoo
.org/glsa/glsa-
200509-12.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/python2.2/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-19.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/python2.3/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/
TurboLinux/
TurboLinux/ia32/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-216.pdf

Trustix:
http://http.trustix.
org/pub/trustix/
updates/

HP:
http://h20293.www2.
hp.com/cgi-bin/
swdepot_parser.
cgi/cgi/displayProduct
Info.pl?productNumber=
HPUXWSSUITE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Currently we are not aware of any exploits for this vulnerability.

PCRE Regular Expression Heap Overflow

CVE-2005-2491

High

Secunia Advisory: SA16502, August 22, 2005

Ubuntu Security Notice, USN-173-1, August 23, 2005

Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005

Fedora Update Notifications,
FEDORA-2005-802 & 803, August 24, 2005

Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005

Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005

SUSE Security Announcements, SUSE-SA:2005:048 & 049, August 30, 2005

Slackware Security Advisories, SSA:2005-242-01 & 242-02, August 31, 2005

Ubuntu Security Notices, USN-173-3, 173-4 August 30 & 31, 2005

Debian Security Advisory, DSA 800-1, September 2, 2005

SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005

Slackware Security Advisory, SSA:2005-251-04, September 9, 2005

Gentoo Linux Security Advisory, GLSA 200509-08, September 12, 2005

Conectiva Linux Announce-
ment, CLSA-2005:1009, September 13, 2005

Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005

Debian Security Advisory, DSA 817-1 & DSA 819-1, September 22 & 23, 2005

Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005

Debian Security Advisory, DSA 821-1, September 28, 2005

Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005

Turbolinux Security Advisory, TLSA-2005-92, October 3, 2005

Avaya Security Advisory, ASA-2005-216, October 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

HP Security Bulletin, HPSBUX02074, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

PHP

PHP 5.0 .0-5.0.5, 4.4 .0, 4.3.1 -4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0 0-4.0.7

A Denial of Service vulnerability has been reported in the 'sapi_apache2.c' file.

PHP 5.1.0 final and 4.4.1 final are not affected by this issue. Please contact the vendor to obtain fixes.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-08.xml

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

Trustix:
http://http.trustix.org/
pub/trustix/updates/

There is no exploit code required.

PHP Apache 2 Denial of Service

CVE-2005-3319

Low

Security Focus, Bugtraq ID: 15177, October 24, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

phpMyAdmin

phpMyAdmin 2.6 .0-2.6.3, 2.5 .0-2.5.7, 2.4 .0, 2.3.2, 2.3.1, 2.2 -2.2.6, 2.1-2.1 .2, 2.0-2.0.5

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in 'libraries/auth/cookie.
auth.lib.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability has been reported in 'error.php' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=23067

Debian:
http://security.debian.
org/pool/updates/
main/p/phpmyadmin/

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPMyAdmin Cross-Site Scripting

CVE-2005-2869

Medium

Secunia Advisory: SA16605, August 29, 2005

Debian Security Advisory, DSA 880-1, November 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Announcement, SUSE-SA:2005:066, November 18, 2005

phpMyAdmin

phpMyAdmin 2.x

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of certain configuration parameters, which could let a remote malicious user include arbitrary files; and a Cross-Site Scripting vulnerability was reported in 'left.php,' 'queryframe.php,' and 'server_databases.php' due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
phpmyadmin/
phpMyAdmin
-2.6.4-pl3.tar .gz

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-21.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/phpmyadmin/

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required; however, a Proof of Concept exploit has been published.

phpMyAdmin Local File Inclusion & Cross-Site Scripting

CVE-2005-3300
CVE-2005-3301

Medium

Secunia Advisory: SA17289, October 24, 2005

Gentoo Linux Security Advisory, GLSA 200510-21, October 25, 2005

Debian Security Advisory, DSA 880-1, November 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Announcement, SUSE-SA:2005:066, November 18, 2005

Smb4k

Smb4k 0.4-0.6

A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information.

Patches available at:
http://download.berlios.de/
smb4k/001_security_fix_
smb4k_0.4.1a.diff.gz

Upgrades available at:
http://download.berlios.de/
smb4k/smb4k-0.6.3.tar.gz

Mandriva:
http://www.mandriva.com/
security/advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-15.xml

There is no exploit code required.

Smb4k Insecure Temporary File Creation

CVE-2005-2851

Medium

Security Focus, Bugtraq ID: 14756, September 7, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:157, September 6, 2005

Gentoo Linux Security Advisory, GLSA 200511-15, November 18, 2005

Squid

Squid 2.x

A remote Denial of Service vulnerability has been reported when handling certain FTP server responses.

Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/
squid-2.5.STABLE11-
rfc1738_do_
escape.patch

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44

SUSE:
ftp://ftp.suse.com
/pub/suse/

IPCop:
http://prdownloads.
sourceforge.net/
ipcop/ipcop-
sources-1.4.10.tgz
?download

There is no exploit code required.

Squid FTP Server Response Handling Remote Denial of Service

CVE-2005-3258

Low

Secunia Advisory: SA17271, October 20, 2005

Fedora Update Notifications,
FEDORA-2005-1009 & 1010, October 20, 2005

Mandriva Linux Security Advisory, MDKSA-2005:195, October 26, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Security Focus, Bugtraq ID: 15157, November 10, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Sylpheed

Sylpheed 2.0-2.0.3, 1.0.0-1.0.5

A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_
get_line()' function when importing a LDIF file into the address book, which could let a remote malicious user obtain unauthorized access.

Upgrades available at:
http://sylpheed.good-
day.net/sylpheed/
v1.0/sylpheed-
1.0.6.tar.gz

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-13.xml

Debian:
http://security.debian.
org/pool/updates/
main/s/sylpheed/

Currently we are not aware of any exploits for this vulnerability.

Sylpheed LDIF Import Buffer Overflow

CVE-2005-3354

Medium

Bugtraq ID: 15363, November 9, 2005

Fedora Update Notification,
FEDORA-2005-1063, November 9, 2005

Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005

Debian Security Advisory, DSA 906-1, November 22, 2005

Todd Miller

Sudo 1.x

A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.
org/pool/updates/
main/s/sudo/

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/sudo/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

An exploit script has been published.

Todd Miller Sudo Local Elevated Privileges

CVE-2005-2959

Medium

Debian Security Advisory, DSA 870-1, October 25, 2005

Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005

Ubuntu Security Notice, USN-213-1, October 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Security Focus, Bugtraq ID: 15191, November 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

WHM Autopilot

WHM Autopilot 2.5.20, 2.5 .0, 2.4.7, 2.4.6 .5, 2.4.6, 2.4.5

A vulnerability has been reported due to a failure to ensure that cancellation requests from users are performed only by authorized users, which could let a remote malicious user issue cancel requests and potentially cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

WHM AutoPilot Account Cancellation Access Validation

CVE-2005-3687

Low
Security Focus, Bugtraq ID: 15483, November 17, 2005

Zope

Zope 2.6-2.8.1

A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'Restructured Text' functionality via the web. The impact was not specified.

Hotfix available at:
http://www.zope.
org/Products/
Zope/Hotfix
2005-
10-09/security_
alert/Hot fix_2005-
10-09.tar.gz

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-20.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Zope 'Restructured
Text' Unspecified Security Vulnerability

CVE-2005-3323

Not Specified

Zope Security Alert, October 12, 2005

Gentoo Linux Security Advisory, GLSA 200510-20, October 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

Advanced Poll

Advanced Poll 2.0.3, 2.0.2

A Cross-Site Scripting vulnerability has been reported in 'popup.php' due to insufficient sanitization of the 'poll_ident' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Advanced Poll Cross-Site Scripting

CVE-2005-3742

Medium
Security Focus, Bugtraq ID: 15506, November 21, 2005

Almond
Soft.Com

Almond Classifieds

A vulnerability has been reported due to a failure to verify that the password supplied matches the given entry, which could let a remote malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

There is no exploit code required.

Almond Classifieds Remote Unauthorized Access

CVE-2005-3741

Medium
Security Focus, Bugtraq ID: 15505, November 21, 2005

Apache Software Foundation

Struts 1.2.7

A Cross-Site Scripting vulnerability has been reported in error response due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available at:
http://struts.apache.
org/download.cgi

There is no exploit code required; however, a Proof of Concept exploit has been published.

Apache Struts Cross-Site Scripting

CVE-2005-3745

Medium
Security Focus, Bugtraq ID: 15512, November 21, 2005

APBoard

APBoard

An SQL injection vulnerability was reported in 'thread.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

APBoard SQL Injection

CVE-2005-3746

Medium
Security Focus, Bugtraq ID: 15513, November 21, 2005

Arki-DB

Arki-DB 2.0, 1.0

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Arki-DB SQL Injection

CVE-2005-3696

Medium
Security Focus, Bugtraq ID: 15467, November 16, 2005

Check Point Software

VPN-1/Firewall-1 NG with AI R55W, VPN-1/Firewall-1 NG with AI R55P, VPN-1/Firewall-1 NG with AI R55, VPN-1/Firewall-1 NG with AI R54, VPN-1 Pro NGX R60, FireWall-1 GX 3.0, Express CI R57

A remote Denial of Service vulnerability has been reported due to unspecified vulnerabilities in the IPSec implementation.

Check Point has addressed these issues in the latest Hotfix Accumulators.

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Check Point Firewall-1 & VPN-1 ISAKMP IKE Remote Denial of Service

CVE-2005-3673

Low
Security Focus, Bugtraq ID: 15479, November 17, 2005

Cisco Systems

Cisco PIX/ASA 7.0.1.4, 7.0, PIX OS, PIX Firewall 535, 525 6.3, 525, 520, 515E, 515, 506, 501, 6.3.3 (133), 6.3.2, 6.3.1, 6.3 (5), 6.3 (3.109), 6.3 (3.102), 6.3 (3), 6.3 (1), 6.3, 6.2.3 (110), 6.2.3, 6.2.2 .111, 6.2.2, 6.2., 6.2 (3.100), 6.2 (3), 6.2 (2), 6.2 (1), 6.2, 6.1.5 (104), 6.1.5, 6.1.4, 6.1.3, 6.1 (1-5), 6.1, 6.0.4, 6.0.3, 6.0 (4.101), 6.0 (4), 6.0 (2), 6.0 (1), 6.0, 5.3 (3), 5.3 (2), 5.3 (1.200), 5.3 (1), 5.3, 5.2 (9), 5.2 (7), 5.2 (6), 5.2 (5), 5.2 (3.210), 5.2 (2), 5.2 (1), 5.2, 5.1.4, 5.1 (4.206), 5.1, 5.0, 4.4 (8), 4.4 (7.202), 4.4 (4), 4.4, 4.3, 4.2.2, 4.2.1, 4.2 (5), 4.2, 4.1.6 b, 4.1.6, 4.0, 3.1, 3.0, 2.7

A remote Denial of Service vulnerability has been reported when handling TCP SYN packets with invalid checksums.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit has been published.

Cisco PIX Invalid TCP Checksum Remote Denial of Service

CVE-2005-3774

Low
Arhont Ltd.- Information Security Advisory, November 22, 2005

Digital Dominion

PHP-Fusion 6.00.206 & prior

 

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'options.php' due to insufficient sanitization of the 'forum_id' and 'thread_id' parameters and in 'viewforum.php' and 'index.php' due to insufficient sanitization of the 'lastvisite' parameter, which could let a remote malicious user execute arbitrary SQL code; and a path disclosure vulnerability was reported in 'subheader.php.'

Patches available at:
http://www.php-fusion.
co.uk/downloads.php
?cat_id=3&down
load_id=174

There is no exploit code required; however, Proof of Concept exploits have been published.

PHP-Fusion SQL Injection & Path Disclosure

CVE-2005-3739
CVE-2005-3740

Medium
Secunia Advisory: SA17664 , November 21, 2005

Exponent

Exponent Content Management System 0.96.4, 0.96.1, 0.95, 0.94

Several vulnerabilities have been reported because file permissions on user files are incorrectly set, which could let a remote malicious obtain sensitive information or execute arbitrary script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Exponent Content Management System Multiple Improper File Permission

CVE-2005-3761
CVE-2005-3762
CVE-2005-3763
CVE-2005-3764
CVE-2005-3765
CVE-2005-3766
CVE-2005-3767

Medium
Security Focus, Bugtraq ID: 15503, November 19, 2005

Google

Google Search Appliance, Mini Search Appliance

Several vulnerabilities have been reported: a vulnerability was reported in the 'proxystyle
sheet' parameter due to insufficient sanitization before returned to the user in an error message, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'XSLT style sheets due to insufficient sanitization of the 'proxystylesheet' parameter, which could let a remote malicious user execute arbitrary Java class methods; and a vulnerability was reported because it is possible to enumerate open ports on other systems by providing the full URL containing hostname and port number.

