U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-033)

Summary of Security Items from January 26 through February 1, 2006

Original release date: February 02, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Adobe

Acrobat, Creative Suite, Illustrator, InDesign, Pagemaker, Pagemaker Plus, Photoshop Premiere, and Version Cue various versions

Multiple vulnerabilities have been reported in multiple Adobe products that could let local malicious users obtain elevated privileges or execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Adobe Multiple Product Privilege Elevation or Arbitrary Code Execution

CVE-2006-0525

Not Available Security Focus, ID: 16451, January 31, 2006

America Online

AOL Client Software 8.0, 9.0, 9.0 Optimized, 9.0 Security

A vulnerability has been reported in AOL Client Software that could let local malicious users obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

AOL Client Software Privilege Elevation

CVE-2006-0526

Not Available Security Focus, ID: 16453, January 31, 2006
ASPThai 8.0 and prior

An input validation vulnerability has been reported in ASPThai that could let remote malicious users perform SQL injection.

ASPThai 8.5 or later

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASPThai SQL Injection

CVE-2006-0490

7 Security Tracker, Alert ID: 1015548, January 27, 2006

Blue Coat Systems

WinProxy 6.0

Multiple vulnerabilities have been reported in WinProxy that could let remote malicious users cause a Denial of Service,

Blue Coat Systems

Exploit scripts, CVE-2005-4085_exploit.pl and bluecoat_winproxy.pm, have been published.

Blue Coat WinProxy Multiple Vulnerabilities

CVE-2005-3187
CVE-2005-3654
CVE-2005-4085

2.3 (CVE-2005-3187)

7
(CVE-2005-3654)

7
(CVE-2005-4085)

Secunia, Advisory: SA18288, January 6, 2006

Security Focus, ID: 16147, February 1, 2006

MailEnable Professional prior to 1.72

A vulnerability has been reported in MailEnable Professional that could let remote malicious users cause a Denial of Service.

MailEnable Professional 1.72

Currently we are not aware of any exploits for this vulnerability.

MailEnable Professional Denial of Service

CVE-2006-0503

Not Available Secunia, Advisory: SA18668, February 1, 2006

Microsoft

Internet Explorer 5.0.1 through SP4, 5.5 through SP2, 6.0, 6.0 SP1

A vulnerability has been reported in Internet Explorer, ActiveX kill bit checking, that could let malicious users to execute arbitrary code.

Microsoft

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2006-0057

7

Security Focus, ID: 16409, January 28, 2006

Microsoft Security Bulletin MS05-054 v1.1, February 1, 2006

US-CERT VU#998297

Nullsoft

WinAmp 5.12

A buffer overflow vulnerability has been reported in WinAmp that could let malicious users execute arbitrary code.

WinAmp 5.13

Exploit scripts, winamp_playlist_unc.pm and winamp0day.c have been published.

Winamp Arbitrary Code Execution

CVE-2006-0476

5.6

Secunia, Advisory: SA18649, January 30, 2006

Technical Cyber Security Alert TA06-032A

US-CERT VU#604745

Pegasus Mail

Mercury Mail 4.01b

Multiple buffer overflow vulnerabilities have been reported in Mercury Mail that could let remote malicious users execute arbitrary code.

Pegasus Mail Mercury Mail Patch

An exploit script, mercurysexywarez.pl, has been published.

Mercury Mail Arbitrary Code Execution

CVE-2005-4411

7

Security Tracker, Alert ID: 1015374, December 16, 2005

Security Focus, ID; 16396, January 31, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

bzip2

bzip2 1.0.2 & prior

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.

Ubuntu

Mandriva

Debian

TurboLinux

OpenPKG

RedHat

FreeBSD

Conectiva

SGI

FedoraLegacy

Mandriva

There is no exploit code required.

BZip2 File Permission Modification

CVE-2005-0953

Security
Focus,
12954,
March 31, 2005

Ubuntu Security Notice,
USN-127-1,
May 17, 2005

Mandriva Linux Security
Update
Advisory,
MDKSA-2005:
091, May 19,
2005

Debian Security Advisory,
DSA 730-1,
May 27, 2005

Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005

OpenPKG
Security
Advisory, OpenPKG-SA-2005.008,
June 10, 2005

RedHat
Security Advisory,
RHSA-2005
:474-15,
June 16, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:14, June 29, 2005

Conectiva Linux Announcement, CLSA-2005:972,
July 6, 2005

SGI Security Advisory, 20050605-
01-U, July 12, 2005

Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005

Mandriva Security Advisory, MDKSA-2006:026, January 30, 2006

Edgewall Software

Trac 0.9.1, 0.9, 0.8.1- 0.8.4, 0.7.1

An SQL injection vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available

Debian

Debian

There is no exploit code required; however, a Proof of Concept exploit has been published.