A patch is reportedly available from the vendor.

There is no exploit code required; however, Proof of Concept exploits and an exploit script have been published.

Google Mini Search Appliance Multiple Vulnerabilities

CVE-2005-3754
CVE-2005-3755
CVE-2005-3756
CVE-2005-3757
CVE-2005-3758

Medium
Secunia Advisory: SA17644, November 21, 2005

Hewlett Packard Company

Jetdirect 635n IPv6/IPsec Print Server (J7961A)

A remote Denial of Service vulnerability has been reported due to a security flaw in HP's IPSec implementation.

Update available at:
http://www.hp.com/
go/dlm_sw

Vulnerability can be reproduced using the PROTOS ISAKMP Test Suite.

HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Remote Denial of Service

CVE-2005-3670

Low
HP Security Bulletin, HPSBPI02078, November 16, 2005

Hitachi

WirelessIP5000 2.0.1, 2.0, 1.5.10, 1.5.8, 1.5.6, 1.5.5, 1.5.4, 1.5.2, 1.5

Multiple vulnerabilities have been reported: a vulnerability was reported because the SNMP service allows read-write access using any credentials, which could let a remote/local malicious user retrieve and modify the device configuration; a vulnerability was reported due to an undocumented open port 3390/tcp that allows access to the Unidata Shell upon connection, which could let a remote/local malicious user obtain sensitive information and cause a Denial of Service; a vulnerability was reported due to a hardcoded administrative password, which could let a remote/local malicious user obtain unauthorized access; and a vulnerability was reported because the default index page of the phone's HTTP server (8080/tcp) discloses sensitive information.

Users are advised to contact the vendor for details on obtaining the appropriate updates.

There is no exploit code required.

Hitachi WirelessIP5000 IP Phone Multiple Vulnerabilities

CVE-2005-3719
CVE-2005-3720
CVE-2005-3721
CVE-2005-3722
CVE-2005-3723

Medium
Secunia Advisory: SA17628, November 17, 2005

Idetix Software Systems

Revize CMS

Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'query_results.jsp' due to insufficient sanitization of the 'query' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'conf/revize.xml' because configuration data is stored inside the web root; a vulnerability was reported because a remote malicious user can obtain sensitive information by accessing 'debug/,' and a Cross-Site Scripting vulnerability was reported in 'HTTPTranslator
Servlet' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Revize CMS Cross-Site Scripting, SQL Injection, & Information Disclosure

CVE-2005-3727
CVE-2005-3728
CVE-2005-3729
CVE-2005-3730

Medium
Security Tracker Alert ID: 1015231, November 16, 2005

Ilia Alshanetsky

FUDForum 2.6.15

A vulnerability has been reported in the 'mid' parameter due to insufficient validation before retrieving a forum post, which could let a remote malicious user bypass certain security restrictions and obtain sensitive information.

PHPGroupWare:
http://prdownloads.
sourceforge.
net/phpgroupware/
phpgroupware-
0.9.16.00 7.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-20.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/
phpgroupware/

Debian:
http://security.debian.
org/pool/updates/
main/e/egroupware/

There is no exploit code required.

FUDForum Security Restriction Bypass

CVE-2005-2600

Medium

Secunia Advisory: SA16414, August 12, 2005

Security Focus, Bugtraq ID: 14556, August 25, 2005

Gentoo Linux Security Advisory, GLSA 200508-20, August 30, 2005

Debian Security Advisory , DSA 798-1, September 2, 2005

Debian Security Advisory, DSA 899-1, November 17, 2005

Interspire

ArticleLive NX 0.3, ArticleLive NX

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'Query' parameter, which could let a remote malicious user execute arbitrary SQL code.

Update to Interspire ArticleLive NX.0.4.

There is no exploit code required.

Interspire ArticleLive NX SQL Injection

CVE-2005-3726

Medium
Secunia Advisory: SA17585, November 17, 2005

Joomla

Joomla 1.0-1.0.3

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of certain unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the 'mod_poll' module due to insufficient sanitization of the 'Itemid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and an SQL injection vulnerability was reported due to insufficient sanitization of several methods in the in 'mosDBTable' class before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:
http://developer.joomla.
org/sf/go/projects.joomla/
frs.joomla_1_0


There is no exploit code required.

Joomla Multiple Input Validation

CVE-2005-3771
CVE-2005-3772
CVE-2005-3773

Medium
Secunia Advisory: SA17675, November 22, 2005

Macromedia

Flash 7.0.19 .0, 7.0 r19, 6.0.79 .0, 6.0.65 .0, 6.0.47 .0, 6.0.40 .0, 6.0.29 .0, 6.0

A vulnerability has been reported due to insufficient validation of the frame type identifier that is read from a SWF file, which could let a remote malicious user execute arbitrary code.

Update information available at:
http://www.macromedia.
com/devnet/security/
security_zone/
mpsb05-07.html

Microsoft:
http://www.microsoft.
com/technet/security/
advisory/910550.mspx

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

An exploit has been published.

Macromedia Flash Array Index Remote Arbitrary Code Execution

CVE-2005-2628

High

Macromedia Security Advisory, MPSB05-07, November 5, 2005

Microsoft Security Advisory (910550), November 10, 2005

US-CERT VU#146284

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Macromedia

Flash 7.0.19 .0 & prior

An input validation vulnerability has been reported in 'ActionDefineFunction' due to an error for a critical array index value, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update information available at:
http://www.macromedia.
com/devnet/security/
security zone/
mpsb05-07.html

Microsoft:
http://www.microsoft.
com/technet/security/
advisory/910550.mspx

Proof of Concept exploit scripts have been published.

Macromedia Flash Input Validation

CVE-2005-3591

High

Macromedia Security Bulletin, MPSB05-07, November 7, 2005

Microsoft Security Advisory (910550), November 10, 2005

Security Focus, Bugtraq ID: 15334, November 21, 2005

Mambo

Mambo Site Server 4.0.14, 4.0.12 RC1-RC3, BETA & BETA 2, 4.0.10-4.0.12, 4.0

A remote file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary remote PHP code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Mambo Open Source Remote File Include

CVE-2005-3738

High

Security Focus, Bugtraq ID: 15461, November 16, 2005

Security Focus, Bugtraq ID: 15461, November 21, 2005

Mantis

Mantis 1.0.0RC2, 0.19.2

Several vulnerabilities have been reported: a vulnerability was reported in 'bug_
sponsorship_list_view_inc.php' due to insufficient verification before used to include files, which could let a remote malicious user execute arbitrary files; an SQL injection vulnerability was reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; several Cross-Site Scripting vulnerabilities were reported in JavaScript and 'mantis/view
_all_set.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; an unspecified vulnerability was reported when using reminders, which could lead to the disclosure of sensitive information; and a vulnerability was reported because the User ID is cached longer than necessary.

Upgrades available at:
http://prdownloads.sourceforge.
net/mantisbt/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200510-24.xml

Debian:
http://security.debian.
org/pool/updates/
main/m/mantis/

There is no exploit code required; however, Proof of Concept exploits have been published.

High

Secunia Advisory: SA16818, October 26, 2005

Gentoo Linux Security Advisory, GLSA 200510-24, October 28, 2005

Debian Security Advisory, DSA 905-1, November 22, 2005

MediaWiki

MediaWiki 1.5 alpha1&2, bet1-beta3, 1.4-1.4.10, 1.3.13, 1.3-1.3.11

A Cross-Site Scripting vulnerability has been reported in inline style attributes due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
wikipedia/media
wiki-1.4.11.tar.gz

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

MediaWiki HTML Inline Style Attributes Cross-Site Scripting

CAN-2005-3167

 

Medium

Security Focus, Bugtraq ID: 15024, October 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64;
Inkscape 0.42, 0.41

A buffer overflow vulnerability has been reported in the SVG importer due to a boundary error, which could let a remote malicious user execute arbitrary code.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/i/inkscape/

A Proof of Concept Denial of Service exploit has been published.

Inkscape SVG Image Buffer Overflow

CVE-2005-3737

High
Ubuntu Security Notice, USN-217-1, November 21, 2005

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available at:
http://lynx.isc.org/
current/lynx2.8.6
dev.15.tar.gz

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-839.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-09.xml

Trustix:
http://http.trustix.org/
pub/trustix/

There is no exploit code required.

Lynx URI Handlers Arbitrary Command Execution

CVE-2005-2929

High

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

Multiple Vendors

IETF RFC 793: TCP

A remote Denial of Service vulnerability has been reported in the TCP congestion control mechanism when the remote peer forges acknowledgment packets prior to actually receiving packets from the sending host.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor TCP Acknowledgements Remote Denial of Service

CVE-2005-3675

Low
US-CERT VU#102014

Multiple Vendors

phpSysInfo 2.0-2.3

Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user conduct Cross-Site Scripting attacks, phishing style attacks, and retrieve privileged or sensitive information.

Upgrades available at:
http://prdownloads.
sourceforge.net/
phpsysinfo/php
SysInfo-2.4.tar.gz
?download

Debian:
http://security.debian.
org/pool/updates/main/
p/phpsysinfo/

Debian:
http://security.debian.
org/pool/updates/
main/p/phpgroupware/

http://security.debian.
org/pool/updates/
main/e/egroupware/

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

There is no exploit code required; however, Proof of Concept exploits have been published.

phpSysInfo Multiple Vulnerabilities

CVE-2005-3347
CVE-2005-3348
CVE-2003-0536

Medium

Hardened PHP Project Security Advisory, November 13, 2005

Debian Security Advisory, DSA 897-1, November 15, 2005

Debian Securities, Advisory DSA 898-1 & 899-1, November 17, 2005

Mandriva Linux Security Advisory, MDKSA-2005:212, November 16, 2005

Multiple Vendors

RedHat Fedora Core4, Core3; PHP 5.0.4, 4.3.9

A remote Denial of Service vulnerability has been reported when parsing EXIF image data contained in corrupt JPEG files.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-831.html

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

Currently we are not aware of any exploits for this vulnerability.

PHP Group Exif Module Remote Denial of Service

CVE-2005-3353

Low

Fedora Update Notifications,
FEDORA-2005-1061 & 1062, November 8, 2005

RedHat Security Advisory, RHSA-2005:831-15, November 10, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

Novell

NetMail 3.52 D

A buffer overflow vulnerability has been reported in the IMAP server when parsing certain long verb arguments, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://support.novell.
com/servlet/filedown
load/sec/ftf/

Currently we are not aware of any exploits for this vulnerability.

Novell NetMail IMAP Buffer Overflow

CVE-2005-3314

High
ZDI-05-003 Advisory, November 18, 2005

Opera Software

Opera Web Browser 8.50, 8.0-8.0 2

A vulnerability has been reported due to a failure to show the correct URL in the status bar if an image control with a 'title' attribute has been enclosed in a hyperlink and uses a form to specify the destination URL, which could let a remote malicious user trick users into visiting a malicious website.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Opera Image Control Status Bar Spoofing

CVE-2005-3699

Medium
Secunia Advisory: SA17571, November 16, 2005

PHP Download Manager

PHP Download Manager1.1-1.1.3

An SQL injection vulnerability has been reported in 'files.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.; however a Proof of Concept exploit has been published.

PHP Download Manager SQL Injection

CVE-2005-3769

Medium
Security Focus, Bugtraq ID: 15517, November 21, 2005

PHP Easy Download

PHP Easy Download

A vulnerability has been reported in 'edit.php' which could let a remote malicious user obtain authentication to obtain administrative access.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHP Easy Download Authentication Bypass

CVE-2005-3698

High
Security Focus, Bugtraq ID: 15470, November 16, 2005

PHP Group

PHP 5.0.5, 4.4.0

A vulnerability has been reported in the 'open_basedir' directive due to the way PHP handles it, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/php4/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Upgrades available at:
http://www.php.net/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-08.xml

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

Trustix:
http://http.trustix.org/
pub/trustix/updates/

There is no exploit code required.

PHP 'Open_BaseDir' Information Disclosure

CVE-2005-3054

Medium

Security Focus, Bugtraq ID: 14957, September 27, 2005

Ubuntu Security Notice, USN-207-1, October 17, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

Security Focus, Bugtraq ID: 14957, October 31, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

PHP

PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_
globals' directive; a Cross-Site Scripting vulnerability was reported in the 'phpinfo()' PHP function due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an integer overflow vulnerability was reported in 'pcrelib' due to an error, which could let a remote malicious user corrupt memory.

Upgrades available at:
http://www.php.net/
get/php-4.4.1.tar.gz

SUSE:
ftp://ftp.suse.com
/pub/suse/

TurboLinux:
ftp://ftp.turbolinux.co.
jp/pub/TurboLinux/
TurboLinux/ia32/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-838.html

http://rhn.redhat.
com/errata/RHSA-
2005-831.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-08.xml

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/

There is no exploit code required.

Medium

Secunia Advisory: SA17371, October 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Turbolinux Security Advisory TLSA-2005-97, November 5, 2005

Fedora Update Notifications,
FEDORA-2005-1061 & 1062, November 8, 2005

RedHat Security Advisories, RHSA-2005:838-3 & RHSA-2005:831-15, November 10, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

 

phpComasy

phpComasy 0.7.5, 0.7.4

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHPComasy SQL Injection

CVE-2005-3744

Medium
Security Focus, Bugtraq ID: 15511, November 21, 2005

phpldap
admin

phpldapadmin 0.9.6 - 0.9.7/alpha5

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; a Directory Traversal vulnerability was reported which could let a remote malicious user obtain sensitive information; and a file include vulnerability was reported, which could let a remote malicious user execute arbitrary PHP script code.

Debian:
http://security.debian.
org/pool/updates/
main/p/phpldapadmin/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-04.xml

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

An exploit script has been published.

phpLDAPadmin Multiple Vulnerabilities

CAN-2005-2792
CAN-2005-2793

Medium

Security Focus, Bugtraq ID: 14695, August 30, 2005

Security Focus, Bugtraq ID: 14695, September 7, 2005

Mandriva Linux Security Advisory, MDKSA-2005:212, November 16, 2005

phpMyFAQ Team

phpmyFAQ 1.5.3 & prior

Cross-Site Scripting vulnerabilities have been reported in the 'add content' page due to insufficient sanitization of the 'thema,' 'username,' and 'usermail' parameters, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.phpmyfaq.
de/download.php?do
=download&number
=1.5.4&version=f ull
&ext=.tar.gz

There is no exploit code required.

PHPMyFAQ Multiple Cross-Site Scripting

CVE-2005-3734

Medium
TKADV2005-11-004 Advisory, November 19, 2005

PHPPost

PHPPost 1.0

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPPost Multiple Cross-Site Scripting

CVE-2005-3770

Medium
Security Focus, Bugtraq ID: 15524, November 22, 2005

phpSysInfo

phpSysInfo 2.3

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. It is also possible to obtain the full path to certain scripts.

Debian:
http://security.debian.
org/pool/updates/main/
p/phpsysinfo/

Debian:
http://security.debian.
org/pool/updates/
main/p/phpsysinfo/

Debian:
http://security.debian.
org/pool/updates/
main/p/phpgroupware/

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

There is no exploit code required; however, Proofs of Concept exploits have been published.

PHPSysInfo Multiple Cross-Site Scripting

CVE-2005-0870

High

Secunia Advisory,
SA14690, March 24, 2005

Debian Security Advisory, DSA 724-1, May 18, 2005

Debian Security Advisory, DSA 897-1, November 15, 2005

Mandriva Linux Security Advisory, MDKSA-2005:212, November 16, 2005

Debian Security Advisory, DSA 898-1, November 17, 2005

 

PMachine

PMachine Pro 2.4

A vulnerability has been reported in 'mail_autocheck.
php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Pmachine Pro Email Remote File Include

CVE-2005-0513

High
Security Focus, Bugtraq ID: 15473, November 16, 2005

Saturn Innovation

Saturn Innovation Mailing system

An SQL injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Saturn Innovation Mailing System SQL Injection
Medium
Security Focus, Bugtraq ID: 15518, November 21, 2005

Senao

SI-680H VOIP WIFI Phone 0.3 .0839

A vulnerability has been reported because connections from VxWorks debugger on port 17185/udp are allowed, which could let a remote malicious user obtain sensitive information or cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access

CVE-2005-3715

Medium
Secunia Advisory: SA17606, November 17, 2005

SimplePoll

SimplePoll

An SQL injection vulnerability has been reported in 'results.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SimplePoll SQL Injection

CVE-2005-3743

Medium
Security Focus, Bugtraq ID: 15508, November 21, 2005

Symantec

Gateway Security 5400 2.0.1, 5310 1.0, 5300 1.0, 5200 1.0, 5100, 5000, 400 2.0, 300 2.0, Firewall/VPN Appliance 200R, 200, 100, Enterprise Firewall 8.0 Solaris, 8.0 NT/2000

A remote Denial of Service vulnerability has been reported due to a failure of the product's IPSec implementation to properly handle malformed IKE packets.

Patch information available at:
http://securityresponse.
symantec.com/avcenter/
security/Content/
2005.11.21.html

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Symantec Dynamic VPN Services Remote Denial of Service

CVE-2005-3768

Low
Symantec Security Advisory, SYM05-025,
November 21, 2005

Tru-Zone

NukeET 3.0-3.2

An SQL injection vulnerability has been reported in the 'search' module due to insufficient sanitization of the 'query' variable before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Fix available at:
http://www.truzone.
org/modules.php?
name=
DescNuke&
d_op=getit&lid=1557

There is no exploit code required; however, a Proof of Concept exploit has been published.

Tru-Zone Nuke ET SQL Injection

CVE-2005-3748

Medium
Security Focus, Bugtraq ID: 15519, November 21, 2005

Unclassified NewsBoard

Unclassified NewsBoard 1.5.3 a, 1.5.3

An SQL injection vulnerability has been reported in 'forum.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit script has been published.

Unclassified NewsBoard SQL Injection

CVE-2005-3686

Medium
Security Focus, Bugtraq ID: 15466, November 16, 2005

Uresk Links

Uresk Links 2.0 Lite

A vulnerability has been reported in 'index.php' which could let a remote malicious user bypass authentication to obtain administrative access.

No workaround or patch available at time of publishing.

There is no exploit code required.

Uresk Links Admin Authentication Bypass

CVE-2005-3697

High
Security Focus, Bugtraq ID: 15469, November 16, 2005

UTStarcom

F1000 VOIP WIFI Phone s2.0

Multiple vulnerabilities have been reported: a vulnerability was reported because the SNMP service that runs on the IP phone allows read access using default public credential, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in the rlogin service due to insufficient access controls, which could let a remote malicious user obtain unauthorized access.

Users of affected packages should contact the vendor for further information on obtaining fixes.

There is no exploit code required.

UTStarcom F1000 Wi-Fi Handset Multiple Vulnerabilities

CVE-2005-3716
CVE-2005-3717
CVE-2005-3718

Medium
Secunia Advisory: SA17629, November 17, 2005

XMail

XMail 1.21

A buffer overflow vulnerability has been reported in the 'AddressFromAtPtr()' function due to a boundary error when copying the hostname portion of an e-mail address to a 256-byte buffer, which could let a malicious user execute arbitrary code.

Upgrade available at:
http://www.xmailserver.
org/

Debian:
http://security.debian.
org/pool/updates/
main/x/xmail/

An exploit script has been published.

XMail Command Line Buffer Overflow

CVE-2005-2943

High

Security Tracker Alert ID: 1015055, October 13, 2005

Security Focus, Bugtraq ID: 15103, October 22, 2005

Debian Security Advisory, DSA 902-1, November 21, 2005

XMB Forum

XMB Forum, 1.9.3, 1.9.2

Several vulnerabilities have been reported: a vulnerability was reported in 'member.php' due to insufficient sanitization of 'Your Current Mood' field when registering for an account, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because a remote malicious user can submit a specially crafted URL to cause the system to display an error message that
discloses sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

XMB Forum HTML Injection & Path Disclosure

CVE-2005-3688
CVE-2005-3689

Medium
KAPDA::#13 Advisory, November 17, 2005

yaSSL

yaSSL 1.0-1.0.5, 0.x

A vulnerability has been reported due to an unspecified error when processing the certification chain, which could allow improper certificates to be used when authenticating connections.

Upgrades available at: http://yassl.com/yassl-1.0.6.zip

Currently we are not aware of any exploits for this vulnerability.

yaSSL Certification Chain Processing

CVE-2005-2731

Medium
Security Focus, Bugtraq ID: 15487, November 17, 2005

ZyXEL

Prestige 2000W v.1VoIP Wi-Fi Phone

An information disclosure vulnerability was reported, which could let a remote malicious user obtain sensitive information to perform a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure

CVE-2005-3725

Low
Security Focus, Bugtraq ID: 15478, November 16, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • Mobile phones growing faster than ever: According to a principal analyst for mobile terminals research at Gartner, the international mobile phone market is experiencing its largest ever growth period. The third quarter of 2005 saw 205.4 million mobiles sold around the world, a 22 per cent increase on the same period of last year. Source: http://www.pcw.co.uk/computing/news/2146448/mobile-sales-biggest-ever.
  • Panelists Weigh Potential RFID Security Threats: TechBix Connection panelists that participated in a discussion on Radio Frequency identification technology (RFID) agree there are security risks for companies that don't secure their RFID network by using equipment with built in protocols such as secure shell and secure socket layer. Source: http://www.informationweek.com/story/
    showArticle.jhtml?articleID=174400968&tid=6004
    .

Wireless Vulnerabilities

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
November 22, 2005 IEWindow0day.txt
Yes
Exploit for the Microsoft Internet Explorer Unauthorized Access vulnerability.
November 21, 2005 FileZillaDoS.cpp
No
Exploit for the FileZilla Server Terminal Privilege Elevation or Arbitrary Code Execution vulnerability.
November 21, 2005 freeftpd_user.pm
No
Proof of Concept exploit for the FreeFTPD User Command Buffer Overflow vulnerability.
November 21, 2005 mailenable_imap_w3c.pm
mailenable154.pm.txt
Yes
Exploits for the MailEnable Arbitrary Code Execution vulnerability.
November 21, 2005 df.swf
flash_dos_poc.c
Flashosx.c
Yes
Proof of Concept exploit scripts for the Macromedia Flash Input Validation vulnerability.
November 21, 2005 Inkscape.svg
Yes
Proof of Concept Denial of Service exploit for the Inkscape SVG Image Buffer Overflow vulnerability.
November 21, 2005 google_proxystylesheet_exec.pm
Yes
Exploit for the Google Mini Search Appliance Multiple Vulnerabilities.
November 20, 2005 TKADV2005-11-004.txt
Yes
Exploit details for the PHPMyFAQ Multiple Cross-Site Scripting vulnerabilities.
November 20, 2005 nestea.tgz
N/A
A CGI scanner that also looks for forbidden files and directories and has a database of 2097 vulnerabilities.
November 20, 2005 phpwcms.txt
No
Exploit details for the phpwcms File Include, Information Disclosure & Cross-Site Scripting vulnerabilities.
November 20, 2005 SA027.txt
No
Exploit details for the PHPNuke SQL Injection vulnerability.
November 20, 2005 revizeSQL.txt
No
Exploit details for the Revize CMS Cross-Site Scripting, SQL Injection, & Information Disclosure vulnerabilities.
November 20, 2005 FTGate-expl.pl.txt
No
Proof of Concept exploit for the FTGate Denial of Service or Arbitrary Code Execution vulnerability.
November 20, 2005 ekin103_xpl.html
No
Exploit for the ekinboard Cross-Site Scripting & Script Injection vulnerabilities.
November 20, 2005 XH-FreeFTPD_remote_bof.c
No
Exploit for the freeFTPd Buffer Overflow vulnerability.
November 20, 2005 google.pm.txt
Yes
Exploit for the Google Mini Search Appliance Multiple Vulnerabilities.
November 20, 2005 11.17.05.txt
No
Exploit details for the Qualcomm WorldMail IMAP Server Information Disclosure vulnerability.
November 20, 2005 eQuickSQLXSS.txt
No
Exploit details for the e-Quick Cart Multiple Vulnerabilities.
November 20, 2005 db-sec-tokens.pdf
N/A
"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privilege.
November 20, 2005 mamboRumor.txt
No
Exploit for the Mambo Open Source Remote File Include vulnerability.
November 18, 2005 XH-freeFTPD_remote_bof.c
No
Exploit for the FreeFTPD Multiple Buffer Overflow Vulnerabilities.
November 16, 2005 UNB153pl3_xpl.php
No
Exploit for the Unclassified NewsBoard SQL Injection Vulnerability.