Edgewall Software Trac Search Module SQL Injection

CVE-2005-4065

7

Security Focus, Bugtraq ID: 15720, December 5, 2005

Debian Security Advisory, DSA-951-1, January 23, 2006

Debian Security Advisory DSA 951-2, January 30, 2006

Edgewall Software

Trac 0.9.2

An HTML injection vulnerability has been reported in the WikiProcessor Wiki Content due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

Trac

Debian

Debian

There is no exploit code required.

Trac HTML Injection

CVE-2005-4644

2.3

Security Focus, Bugtraq ID: 16198, January 10, 2006

Debian Security Advisory, DSA-951-1, January 23, 2006

Debian Security Advisory DSA 951-2, January 30, 2006

Elido

Face Control 0

Multiple Directory Traversal vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Elido Face Control Multiple Directory Traversal

CVE-2006-0484

Security Focus, Bugtraq ID: 16401, January 27, 2006

ETERM

LibAST prior to 0.7

A buffer overflow vulnerability has been reported in 'conf.c' due to a boundary error in the 'conf_find_file()' function, which could let a malicious user execute arbitrary code.

Update available

Gentoo

An exploit script, eterm-exploit.c, has been published.

LibAST Buffer Overflow

CVE-2006-0224

Secunia Advisory: SA18586, January 25, 2006

Gentoo Linux Security Advisory, GLSA 200601-14, January 29, 2006

 

GIT

GIT 1.1.

A buffer overflow vulnerability has been reported in 'git-checkout-index' due to a boundary error when handling of an overly long symbolic link, which could let a remote malicious user execute arbitrary code.

Update available

Currently we are not aware of any exploits for this vulnerability.

GIT Remote Buffer Overflow

CVE-2006-0477

Secunia Advisory: SA18643, January 30, 2006

GNOME Development Team

Evolution 2.3.1-2.3.7

A buffer overflow vulnerability has been reported which could lead to a Denial of Service when processing messages that contain inline XML file attachments with excessively long strings.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

GNOME Evolution Remote Buffer Overflow

CVE-2006-0528

Not available
Security Focus, Bugtraq ID: 16408, January 30, 2006

GNU

Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.

Mandriva

SuSE

Ubuntu

Debian

There is no exploit code required.

GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service

CVE-2005-3573

Secunia Advisory: SA17511, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

Patch available

Mandriva

TurboLinux

RedHat

RedHat

SGI

Fedora

SGI

F5

Ubuntu

Trustix

Avaya

FedoraLegacy

SCO

SCO

Mandriva

Mandriva

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CVE-2005-0758

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603
-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Secunia Advisory: SA16159, July 21, 2005

Ubuntu Security Notice,
USN-158-1, August 01, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

Mandriva Security Advisories, MDKSA-2006:026 & MDKSA-2006:027, January 30, 2006

Hewlett Packard Company

HP-UX 11.23, 11.11, 11.0 4, 11.0, B.11.23, B.11.11, B.11.11, B.11.04, B.11.00; Avaya Predictive Dialing System (PDS) 12.0

A remote Denial of Service vulnerability has been reported in the HP-UX ftpd implementation.

HP-UX

Avaya

There is no exploit code required.

HP-UX FTPD Remote Denial of Service

CVE-2005-2993

HP Security Bulletin, HPSBUX02092, January 18, 2006

Avaya Security Advisory, ASA-2006-018, January 19, 2006

Image
Magick

ImageMagick 6.2.4 .5

A vulnerability has been reported in the delegate code that is used by various ImageMagick utilities when handling an image filename due to an error, which could let a remote malicious user execute arbitrary commands.

Ubuntu

Debian

Mandriva

There is no exploit code required.

ImageMagick Utilities Image Filename Remote Command Execution

CVE-2005-4601

Secunia Advisory: SA18261, December 30, 2005

Ubuntu Security Notice, USN-246-1, January 24, 2006

Debian Security Advisory,
DSA-957-1, January 26, 2006

Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

IpsecTools

Ubuntu

Gentoo

SUSE

Conectiva

Mandriva

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Security Focus, Bugtraq ID: 15523, November 22, 2005

Ubuntu Security Notice, USN-221-1, December 01, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006

Mandriva Security Advisory, MDKSA-2006:020, January 25, 2006

Joshua Chamas

Crypt::SSLeay 0.51

A vulnerability has been reported because a file is employed from a world writable location for its fallback entropy source, which could lead to weak cryptographic operations.

Ubuntu

Mandriva

There is no exploit code required.

Joshua Chamas Crypt::SSLeay Perl Module Insecure Entropy Source

CVE-2005-0106

Ubuntu Security Notice, USN-113-1, May 03, 2005

Mandriva Security Advisory, MDKSA-2006:023, January 26, 2006

LSH

LSH 2.0.1

A vulnerability has been reported in 'unix_random.c' because file descriptors that are related to the randomness generator are leaked, which could let a malicious user obtain sensitive information or cause a Denial of Service.