[back to top]

Trends
  • US-CERT VU#226364: Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.
  • W32/Sober Revisited: US-CERT is aware of several new variants of the W32/Sober virus that propagate via email. As with many viruses, these variants rely on social engineering to propagate. Specifically, the user must click on a link or open an attached file. Source: http://www.us-cert.gov/current/.
  • Exploit for Vulnerability in Microsoft Internet Explorer window() object: US-CERT is aware of a vulnerability in the way Microsoft Internet Explorer handles requests to the window() object. Source: http://www.us-cert.gov/current/.
  • The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus: The top 20 list is compiled by the SANS Institute in co-operation with security vendors has been released. It highlights the 20 most critical vulnerabilities currently facing organizations. In addition to identifying vulnerabilities in Windows and UNIX systems, this year's Top-20 list also includes cross-platform applications and networking products for the first time. Source: http://www.sans.org/top20/ .
  • Computer hackers target security products: According to research, computer hackers have stepped up efforts to exploit flaws in information security software. According to the SANS Institute Top 20 security vulnerability report, over the past 12 months cyber criminals have shifted their attention from targeting holes in Windows and Unix software to attacking data back-up, recovery and antivirus products. Source: http://www.vnunet.com/computing/news/2146422/computer-hackers-target.
  • Web giants crack down on spyware: Several Internet firms, including Yahoo, AOL, and Verizon have joined together to reduce the spread of adware and spyware that is distributed by 'piggybacking' on legitimate downloads. They have agreed to establish industry standards for monitoring and enforcing good behavior on websites which offer downloadable software. Source: http://www.itweek.co.uk/vnunet/news/2146346/web-giants-crack-spyware.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description

1

Netsky-P

Win32 Worm

Stable

March 2004

A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.

2

Mytob-BE

Win32 Worm

Stable

June 2005

A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data.

3

Netsky-D

Win32 Worm

Stable

March 2004

A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.

4

Mytob-GH

Win32 Worm

Stable

November 2005

A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.

5

Mytob-AS

Win32 Worm

Stable

June 2005

A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.

6

Netsky-Z

Win32 Worm

Stable

April 2004

A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.

7

Lovgate.w

Win32 Worm

Stable

April 2004

A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.

8

Zafi-D

Win32 Worm

Stable

December 2004

A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.

9

Zafi-B

Win32 Worm

Stable

June 2004

A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.

10

Mytob.C

Win32 Worm

Stable

March 2004

A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.

Table updated November 21, 2005

[back to top]

 

 

 

Last updated

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source
AMAX Information Technologies

Winmail Server 4.2

Multiple vulnerabilities have been reported in Winmail Server that could let remote malicious users conduct Cross-Site Scripting and arbitrarily manipulate files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Winmail Server Multiple Vulnerabilities

CVE-2005-3692

Medium Secunia Advisory: SA16665, November 18, 2005
Cerberus FTP Server prior to 2.32

A vulnerability has been reported in Cerberus FTP Server that could let remote malicious users cause a Denial of Service.

Upgrade to newest version:
http://www.cerberusftp.com/
download.htm#download

Currently we are not aware of any exploits for this vulnerability.

Cerberus FTP Server Denial of Service Low Secunia Advisory: SA17650, November 23, 2005

Costal Data Management

e-Quick Cart

An input validation vulnerability has been reported in e-Quick Cart that could let remote malicious user conduct Cross-Site Scripting, perform SQL injection, or execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

e-Quick Cart Multiple Vulnerabilitie

CVE-2005-3735
CVE-2005-3736

High Security Tracker Alert ID: 1015244, November 19, 2005

Eudora WorldMail Server 3.0

A vulnerability has been reported in WorldMail Server that could let remote malicious users disclose information.

No workaround or patch available at time of publishing.

An exploit has been published.

Eudora WorldMail Server Information Disclosure

CVE-2005-3189

Medium Security Tracker, Alert ID: 1015236, November 17, 2005

Hitachi

Cosminexus Collaboration, Groupmax Collaboration

A vulnerability has been reported in Cosminexus Collaboration and Groupmax Collaboration that could let remote malicious users conduct Cross-Site Scripting or cause a Denial of Service.

Vendor solution available:
http://www.hitachi-support.com/
security_e/vuls_e/HS05-023_e
/01-e.html

There is no exploit code required.

Cosminexus Collaboration and Groupmax Collaboration Cross-Site Scripting or Denial of Service
Medium Hitachi, Software Vulnerability Information HS05-023, November 18, 2005
MailEnable Professional 1.6, Enterprise 1.1

A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code or cause a Denial of Service.

Vendor fix available; http://www.mailenable.com/hotfix/

Currently we are not aware of any exploits for this vulnerability.

MailEnable Arbitrary Code Execution or Denial of Service

CVE-2005-3691

High Security Tracker, Alert ID: 1015239, November 18, 2005

Microsoft

Internet Explorer

A vulnerability has been reported in Internet Explorer that could let remote malicious users to obtain unauthorized access.

Vendor solutions available:
http://www.microsoft.com/
technet/security/advisory
/911302.mspx

An exploit script has been published.

Microsoft Internet Explorer Unauthorized Access

CVE-2005-1790

Medium

Microsoft, Security Advisory 911302, November 21, 2005

USCERT, VU#887861

VP-ASP Shopping Cart 5.50

An input validation vulnerability has been reported in VP-ASP Shopping Cart that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however a Proof of Concept exploit has been published.

VP-ASP Shopping Cart Cross-Site Scripting

Medium

Security Tracker, Alert ID: 1015238, November 18, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

common-lisp-controller

common-lisp-controller

A vulnerability has been reported when validating the ownership of the cache directory, which could let a remote malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/c/
common-lisp-controller/
common-lisp-controller
_4.15sarge2_all.deb

Debian:
http://security.debian.
org/pool/updates/
main/c/common-
lisp-controller/

Currently we are not aware of any exploits for this vulnerability.

Common-lisp-controller Elevated Privileges

CVE-2005-2657

Medium

Debian Security Advisory, DSA 811-1, September 14, 2005

Debian Security Advisory, DSA 811-2, November 21, 2005

Eric S Raymond

Fetchmail 6.x

A vulnerability has been reported in the 'fetchmailconf' configuration utility due to a race condition, which could let a malicious user obtain sensitive information.

Upgrades available at: http://download.
berlios.de/fetchmail/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-06.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/f/fetchmail/

Mandriva:
http://www.mandriva.
com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/f/fetchmail/

http://security.debian.
org/pool/updates/
main/f/fetchmail-ssl/

There is no exploit code required.

Fetchmail 'fetchmailconf' Information Disclosure

CVE-2005-3088

Medium

fetchmail-SA-2005-02 Security Announcement, October 21, 2005

Gentoo Linux Security Advisory, GLSA 200511-06, November 6, 2005

Ubuntu Security Notice, USN-215-1, November 07, 2005

Mandriva Linux Security Advisory, MDKSA-2005:209, November 10, 2005

Debian Security Advisory, DSA 900-2 & 900-3, November 21 & 22, 2005

GpsDrive

GpsDrive 2.0 9

A format string vulnerability has been reported in 'Friendsd,' which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.
org/pool/updates/
main/g/gpsdrive/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Proof of Concept exploits have been published.

GpsDrive Remote Format String

CVE-2005-3523

High

Security Focus, Bugtraq ID: 15319, November 4, 2005

Debian Security Advisory, DSA 891-1, November 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Hewlett Packard Company

HP-UX B.11.23, B.11.11, B.11.00

A remote Denial of Service vulnerability has been reported due to security flaws in HP's IPSec implementation.

Updates available at: http://www.hp.com/
go/softwaredepot

Vulnerability can be reproduced using the PROTOS ISAKMP Test Suite.

HP-UX IPSec Remote Denial of Service

CVE-2005-3670

Low
HP Security Bulletin, HPSBUX02076, November 16, 2005

IBM

WebSphere Application Server for z/OS 5.0

A remote Denial of Service vulnerability has been reported in the 'BBOORB' module due to a double-free error.

Update available at:
http://www-1.ibm.com/
support/docview.wss?
uid=swg1PK13936#more

Currently we are not aware of any exploits for this vulnerability.

IBM WebSphere Application Server for z/OS Remote Denial of Service

CVE-2005-3760

Low
IBM Advisory, PK13936, November 22, 2005

Info-ZIP

UnZip 5.52

A vulnerability has been reported due to a security weakness when extracting an archive to a world or group writeable directory, which could let a malicious user modify file permissions.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SCO:
ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.39/507

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/unzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/u/unzip/

There is no exploit code required.

Info-ZIP UnZip File Permission Modification

CVE-2005-2475

Medium

Security Focus, 14450, August 2, 2005

Fedora Update Notification,
FEDORA-2005-844, September 9, 2005

SCO Security Advisory, SCOSA-2005.39, September 28, 2005

Ubuntu Security Notice, USN-191-1, September 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0053, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:197, October 26, 2005

Debian Security Advisory, DSA 903-1, November 21, 2005

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

Upgrades available at:
http://prdownloads.sourceforge.
net/ipsec-tools/ipsec-tools-
0.6.3.tar.bz2?download

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Low
Security Focus, Bugtraq ID: 15523, November 22, 2005

libpng

pnmtopng 2.38, 2.37.3-2.37.6

A buffer overflow vulnerability has been reported in 'Alphas_Of
_Color' due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng-
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Currently we are not aware of any exploits for this vulnerability.

PNMToPNG Remote Buffer Overflow

CVE-2005-3662

High

Security Focus, Bugtraq ID: 15427, November 15, 2005

Debian Security Advisory, DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1, November 21, 2005

Lite Speed Technologies

LiteSpeed Web Server 2.1.5

A Cross-Site Scripting vulnerability has been reported in 'admin'/config'confMgr.php' due to insufficient sanitization of the 'm' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

LiteSpeed Web Server Cross-Site Scripting

CVE-2005-3695

Medium
Secunia Advisory: SA17587, November 17, 2005

Multiple Vendors

gnump3d 2.9-2.9.7; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

Several vulnerabilities have been reported: a vulnerability was reported in the 'index.lok' lock file when indexing music files due to the insecure creation of temporary files, which could let a remote malicious user overwrite arbitrary files; and a Directory Traversal vulnerability was reported when processing certain CGI parameters and cookie values due to an input validation error, which could let a remote malicious user obtain sensitive information.

Update available at:
http://savannah.gnu.
org/download/
gnump3d/

Debian:
http://security.debian.
org/pool/updates/
main/g/gnump3d/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-16.xml

There is no exploit code required.

GNU gnump3d Insecure Temporary File Creation & Directory Traversal

CVE-2005-3349
CVE-2005-3355

Medium

Secunia Advisory: SA17647, November 18, 2005

Debian Security Advisory, DSA 901-1, November 19, 2005

Gentoo Linux Security Advisory, GLSA 200511-16, November 21, 2005

Multiple Vendors

Linux Kernel Linux kernel 2.6- 2.6.14

A Denial of Service vulnerability has been reported in 'net/ipv6/
udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Upgrades available at:
http://kernel.org/
pub/linux/kernel/
v2.6/linux-
2.6.14.tar.bz2

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPV6 Denial of Service

CVE-2005-2973

Low

Secunia Advisory: SA17261, October 21, 2005

Fedora Update Notifications,
FEDORA-2005-1007 & 1013, October 20, 2005

Security Focus, Bugtraq ID: 15156, October 31, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1

A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.

Upgrades available at:
http://www.squid-cache.
org/Versions/v2/2.5/
squid-2.5.STABLE
11.tar.gz

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/squid/

Debian:
http://security.debian.
org/pool/updates/
main/s/squid/

Mandriva:
http://www.mandriva.
com/security/
advisories

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44

SUSE:
ftp://ftp.suse.com
/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM Authentication Remote Denial of Service

CVE-2005-2917

Low

Secunia Advisory: SA16992, September 30, 2005

Ubuntu Security Notice, USN-192-1, September 30, 2005

Debian Security Advisory, DSA 828-1, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
TouchTunes Rhapsody,
TouchTunes Maestro;
SuSE UnitedLinux 1.0, Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 10.0, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Enterprise Server 9, 8, Linux Desktop 1.0;
RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, 2.1 IA64, 2.1, AS 4, AS 3, AS 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; GTK+ 2.8.6, 2.6.4, 2.4.14, 2.4.13, 2.4.10, 2.4.9, 2.4.1, 2.2.4, 2.2.3;
GNOME GdkPixbuf 0.22;
Gentoo Linux ; Ardour 0.99

Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' due to the insufficient validation of the 'n_col' value before using to allocate memory, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when processing an XPM file that contains a large number of colors; and an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when performing calculations using the height, width, and colors of a XPM file, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

Updates available at:
ftp://ftp.gtk.org/
pub/gtk/v2.8/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-810.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-14.xml

SuSE:
ftp://ftp.suse.com/
pub/suse/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

Mandriva:
http://www.mandriva.
com/security/
advisories

Trustix:
http://http.trustix.
org/pub/trustix/

Currently we are not aware of any exploits for these vulnerabilities.

GTK+ GdkPixbuf XPM Image Rendering Library

CVE-2005-2975
CVE-2005-2976
CVE-2005-3186

High

Fedora Update Notifications
FEDORA-2005-1085 & 1086, November 15, 2005

RedHat Security Advisory, RHSA-2005:810-9, November 15, 2005

Gentoo Linux Security Advisory GLSA 200511-14, November 16, 2005

SUSE Security Announcement, SUSE-SA:2005:065, November 16, 2005

Ubuntu Security Notice, USN-216-1, November 16, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005


Multiple Vendors

GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2

A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-344.html

http://rhn.redhat.com/
errata/RHSA-
2005-343.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

SGI:
ftp://patches.sgi.com
/support/free/security/
advisories/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000958

Mandriva:
http://www.mandriva.
com/security/
advisories

Currently we are not aware of any exploits for this vulnerability.

GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service

CVE-2005-0891

Low

Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268, March 30, 2005

RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005

Ubuntu Security Notice, USN-108-1 April 05, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005

SGI Security Advisory, 20050403-01-U, April 15, 2005

Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005

Conectiva Security Advisory, CLSA-2005:958, June 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Multiple Vendors

Gnome-DB libgda 1.2.1;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

Format string vulnerabilities have been reported in 'gda-log.c' due to format string errors in the 'gda_log_error()' and 'gda_
log_message()' functions, which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.
org/pool/updates/
main/libg/libgda2/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/libg/libgda2/

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-01.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/3/

Currently we are not aware of any exploits for these vulnerabilities.

GNOME-DB
LibGDA Multiple Format String

CVE-2005-2958

High

Security Focus, Bugtraq ID: 15200, October 25, 2005

Debian Security Advisory,
DSA-871-1 & 871-2, October 25, 2005

Ubuntu Security Notice, USN-212-1, October 28, 2005

Mandriva Linux Security Advisory, MDKSA-2005:203, November 1, 2005

Gentoo Linux Security Advisory, GLSA 200511-01, November 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Fedora Update Notification,
FEDORA-2005-1029, November 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

GNU gnump3d 2.9-2.9.5;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

A vulnerability has been reported in GNUMP3d that could let remote malicious users conduct Cross-Site Scripting or traverse directories.

Upgrade to version 2.9.6:
http://savannah.gnu.
org/download/
gnump3d/
gnump3d-2.9.6.tar.gz

Debian:
http://security.debian.
org/pool/updates/
main/g/gnump3d/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-05.xml

There is no exploit code required; however, Proof of Concept exploits have been published.

GNUMP3d Cross-Site Scripting or Directory Traversal

CVE-2005-3122
CVE-2005-3123

Medium

Security Focus Bugtraq IDs: 15226 & 15228, October 28, 2005

Debian Security Advisory DSA 877-1, October 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Gentoo Linux Security Advisory, GLSA 200511-05, November 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

GNU gnump3d 2.9-2.9.5;
Gentoo Linux

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.gnu.org/
software/gnump3d/
download.html#
Download

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-05.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required.

GNU gnump3d Unspecified Cross-Site Scripting

CVE-2005-3425

Medium

Gentoo Linux Security Advisory GLSA 200511-05, November 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

Linux Kernel 2.4.x, 2.6 prior to 2.6.11.11

A vulnerability has been reported in the Linux kernel in the Radionet Open Source Environment (ROSE) implementation in the 'rose_rt_ioctl()' function due to insufficient validation of a new routes' ndigis argument. The impact was not specified.

Updates available at:
http://linux.bkbits.
net:8080/linux-2.4/
cset@41e2cf515Tpixc
VQ8q8HvQvCv9E6zA

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Radionet Open Source Environment (ROSE) ndigis Input Validation

CVE-2005-3273

 

Not Specified

Security Tracker Alert, 1014115, June 7, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.12 .3, 2.4-2.4.32

A Denial of Service vulnerability has been reported in 'IP_VS_
CONN_FLUSH' due to a NULL pointer dereference.

Kernel versions 2.6.13 and 2.4.32-pre2 are not affected by this issue.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Denial of Service

CVE-2005-3274

Low

Security Focus, Bugtraq ID: 15528, November 22, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/
request_key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.

Patches available at:
http://kernel.org/pub/
linux/kernel/v2.6/testing/
patch-2.6.14-rc4.bz2

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-808.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

There is no exploit code required.

Linux Kernel Denial of Service & Information Disclosure

CVE-2005-3119
CVE-2005-3180
CVE-2005-3181

Medium

Secunia Advisory: SA17114, October 12, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005

Fedora Update Notifications,
FEDORA-2005-1013, October 20, 2005

RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.14

A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'

Upgrades available at:
http://kernel.org/pub/
linux/kernel/v2.6/
linux-2.6.14.1.tar.bz2

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

There is no exploit code required.

Linux Kernel 'Sysctl' Denial of Service

CVE-2005-2709

Low

Secunia Advisory: SA17504, November 9, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Linux kernel 2.6-2.6.14

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-514.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel USB Subsystem Denials of Service

CVE-2005-2873
CVE-2005-3055

Low

Secunia Advisory: SA16969, September 27, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

Multiple Vendors

Miklos Szeredi FUSE 2.4 .0, 2.3.0, 2.3 -rc1, 2.2.1, 2.2;
Gentoo Linux

 

A vulnerability has been reported because fusermount fails to securely handle special characters specified in mount points, which could let a malicious user cause a Denial of Service or add arbitrary mount points.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-17.xml

There is no exploit code required.

FUSE Mount Options Corruption

CVE-2005-3531

Medium
Gentoo Linux Security Advisory, GLSA 200511-17, November 22, 2005

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10

A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_SSLV2_
RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.

OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml

Slackware:
ftp://ftp.slackware.
com/pub/
slackware/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/

OpenPKG:
ftp://ftp.openpkg.org/
release/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/

NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804

BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
\2005-2969.html

Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Number=63500&page
=0&view=collapsed&
sb=5&o=&fpart=
1#63500

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.48

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Board=UBB1&Number
=63678&Forum=All_
Forums&Words=
4.028&Searchpage=
0&Limit=25&Main=
63678&Search=true&
where=bodysub&Name=
&daterange=1&newerval=
1&newertype=m&olderval=
&oldertype=&bodyprev=
#Post63678

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors OpenSSL Insecure Protocol Negotiation

CVE-2005-2969

Medium

OpenSSL Security Advisory, October 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005

RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005

Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005

Slackware Security Advisory, SSA:2005-286-01, October 13, 2005

Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005

Ubuntu Security Notice, USN-204-1, October 14, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005

SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Debian Security Advisory DSA 875-1, October 27, 2005

NetBSD Security Update, November 1, 2005

BlueCoat Systems Advisory, November 3, 2005

Debian Security Advisory, DSA 888-1, November 7, 2005

Astaro Security Linux Announce-ment, November 9, 2005

SCO Security Advisory, SCOSA-2005.48, November 15, 2005

Astaro Security Linux Update, November 16, 2005

Multiple Vendors

SpamAssassin 3.0.4;
RedHat Fedora Core3

A vulnerability has been reported due to a failure to handle exceptional conditions, which could let a remote malicious user bypass spam detection.

SpamAssassin:
http://spamassassin.
apache.org/downloads.
cgi?update=
200509141634

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

There is no exploit code required.

SpamAssassin Spam Detection Bypass

CVE-2005-3351

Medium

Fedora Update Notification,
FEDORA-2005-1065, November 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0064, November 22, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0, 9.20 -9.25; libpng pnmtopng 2.38, 2.37.3-2.37.6;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

libpng:
http://prdownloads.sourceforge.
net/png-mng/pnmtopng-
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Currently we are not aware of any exploits for this vulnerability.

NetPBM PNMToPNG Remote Buffer Overflow

CVE-2005-3632

High

Debian Security Advisory DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1 November 21, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64;
Linux kernel 2.6-2.6.12 .3

An information disclosure vulnerability has been reported in 'SYS_GET_THREAD_AREA,' which could let a malicious user obtain sensitive information.

Kernel versions 2.6.12.4 and 2.6.13 are not affected by this issue.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Information Disclosure

CVE-2005-3276

Medium
Ubuntu Security Notice, USN-219-1, November 22, 2005

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available at:
http://sourceforge.net
/project/showfiles.
php?group_id=
12694&package_
id =11571
&release_id=338899

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-720.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/net-snmp/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-395.html

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-225.pdf

SUSE:
ftp://ftp.SUSE.
com/pub/SUSE

Debian:
http://security.debian.
org/pool/updates/
main/n/net-snmp/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/ucd-snmp

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial of Service

CVE-2005-2177

Low

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005

Ubuntu Security Notice, USN-190-1, September 29, 2005

RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005

Conectiva Linux Announcement, CLSA-2005:1032, October 13, 2005

Avaya Security Advisory, ASA-2005-225, October 18, 200

SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005

Debian Security Advisory, DSA 873-1, October 26, 2005

Ubuntu Security Notice, USN-190-2, November 21, 2005

Openswan

Openswan 2.2-2.4, 2.1.4-2.1.6, 2.1.2, 2.1.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling IKE packets that have an invalid 3DES key length; and a remote Denial of Service vulnerability was reported when handling certain specially crafted IKE packets.

Upgrades available at:
http://www.openswan.
org/download/opens
wan-2.4.2.tar.gz

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Board=UBB1&Number
=63678&Forum=All_
Forums&Words=
4.028
&Searchpage=
0&Limit=25&Main=
63678&Search=true
&where=bodysub&Name=
&daterange=1&newerval=
1&newertype=m&olderval=
&oldertype=&bodyprev=
#Post63678

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Vulnerabilities can be reproduced using the PROTOS ISAKMP Test Suite.

Openswan IKE Message Remote Denials of Service

CVE-2005-3671

Low

CERT-FI & NISCC Joint Vulnerability Advisory, November 15, 2005

Astaro Security Linux Update, November 16, 2005

Fedora Update Notifications,
FEDORA-2005-1092 & 1093, November 21, 2005

Opera Software

Opera Web Browser 8.5, 8.0-8.0 2

A vulnerability has been reported due to insufficient sanitization of user-supplied data passed through a URI, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.opera.com/
download/

There is no exploit code required.

Opera Web Browser Arbitrary Command Execution

CVE-2005-3750

High
Secunia Advisory: SA16907, November 22, 2005

PCRE

PCRE 6.1, 6.0, 5.0

A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code.

Updates available at:
http://www.pcre.org/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/pcre3/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200508-17.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

Ubuntu:
http://security.ubuntu.
com/ubuntu/
pool/main/

Debian:
http://security.debian.
org/pool/updates/
main/p/pcre3/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Slackware:
ftp://ftp.slackware.
com/pub/slackware/
slackware-10.1/
testing/packages/
php-5.0.5/php-
5.0.5-i486-1.tgz

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-08.xml

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Gentoo:
http://security.gentoo
.org/glsa/glsa-
200509-12.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/python2.2/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-19.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/python2.3/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/
TurboLinux/
TurboLinux/ia32/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-216.pdf

Trustix:
http://http.trustix.
org/pub/trustix/
updates/

HP:
http://h20293.www2.
hp.com/cgi-bin/
swdepot_parser.
cgi/cgi/displayProduct
Info.pl?productNumber=
HPUXWSSUITE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Currently we are not aware of any exploits for this vulnerability.

PCRE Regular Expression Heap Overflow

CVE-2005-2491

High

Secunia Advisory: SA16502, August 22, 2005

Ubuntu Security Notice, USN-173-1, August 23, 2005

Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005

Fedora Update Notifications,
FEDORA-2005-802 & 803, August 24, 2005

Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005

Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005

SUSE Security Announcements, SUSE-SA:2005:048 & 049, August 30, 2005

Slackware Security Advisories, SSA:2005-242-01 & 242-02, August 31, 2005

Ubuntu Security Notices, USN-173-3, 173-4 August 30 & 31, 2005

Debian Security Advisory, DSA 800-1, September 2, 2005

SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005

Slackware Security Advisory, SSA:2005-251-04, September 9, 2005

Gentoo Linux Security Advisory, GLSA 200509-08, September 12, 2005

Conectiva Linux Announce-
ment, CLSA-2005:1009, September 13, 2005

Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005

Debian Security Advisory, DSA 817-1 & DSA 819-1, September 22 & 23, 2005

Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005

Debian Security Advisory, DSA 821-1, September 28, 2005

Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005

Turbolinux Security Advisory, TLSA-2005-92, October 3, 2005

Avaya Security Advisory, ASA-2005-216, October 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

HP Security Bulletin, HPSBUX02074, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

PHP

PHP 5.0 .0-5.0.5, 4.4 .0, 4.3.1 -4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0 0-4.0.7

A Denial of Service vulnerability has been reported in the 'sapi_apache2.c' file.

PHP 5.1.0 final and 4.4.1 final are not affected by this issue. Please contact the vendor to obtain fixes.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-08.xml

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

Trustix:
http://http.trustix.org/
pub/trustix/updates/

There is no exploit code required.

PHP Apache 2 Denial of Service

CVE-2005-3319

Low

Security Focus, Bugtraq ID: 15177, October 24, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

phpMyAdmin

phpMyAdmin 2.6 .0-2.6.3, 2.5 .0-2.5.7, 2.4 .0, 2.3.2, 2.3.1, 2.2 -2.2.6, 2.1-2.1 .2, 2.0-2.0.5

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in 'libraries/auth/cookie.
auth.lib.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability has been reported in 'error.php' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://sourceforge.net/
project/showfiles.php
?group_id=23067

Debian:
http://security.debian.
org/pool/updates/
main/p/phpmyadmin/

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPMyAdmin Cross-Site Scripting

CVE-2005-2869

Medium

Secunia Advisory: SA16605, August 29, 2005

Debian Security Advisory, DSA 880-1, November 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Announcement, SUSE-SA:2005:066, November 18, 2005

phpMyAdmin

phpMyAdmin 2.x

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of certain configuration parameters, which could let a remote malicious user include arbitrary files; and a Cross-Site Scripting vulnerability was reported in 'left.php,' 'queryframe.php,' and 'server_databases.php' due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
phpmyadmin/
phpMyAdmin
-2.6.4-pl3.tar .gz

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-21.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/phpmyadmin/

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required; however, a Proof of Concept exploit has been published.

phpMyAdmin Local File Inclusion & Cross-Site Scripting

CVE-2005-3300
CVE-2005-3301

Medium

Secunia Advisory: SA17289, October 24, 2005

Gentoo Linux Security Advisory, GLSA 200510-21, October 25, 2005

Debian Security Advisory, DSA 880-1, November 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Announcement, SUSE-SA:2005:066, November 18, 2005

Smb4k

Smb4k 0.4-0.6

A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information.

Patches available at:
http://download.berlios.de/
smb4k/001_security_fix_
smb4k_0.4.1a.diff.gz

Upgrades available at:
http://download.berlios.de/
smb4k/smb4k-0.6.3.tar.gz

Mandriva:
http://www.mandriva.com/
security/advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-15.xml

There is no exploit code required.

Smb4k Insecure Temporary File Creation

CVE-2005-2851

Medium

Security Focus, Bugtraq ID: 14756, September 7, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:157, September 6, 2005

Gentoo Linux Security Advisory, GLSA 200511-15, November 18, 2005

Squid

Squid 2.x

A remote Denial of Service vulnerability has been reported when handling certain FTP server responses.

Patches available at:
http://www.squid-
cache.org/Versions/
v2/2.5/bugs/
squid-2.5.STABLE11-
rfc1738_do_
escape.patch

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.44

SUSE:
ftp://ftp.suse.com
/pub/suse/

IPCop:
http://prdownloads.
sourceforge.net/
ipcop/ipcop-
sources-1.4.10.tgz
?download

There is no exploit code required.

Squid FTP Server Response Handling Remote Denial of Service

CVE-2005-3258

Low

Secunia Advisory: SA17271, October 20, 2005

Fedora Update Notifications,
FEDORA-2005-1009 & 1010, October 20, 2005

Mandriva Linux Security Advisory, MDKSA-2005:195, October 26, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Security Focus, Bugtraq ID: 15157, November 10, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Sylpheed

Sylpheed 2.0-2.0.3, 1.0.0-1.0.5

A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_
get_line()' function when importing a LDIF file into the address book, which could let a remote malicious user obtain unauthorized access.

Upgrades available at:
http://sylpheed.good-
day.net/sylpheed/
v1.0/sylpheed-
1.0.6.tar.gz

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-13.xml

Debian:
http://security.debian.
org/pool/updates/
main/s/sylpheed/

Currently we are not aware of any exploits for this vulnerability.

Sylpheed LDIF Import Buffer Overflow

CVE-2005-3354

Medium

Bugtraq ID: 15363, November 9, 2005

Fedora Update Notification,
FEDORA-2005-1063, November 9, 2005

Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005

Debian Security Advisory, DSA 906-1, November 22, 2005

Todd Miller

Sudo 1.x

A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.
org/pool/updates/
main/s/sudo/

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/s/sudo/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

An exploit script has been published.

Todd Miller Sudo Local Elevated Privileges

CVE-2005-2959

Medium

Debian Security Advisory, DSA 870-1, October 25, 2005

Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005

Ubuntu Security Notice, USN-213-1, October 28, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Security Focus, Bugtraq ID: 15191, November 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

WHM Autopilot

WHM Autopilot 2.5.20, 2.5 .0, 2.4.7, 2.4.6 .5, 2.4.6, 2.4.5

A vulnerability has been reported due to a failure to ensure that cancellation requests from users are performed only by authorized users, which could let a remote malicious user issue cancel requests and potentially cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

WHM AutoPilot Account Cancellation Access Validation

CVE-2005-3687

Low
Security Focus, Bugtraq ID: 15483, November 17, 2005

Zope

Zope 2.6-2.8.1

A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'Restructured Text' functionality via the web. The impact was not specified.

Hotfix available at:
http://www.zope.
org/Products/
Zope/Hotfix
2005-
10-09/security_
alert/Hot fix_2005-
10-09.tar.gz

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-20.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Currently we are not aware of any exploits for this vulnerability.

Zope 'Restructured
Text' Unspecified Security Vulnerability

CVE-2005-3323

Not Specified

Zope Security Alert, October 12, 2005

Gentoo Linux Security Advisory, GLSA 200510-20, October 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attack Scripts
Common Name /
CVE Reference
Risk
Source

Advanced Poll

Advanced Poll 2.0.3, 2.0.2

A Cross-Site Scripting vulnerability has been reported in 'popup.php' due to insufficient sanitization of the 'poll_ident' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Advanced Poll Cross-Site Scripting

CVE-2005-3742

Medium
Security Focus, Bugtraq ID: 15506, November 21, 2005

Almond
Soft.Com

Almond Classifieds

A vulnerability has been reported due to a failure to verify that the password supplied matches the given entry, which could let a remote malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

There is no exploit code required.

Almond Classifieds Remote Unauthorized Access

CVE-2005-3741

Medium
Security Focus, Bugtraq ID: 15505, November 21, 2005

Apache Software Foundation

Struts 1.2.7

A Cross-Site Scripting vulnerability has been reported in error response due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available at:
http://struts.apache.
org/download.cgi

There is no exploit code required; however, a Proof of Concept exploit has been published.

Apache Struts Cross-Site Scripting

CVE-2005-3745

Medium
Security Focus, Bugtraq ID: 15512, November 21, 2005

APBoard

APBoard

An SQL injection vulnerability was reported in 'thread.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

APBoard SQL Injection

CVE-2005-3746

Medium
Security Focus, Bugtraq ID: 15513, November 21, 2005

Arki-DB

Arki-DB 2.0, 1.0

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Arki-DB SQL Injection

CVE-2005-3696

Medium
Security Focus, Bugtraq ID: 15467, November 16, 2005

Check Point Software

VPN-1/Firewall-1 NG with AI R55W, VPN-1/Firewall-1 NG with AI R55P, VPN-1/Firewall-1 NG with AI R55, VPN-1/Firewall-1 NG with AI R54, VPN-1 Pro NGX R60, FireWall-1 GX 3.0, Express CI R57

A remote Denial of Service vulnerability has been reported due to unspecified vulnerabilities in the IPSec implementation.

Check Point has addressed these issues in the latest Hotfix Accumulators.

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Check Point Firewall-1 & VPN-1 ISAKMP IKE Remote Denial of Service

CVE-2005-3673

Low
Security Focus, Bugtraq ID: 15479, November 17, 2005

Cisco Systems

Cisco PIX/ASA 7.0.1.4, 7.0, PIX OS, PIX Firewall 535, 525 6.3, 525, 520, 515E, 515, 506, 501, 6.3.3 (133), 6.3.2, 6.3.1, 6.3 (5), 6.3 (3.109), 6.3 (3.102), 6.3 (3), 6.3 (1), 6.3, 6.2.3 (110), 6.2.3, 6.2.2 .111, 6.2.2, 6.2., 6.2 (3.100), 6.2 (3), 6.2 (2), 6.2 (1), 6.2, 6.1.5 (104), 6.1.5, 6.1.4, 6.1.3, 6.1 (1-5), 6.1, 6.0.4, 6.0.3, 6.0 (4.101), 6.0 (4), 6.0 (2), 6.0 (1), 6.0, 5.3 (3), 5.3 (2), 5.3 (1.200), 5.3 (1), 5.3, 5.2 (9), 5.2 (7), 5.2 (6), 5.2 (5), 5.2 (3.210), 5.2 (2), 5.2 (1), 5.2, 5.1.4, 5.1 (4.206), 5.1, 5.0, 4.4 (8), 4.4 (7.202), 4.4 (4), 4.4, 4.3, 4.2.2, 4.2.1, 4.2 (5), 4.2, 4.1.6 b, 4.1.6, 4.0, 3.1, 3.0, 2.7

A remote Denial of Service vulnerability has been reported when handling TCP SYN packets with invalid checksums.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit has been published.

Cisco PIX Invalid TCP Checksum Remote Denial of Service

CVE-2005-3774

Low
Arhont Ltd.- Information Security Advisory, November 22, 2005

Digital Dominion

PHP-Fusion 6.00.206 & prior

 

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'options.php' due to insufficient sanitization of the 'forum_id' and 'thread_id' parameters and in 'viewforum.php' and 'index.php' due to insufficient sanitization of the 'lastvisite' parameter, which could let a remote malicious user execute arbitrary SQL code; and a path disclosure vulnerability was reported in 'subheader.php.'

Patches available at:
http://www.php-fusion.
co.uk/downloads.php
?cat_id=3&down
load_id=174

There is no exploit code required; however, Proof of Concept exploits have been published.

PHP-Fusion SQL Injection & Path Disclosure

CVE-2005-3739
CVE-2005-3740

Medium
Secunia Advisory: SA17664 , November 21, 2005

Exponent

Exponent Content Management System 0.96.4, 0.96.1, 0.95, 0.94

Several vulnerabilities have been reported because file permissions on user files are incorrectly set, which could let a remote malicious obtain sensitive information or execute arbitrary script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Exponent Content Management System Multiple Improper File Permission

CVE-2005-3761
CVE-2005-3762
CVE-2005-3763
CVE-2005-3764
CVE-2005-3765
CVE-2005-3766
CVE-2005-3767

Medium
Security Focus, Bugtraq ID: 15503, November 19, 2005

Google

Google Search Appliance, Mini Search Appliance

Several vulnerabilities have been reported: a vulnerability was reported in the 'proxystyle
sheet' parameter due to insufficient sanitization before returned to the user in an error message, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'XSLT style sheets due to insufficient sanitization of the 'proxystylesheet' parameter, which could let a remote malicious user execute arbitrary Java class methods; and a vulnerability was reported because it is possible to enumerate open ports on other systems by providing the full URL containing hostname and port number.

A patch is reportedly available from the vendor.

There is no exploit code required; however, Proof of Concept exploits and an exploit script have been published.

Google Mini Search Appliance Multiple Vulnerabilities

CVE-2005-3754
CVE-2005-3755
CVE-2005-3756
CVE-2005-3757
CVE-2005-3758

Medium
Secunia Advisory: SA17644, November 21, 2005

Hewlett Packard Company

Jetdirect 635n IPv6/IPsec Print Server (J7961A)

A remote Denial of Service vulnerability has been reported due to a security flaw in HP's IPSec implementation.

Update available at:
http://www.hp.com/
go/dlm_sw

Vulnerability can be reproduced using the PROTOS ISAKMP Test Suite.

HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Remote Denial of Service

CVE-2005-3670

Low
HP Security Bulletin, HPSBPI02078, November 16, 2005

Hitachi

WirelessIP5000 2.0.1, 2.0, 1.5.10, 1.5.8, 1.5.6, 1.5.5, 1.5.4, 1.5.2, 1.5

Multiple vulnerabilities have been reported: a vulnerability was reported because the SNMP service allows read-write access using any credentials, which could let a remote/local malicious user retrieve and modify the device configuration; a vulnerability was reported due to an undocumented open port 3390/tcp that allows access to the Unidata Shell upon connection, which could let a remote/local malicious user obtain sensitive information and cause a Denial of Service; a vulnerability was reported due to a hardcoded administrative password, which could let a remote/local malicious user obtain unauthorized access; and a vulnerability was reported because the default index page of the phone's HTTP server (8080/tcp) discloses sensitive information.

Users are advised to contact the vendor for details on obtaining the appropriate updates.

There is no exploit code required.

Hitachi WirelessIP5000 IP Phone Multiple Vulnerabilities

CVE-2005-3719
CVE-2005-3720
CVE-2005-3721
CVE-2005-3722
CVE-2005-3723

Medium
Secunia Advisory: SA17628, November 17, 2005

Idetix Software Systems

Revize CMS

Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'query_results.jsp' due to insufficient sanitization of the 'query' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'conf/revize.xml' because configuration data is stored inside the web root; a vulnerability was reported because a remote malicious user can obtain sensitive information by accessing 'debug/,' and a Cross-Site Scripting vulnerability was reported in 'HTTPTranslator
Servlet' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Revize CMS Cross-Site Scripting, SQL Injection, & Information Disclosure

CVE-2005-3727
CVE-2005-3728
CVE-2005-3729
CVE-2005-3730

Medium
Security Tracker Alert ID: 1015231, November 16, 2005

Ilia Alshanetsky

FUDForum 2.6.15

A vulnerability has been reported in the 'mid' parameter due to insufficient validation before retrieving a forum post, which could let a remote malicious user bypass certain security restrictions and obtain sensitive information.

PHPGroupWare:
http://prdownloads.
sourceforge.
net/phpgroupware/
phpgroupware-
0.9.16.00 7.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-20.xml

Debian:
http://security.debian.
org/pool/updates/
main/p/
phpgroupware/

Debian:
http://security.debian.
org/pool/updates/
main/e/egroupware/

There is no exploit code required.

FUDForum Security Restriction Bypass

CVE-2005-2600

Medium

Secunia Advisory: SA16414, August 12, 2005

Security Focus, Bugtraq ID: 14556, August 25, 2005

Gentoo Linux Security Advisory, GLSA 200508-20, August 30, 2005

Debian Security Advisory , DSA 798-1, September 2, 2005

Debian Security Advisory, DSA 899-1, November 17, 2005

Interspire

ArticleLive NX 0.3, ArticleLive NX

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'Query' parameter, which could let a remote malicious user execute arbitrary SQL code.

Update to Interspire ArticleLive NX.0.4.

There is no exploit code required.

Interspire ArticleLive NX SQL Injection

CVE-2005-3726

Medium
Secunia Advisory: SA17585, November 17, 2005

Joomla

Joomla 1.0-1.0.3

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of certain unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the 'mod_poll' module due to insufficient sanitization of the 'Itemid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and an SQL injection vulnerability was reported due to insufficient sanitization of several methods in the in 'mosDBTable' class before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:
http://developer.joomla.
org/sf/go/projects.joomla/
frs.joomla_1_0


There is no exploit code required.

Joomla Multiple Input Validation

CVE-2005-3771
CVE-2005-3772
CVE-2005-3773

Medium
Secunia Advisory: SA17675, November 22, 2005

Macromedia

Flash 7.0.19 .0, 7.0 r19, 6.0.79 .0, 6.0.65 .0, 6.0.47 .0, 6.0.40 .0, 6.0.29 .0, 6.0

A vulnerability has been reported due to insufficient validation of the frame type identifier that is read from a SWF file, which could let a remote malicious user execute arbitrary code.

Update information available at:
http://www.macromedia.
com/devnet/security/
security_zone/
mpsb05-07.html

Microsoft:
http://www.microsoft.
com/technet/security/
advisory/910550.mspx

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

An exploit has been published.

Macromedia Flash Array Index Remote Arbitrary Code Execution

CVE-2005-2628

High

Macromedia Security Advisory, MPSB05-07, November 5, 2005

Microsoft Security Advisory (910550), November 10, 2005

US-CERT VU#146284

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Macromedia

Flash 7.0.19 .0 & prior

An input validation vulnerability has been reported in 'ActionDefineFunction' due to an error for a critical array index value, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update information available at:
http://www.macromedia.
com/devnet/security/
security zone/
mpsb05-07.html

Microsoft:
http://www.microsoft.
com/technet/security/
advisory/910550.mspx

Proof of Concept exploit scripts have been published.

Macromedia Flash Input Validation

CVE-2005-3591

High

Macromedia Security Bulletin, MPSB05-07, November 7, 2005

Microsoft Security Advisory (910550), November 10, 2005

Security Focus, Bugtraq ID: 15334, November 21, 2005

Mambo

Mambo Site Server 4.0.14, 4.0.12 RC1-RC3, BETA & BETA 2, 4.0.10-4.0.12, 4.0

A remote file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary remote PHP code.

No workaround or patch available at time of publishing.

An exploit script has been published.

Mambo Open Source Remote File Include

CVE-2005-3738

High

Security Focus, Bugtraq ID: 15461, November 16, 2005

Security Focus, Bugtraq ID: 15461, November 21, 2005

Mantis

Mantis 1.0.0RC2, 0.19.2

Several vulnerabilities have been reported: a vulnerability was reported in 'bug_
sponsorship_list_view_inc.php' due to insufficient verification before used to include files, which could let a remote malicious user execute arbitrary files; an SQL injection vulnerability was reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; several Cross-Site Scripting vulnerabilities were reported in JavaScript and 'mantis/view
_all_set.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; an unspecified vulnerability was reported when using reminders, which could lead to the disclosure of sensitive information; and a vulnerability was reported because the User ID is cached longer than necessary.

Upgrades available at:
http://prdownloads.sourceforge.
net/mantisbt/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200510-24.xml

Debian:
http://security.debian.
org/pool/updates/
main/m/mantis/

There is no exploit code required; however, Proof of Concept exploits have been published.

High

Secunia Advisory: SA16818, October 26, 2005

Gentoo Linux Security Advisory, GLSA 200510-24, October 28, 2005

Debian Security Advisory, DSA 905-1, November 22, 2005

MediaWiki

MediaWiki 1.5 alpha1&2, bet1-beta3, 1.4-1.4.10, 1.3.13, 1.3-1.3.11

A Cross-Site Scripting vulnerability has been reported in inline style attributes due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
wikipedia/media
wiki-1.4.11.tar.gz

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

MediaWiki HTML Inline Style Attributes Cross-Site Scripting

CAN-2005-3167

 

Medium

Security Focus, Bugtraq ID: 15024, October 6, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64;
Inkscape 0.42, 0.41

A buffer overflow vulnerability has been reported in the SVG importer due to a boundary error, which could let a remote malicious user execute arbitrary code.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/i/inkscape/

A Proof of Concept Denial of Service exploit has been published.

Inkscape SVG Image Buffer Overflow

CVE-2005-3737

High
Ubuntu Security Notice, USN-217-1, November 21, 2005

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available at:
http://lynx.isc.org/
current/lynx2.8.6
dev.15.tar.gz

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-839.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-09.xml

Trustix:
http://http.trustix.org/
pub/trustix/

There is no exploit code required.

Lynx URI Handlers Arbitrary Command Execution

CVE-2005-2929

High

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

Multiple Vendors

IETF RFC 793: TCP

A remote Denial of Service vulnerability has been reported in the TCP congestion control mechanism when the remote peer forges acknowledgment packets prior to actually receiving packets from the sending host.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor TCP Acknowledgements Remote Denial of Service

CVE-2005-3675

Low
US-CERT VU#102014

Multiple Vendors

phpSysInfo 2.0-2.3

Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user conduct Cross-Site Scripting attacks, phishing style attacks, and retrieve privileged or sensitive information.

Upgrades available at:
http://prdownloads.
sourceforge.net/
phpsysinfo/php
SysInfo-2.4.tar.gz
?download

Debian:
http://security.debian.
org/pool/updates/main/
p/phpsysinfo/

Debian:
http://security.debian.
org/pool/updates/
main/p/phpgroupware/

http://security.debian.
org/pool/updates/
main/e/egroupware/

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

There is no exploit code required; however, Proof of Concept exploits have been published.

phpSysInfo Multiple Vulnerabilities

CVE-2005-3347
CVE-2005-3348
CVE-2003-0536

Medium

Hardened PHP Project Security Advisory, November 13, 2005

Debian Security Advisory, DSA 897-1, November 15, 2005

Debian Securities, Advisory DSA 898-1 & 899-1, November 17, 2005

Mandriva Linux Security Advisory, MDKSA-2005:212, November 16, 2005

Multiple Vendors

RedHat Fedora Core4, Core3; PHP 5.0.4, 4.3.9

A remote Denial of Service vulnerability has been reported when parsing EXIF image data contained in corrupt JPEG files.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-831.html

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

Currently we are not aware of any exploits for this vulnerability.

PHP Group Exif Module Remote Denial of Service

CVE-2005-3353

Low

Fedora Update Notifications,
FEDORA-2005-1061 & 1062, November 8, 2005

RedHat Security Advisory, RHSA-2005:831-15, November 10, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

Novell

NetMail 3.52 D

A buffer overflow vulnerability has been reported in the IMAP server when parsing certain long verb arguments, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://support.novell.
com/servlet/filedown
load/sec/ftf/

Currently we are not aware of any exploits for this vulnerability.

Novell NetMail IMAP Buffer Overflow

CVE-2005-3314

High
ZDI-05-003 Advisory, November 18, 2005

Opera Software

Opera Web Browser 8.50, 8.0-8.0 2

A vulnerability has been reported due to a failure to show the correct URL in the status bar if an image control with a 'title' attribute has been enclosed in a hyperlink and uses a form to specify the destination URL, which could let a remote malicious user trick users into visiting a malicious website.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Opera Image Control Status Bar Spoofing

CVE-2005-3699

Medium
Secunia Advisory: SA17571, November 16, 2005

PHP Download Manager

PHP Download Manager1.1-1.1.3

An SQL injection vulnerability has been reported in 'files.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.; however a Proof of Concept exploit has been published.

PHP Download Manager SQL Injection

CVE-2005-3769

Medium
Security Focus, Bugtraq ID: 15517, November 21, 2005

PHP Easy Download

PHP Easy Download

A vulnerability has been reported in 'edit.php' which could let a remote malicious user obtain authentication to obtain administrative access.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHP Easy Download Authentication Bypass

CVE-2005-3698

High
Security Focus, Bugtraq ID: 15470, November 16, 2005

PHP Group

PHP 5.0.5, 4.4.0

A vulnerability has been reported in the 'open_basedir' directive due to the way PHP handles it, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/php4/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Upgrades available at:
http://www.php.net/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-08.xml

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

Trustix:
http://http.trustix.org/
pub/trustix/updates/

There is no exploit code required.

PHP 'Open_BaseDir' Information Disclosure

CVE-2005-3054

Medium

Security Focus, Bugtraq ID: 14957, September 27, 2005

Ubuntu Security Notice, USN-207-1, October 17, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

Security Focus, Bugtraq ID: 14957, October 31, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

PHP

PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_
globals' directive; a Cross-Site Scripting vulnerability was reported in the 'phpinfo()' PHP function due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an integer overflow vulnerability was reported in 'pcrelib' due to an error, which could let a remote malicious user corrupt memory.

Upgrades available at:
http://www.php.net/
get/php-4.4.1.tar.gz

SUSE:
ftp://ftp.suse.com
/pub/suse/

TurboLinux:
ftp://ftp.turbolinux.co.
jp/pub/TurboLinux/
TurboLinux/ia32/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-838.html

http://rhn.redhat.
com/errata/RHSA-
2005-831.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-08.xml

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/

There is no exploit code required.

Medium

Secunia Advisory: SA17371, October 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Turbolinux Security Advisory TLSA-2005-97, November 5, 2005

Fedora Update Notifications,
FEDORA-2005-1061 & 1062, November 8, 2005

RedHat Security Advisories, RHSA-2005:838-3 & RHSA-2005:831-15, November 10, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

 

phpComasy

phpComasy 0.7.5, 0.7.4

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHPComasy SQL Injection

CVE-2005-3744

Medium
Security Focus, Bugtraq ID: 15511, November 21, 2005

phpldap
admin

phpldapadmin 0.9.6 - 0.9.7/alpha5

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; a Directory Traversal vulnerability was reported which could let a remote malicious user obtain sensitive information; and a file include vulnerability was reported, which could let a remote malicious user execute arbitrary PHP script code.

Debian:
http://security.debian.
org/pool/updates/
main/p/phpldapadmin/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-04.xml

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

An exploit script has been published.

phpLDAPadmin Multiple Vulnerabilities

CAN-2005-2792
CAN-2005-2793

Medium

Security Focus, Bugtraq ID: 14695, August 30, 2005

Security Focus, Bugtraq ID: 14695, September 7, 2005

Mandriva Linux Security Advisory, MDKSA-2005:212, November 16, 2005

phpMyFAQ Team

phpmyFAQ 1.5.3 & prior

Cross-Site Scripting vulnerabilities have been reported in the 'add content' page due to insufficient sanitization of the 'thema,' 'username,' and 'usermail' parameters, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://www.phpmyfaq.
de/download.php?do
=download&number
=1.5.4&version=f ull
&ext=.tar.gz

There is no exploit code required.

PHPMyFAQ Multiple Cross-Site Scripting

CVE-2005-3734

Medium
TKADV2005-11-004 Advisory, November 19, 2005

PHPPost

PHPPost 1.0

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPPost Multiple Cross-Site Scripting

CVE-2005-3770

Medium
Security Focus, Bugtraq ID: 15524, November 22, 2005

phpSysInfo

phpSysInfo 2.3

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. It is also possible to obtain the full path to certain scripts.

Debian:
http://security.debian.
org/pool/updates/main/
p/phpsysinfo/

Debian:
http://security.debian.
org/pool/updates/
main/p/phpsysinfo/

Debian:
http://security.debian.
org/pool/updates/
main/p/phpgroupware/

Mandriva:
http://wwwnew.mandriva.
com/security/advisories
?dis=10.2

There is no exploit code required; however, Proofs of Concept exploits have been published.

PHPSysInfo Multiple Cross-Site Scripting

CVE-2005-0870

High

Secunia Advisory,
SA14690, March 24, 2005

Debian Security Advisory, DSA 724-1, May 18, 2005

Debian Security Advisory, DSA 897-1, November 15, 2005

Mandriva Linux Security Advisory, MDKSA-2005:212, November 16, 2005

Debian Security Advisory, DSA 898-1, November 17, 2005

 

PMachine

PMachine Pro 2.4

A vulnerability has been reported in 'mail_autocheck.
php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Pmachine Pro Email Remote File Include

CVE-2005-0513

High
Security Focus, Bugtraq ID: 15473, November 16, 2005

Saturn Innovation

Saturn Innovation Mailing system

An SQL injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Saturn Innovation Mailing System SQL Injection
Medium
Security Focus, Bugtraq ID: 15518, November 21, 2005

Senao

SI-680H VOIP WIFI Phone 0.3 .0839

A vulnerability has been reported because connections from VxWorks debugger on port 17185/udp are allowed, which could let a remote malicious user obtain sensitive information or cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access

CVE-2005-3715

Medium
Secunia Advisory: SA17606, November 17, 2005

SimplePoll

SimplePoll

An SQL injection vulnerability has been reported in 'results.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SimplePoll SQL Injection

CVE-2005-3743

Medium
Security Focus, Bugtraq ID: 15508, November 21, 2005

Symantec

Gateway Security 5400 2.0.1, 5310 1.0, 5300 1.0, 5200 1.0, 5100, 5000, 400 2.0, 300 2.0, Firewall/VPN Appliance 200R, 200, 100, Enterprise Firewall 8.0 Solaris, 8.0 NT/2000

A remote Denial of Service vulnerability has been reported due to a failure of the product's IPSec implementation to properly handle malformed IKE packets.

Patch information available at:
http://securityresponse.
symantec.com/avcenter/
security/Content/
2005.11.21.html

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Symantec Dynamic VPN Services Remote Denial of Service

CVE-2005-3768

Low
Symantec Security Advisory, SYM05-025,
November 21, 2005

Tru-Zone

NukeET 3.0-3.2

An SQL injection vulnerability has been reported in the 'search' module due to insufficient sanitization of the 'query' variable before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Fix available at:
http://www.truzone.
org/modules.php?
name=
DescNuke&
d_op=getit&lid=1557

There is no exploit code required; however, a Proof of Concept exploit has been published.

Tru-Zone Nuke ET SQL Injection

CVE-2005-3748

Medium
Security Focus, Bugtraq ID: 15519, November 21, 2005

Unclassified NewsBoard

Unclassified NewsBoard 1.5.3 a, 1.5.3

An SQL injection vulnerability has been reported in 'forum.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit script has been published.

Unclassified NewsBoard SQL Injection

CVE-2005-3686

Medium
Security Focus, Bugtraq ID: 15466, November 16, 2005

Uresk Links

Uresk Links 2.0 Lite

A vulnerability has been reported in 'index.php' which could let a remote malicious user bypass authentication to obtain administrative access.

No workaround or patch available at time of publishing.

There is no exploit code required.

Uresk Links Admin Authentication Bypass

CVE-2005-3697

High
Security Focus, Bugtraq ID: 15469, November 16, 2005

UTStarcom

F1000 VOIP WIFI Phone s2.0

Multiple vulnerabilities have been reported: a vulnerability was reported because the SNMP service that runs on the IP phone allows read access using default public credential, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in the rlogin service due to insufficient access controls, which could let a remote malicious user obtain unauthorized access.

Users of affected packages should contact the vendor for further information on obtaining fixes.

There is no exploit code required.

UTStarcom F1000 Wi-Fi Handset Multiple Vulnerabilities

CVE-2005-3716
CVE-2005-3717
CVE-2005-3718

Medium
Secunia Advisory: SA17629, November 17, 2005

XMail

XMail 1.21

A buffer overflow vulnerability has been reported in the 'AddressFromAtPtr()' function due to a boundary error when copying the hostname portion of an e-mail address to a 256-byte buffer, which could let a malicious user execute arbitrary code.

Upgrade available at:
http://www.xmailserver.
org/

Debian:
http://security.debian.
org/pool/updates/
main/x/xmail/

An exploit script has been published.

XMail Command Line Buffer Overflow

CVE-2005-2943

High

Security Tracker Alert ID: 1015055, October 13, 2005

Security Focus, Bugtraq ID: 15103, October 22, 2005

Debian Security Advisory, DSA 902-1, November 21, 2005

XMB Forum

XMB Forum, 1.9.3, 1.9.2

Several vulnerabilities have been reported: a vulnerability was reported in 'member.php' due to insufficient sanitization of 'Your Current Mood' field when registering for an account, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because a remote malicious user can submit a specially crafted URL to cause the system to display an error message that
discloses sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

XMB Forum HTML Injection & Path Disclosure

CVE-2005-3688
CVE-2005-3689

Medium
KAPDA::#13 Advisory, November 17, 2005

yaSSL

yaSSL 1.0-1.0.5, 0.x

A vulnerability has been reported due to an unspecified error when processing the certification chain, which could allow improper certificates to be used when authenticating connections.

Upgrades available at: http://yassl.com/yassl-1.0.6.zip

Currently we are not aware of any exploits for this vulnerability.

yaSSL Certification Chain Processing

CVE-2005-2731

Medium
Security Focus, Bugtraq ID: 15487, November 17, 2005

ZyXEL

Prestige 2000W v.1VoIP Wi-Fi Phone

An information disclosure vulnerability was reported, which could let a remote malicious user obtain sensitive information to perform a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure

CVE-2005-3725

Low
Security Focus, Bugtraq ID: 15478, November 16, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • Mobile phones growing faster than ever: According to a principal analyst for mobile terminals research at Gartner, the international mobile phone market is experiencing its largest ever growth period. The third quarter of 2005 saw 205.4 million mobiles sold around the world, a 22 per cent increase on the same period of last year. Source: http://www.pcw.co.uk/computing/news/2146448/mobile-sales-biggest-ever.
  • Panelists Weigh Potential RFID Security Threats: TechBix Connection panelists that participated in a discussion on Radio Frequency identification technology (RFID) agree there are security risks for companies that don't secure their RFID network by using equipment with built in protocols such as secure shell and secure socket layer. Source: http://www.informationweek.com/story/
    showArticle.jhtml?articleID=174400968&tid=6004
    .

Wireless Vulnerabilities

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
November 22, 2005 IEWindow0day.txt
Yes
Exploit for the Microsoft Internet Explorer Unauthorized Access vulnerability.
November 21, 2005 FileZillaDoS.cpp
No
Exploit for the FileZilla Server Terminal Privilege Elevation or Arbitrary Code Execution vulnerability.
November 21, 2005 freeftpd_user.pm
No
Proof of Concept exploit for the FreeFTPD User Command Buffer Overflow vulnerability.
November 21, 2005 mailenable_imap_w3c.pm
mailenable154.pm.txt
Yes
Exploits for the MailEnable Arbitrary Code Execution vulnerability.
November 21, 2005 df.swf
flash_dos_poc.c
Flashosx.c
Yes
Proof of Concept exploit scripts for the Macromedia Flash Input Validation vulnerability.
November 21, 2005 Inkscape.svg
Yes
Proof of Concept Denial of Service exploit for the Inkscape SVG Image Buffer Overflow vulnerability.
November 21, 2005 google_proxystylesheet_exec.pm
Yes
Exploit for the Google Mini Search Appliance Multiple Vulnerabilities.
November 20, 2005 TKADV2005-11-004.txt
Yes
Exploit details for the PHPMyFAQ Multiple Cross-Site Scripting vulnerabilities.
November 20, 2005 nestea.tgz
N/A
A CGI scanner that also looks for forbidden files and directories and has a database of 2097 vulnerabilities.
November 20, 2005 phpwcms.txt
No
Exploit details for the phpwcms File Include, Information Disclosure & Cross-Site Scripting vulnerabilities.
November 20, 2005 SA027.txt
No
Exploit details for the PHPNuke SQL Injection vulnerability.
November 20, 2005 revizeSQL.txt
No
Exploit details for the Revize CMS Cross-Site Scripting, SQL Injection, & Information Disclosure vulnerabilities.
November 20, 2005 FTGate-expl.pl.txt
No
Proof of Concept exploit for the FTGate Denial of Service or Arbitrary Code Execution vulnerability.
November 20, 2005 ekin103_xpl.html
No
Exploit for the ekinboard Cross-Site Scripting & Script Injection vulnerabilities.
November 20, 2005 XH-FreeFTPD_remote_bof.c
No
Exploit for the freeFTPd Buffer Overflow vulnerability.
November 20, 2005 google.pm.txt
Yes
Exploit for the Google Mini Search Appliance Multiple Vulnerabilities.
November 20, 2005 11.17.05.txt
No
Exploit details for the Qualcomm WorldMail IMAP Server Information Disclosure vulnerability.
November 20, 2005 eQuickSQLXSS.txt
No
Exploit details for the e-Quick Cart Multiple Vulnerabilities.
November 20, 2005 db-sec-tokens.pdf
N/A
"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privilege.
November 20, 2005 mamboRumor.txt
No
Exploit for the Mambo Open Source Remote File Include vulnerability.
November 18, 2005 XH-freeFTPD_remote_bof.c
No
Exploit for the FreeFTPD Multiple Buffer Overflow Vulnerabilities.
November 16, 2005 UNB153pl3_xpl.php
No
Exploit for the Unclassified NewsBoard SQL Injection Vulnerability.

[back to top]

Trends
  • US-CERT VU#226364: Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.
  • W32/Sober Revisited: US-CERT is aware of several new variants of the W32/Sober virus that propagate via email. As with many viruses, these variants rely on social engineering to propagate. Specifically, the user must click on a link or open an attached file. Source: http://www.us-cert.gov/current/.
  • Exploit for Vulnerability in Microsoft Internet Explorer window() object: US-CERT is aware of a vulnerability in the way Microsoft Internet Explorer handles requests to the window() object. Source: http://www.us-cert.gov/current/.
  • The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus: The top 20 list is compiled by the SANS Institute in co-operation with security vendors has been released. It highlights the 20 most critical vulnerabilities currently facing organizations. In addition to identifying vulnerabilities in Windows and UNIX systems, this year's Top-20 list also includes cross-platform applications and networking products for the first time. Source: http://www.sans.org/top20/ .
  • Computer hackers target security products: According to research, computer hackers have stepped up efforts to exploit flaws in information security software. According to the SANS Institute Top 20 security vulnerability report, over the past 12 months cyber criminals have shifted their attention from targeting holes in Windows and Unix software to attacking data back-up, recovery and antivirus products. Source: http://www.vnunet.com/computing/news/2146422/computer-hackers-target.
  • Web giants crack down on spyware: Several Internet firms, including Yahoo, AOL, and Verizon have joined together to reduce the spread of adware and spyware that is distributed by 'piggybacking' on legitimate downloads. They have agreed to establish industry standards for monitoring and enforcing good behavior on websites which offer downloadable software. Source: http://www.itweek.co.uk/vnunet/news/2146346/web-giants-crack-spyware.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description

1

Netsky-P

Win32 Worm

Stable

March 2004

A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.

2

Mytob-BE

Win32 Worm

Stable

June 2005

A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data.

3

Netsky-D

Win32 Worm

Stable

March 2004

A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.

4

Mytob-GH

Win32 Worm

Stable

November 2005

A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.

5

Mytob-AS

Win32 Worm

Stable

June 2005

A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.

6

Netsky-Z

Win32 Worm

Stable

April 2004

A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.

7

Lovgate.w

Win32 Worm

Stable

April 2004

A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.

8

Zafi-D

Win32 Worm

Stable

December 2004

A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.

9

Zafi-B

Win32 Worm

Stable

June 2004

A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.

10

Mytob.C

Win32 Worm

Stable

March 2004

A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.

Table updated November 21, 2005

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top