Patch available

Debian

Currently we are not aware of any exploits for this vulnerability.

LSH File Descriptor Leakage

CVE-2006-0353

Secunia Advisory: SA18564, January 23, 2006

Debian Security Advisory, DSA-956-1, January 26, 2006

Marc Lehmann

Convert-UUlib 1.50

A buffer overflow vulnerability has been reported in the Convert::UUlib module for Perl due to a boundary error, which could let a remote malicious user execute arbitrary code.

Update available

Gentoo

Debian

SuSE

Conectiva

Mandriva

Currently we are not aware of any exploits for this vulnerability.

Convert-UUlib Perl Module Buffer Overflow

CVE-2005-1349

Gentoo Linux Security Advisory, GLSA 200504-26, April 26, 2005

Secunia Advisory, SA15130, April 27, 2005

Debian Security Advisory, DSA 727-1, May 20, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Conectiva Linux Announcement, CLSA-2005:1031, October 13, 2005

Mandriva Security Advisory, MDKSA-2006:022, January 26, 2006

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available

Fedora

RedHat

KDE

SUSE

Ubuntu

Gentoo

RedHat

RedHat

RedHat

Mandriva

Debian

Debian

Debian

Fedora

SuSE

RedHat

SGI

Debian

TurboLinux

Debian

Debian

Currently we are not aware of any exploits for these vulnerabilities.

3.9
(CVE-2005-3191)

7
(CVE-2005-3192)

3.9
(CVE-2005-3193)

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

Debian Security Advisory, DSA-937-1, January 12, 2006

Debian Security Advisory, DSA 938-1, January 12, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Multiple Vendors

Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6

A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.

Perl

Ubuntu

Gentoo

Debian

TurboLinux

Mandrake

HP

Fedora

Avaya

RedHat

Conectiva

FedoraLegacy

Currently we are not aware of any exploits for this vulnerability.

Perl 'rmtree()' Function Elevated Privileges

CVE-2005-0448

Ubuntu Security Notice, USN-94-1 March 09, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005

Debian Security Advisory, DSA 696-1 , March 22, 2005

Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005

HP Security Bulletin, HPSBUX01208, June 16, 2005

Secunia, Advisory: SA16193, July 25, 2005

Avaya Security Advisory, ASA-2005-196, September 13, 2005

RedHat Security Advisory, RHSA-2005:674-10, October 5, 2005

Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006

Fedora Legacy Update Advisory, FLSA:152845, January 25, 2006

Multiple Vendors

libpng 1.0.16, 1.0.17, 1.2.6, 1.2.7.

A buffer overflow vulnerability has been reported in 'png_set_strip_alpha()' when handling a PNG image file that contains alpha channels, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.

Update available

Currently we are not aware of any exploits for this vulnerability.

libpng Buffer Overflow

CVE-2006-0481

Secunia Advisory: SA18654, February 1, 2006

Multiple Vendors

OpenSSH 3.x, 4.x; RedHat Fedora Core3 & Core4

A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges.

Fedora

Trustix

Patches available

There is no exploit code required.

OpenSSH SCP Shell Command Execution

CVE-2006-0225

Security Focus, Bugtraq ID: 16369, January 24, 2006

Fedora Security Advisory, FEDORA-2006-056, January 24, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

Security Focus, Bugtraq ID: 16369, January 31, 2006

Multiple Vendors

phpMyAdmin 2.7 .0-beta1, 2.6.4 -rc1, pl3, pl1, 2.6.3 -pl1, 2.6.2 -rc1, 2.6.2, 2.6.1 pl3, 2.6.1 pl1, 2.6.1 -rc1, 2.6.1, 2.6.0pl3, 2.6.0pl2, 2.6.0pl1, 2.5.7pl1, 2.5.7, 2.5.6 -rc1, 2.5.5 pl1, 2.5.5 -rc2, 2.5.5 -rc1, 2.5.5,
phpMyAdmin phpMyAdmin 2.5 .0-2.5.4, 2.4.0, 2.3.2, 2.3.1, 2.2-2.2.6, 2.1-2.1 .2, 2.0- 2.0.5

Cross-Site Scripting vulnerabilities have been reported in the 'HTTP_HOST' variable and certain scripts in the libraries directory due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available

Gentoo

SuSE

There is no exploit code required.

PHPMyAdmin Multiple Cross-Site Scripting

CVE-2005-3665

phpMyAdmin security announcement PMASA-2005-8, December 5, 2005

Gentoo Linux Security Advisory, GLSA 200512-03, December 12, 2005

SuSE Security Announcement, SUSE-SA:2006:004, January 26, 2006

Multiple Vendors

Gentoo Linux;
GNU GDB 6.3

Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.

Gentoo

Ubuntu

Ubuntu

Mandriva

Trustix

TurboLinux

RedHat

RedHat

RedHat

Avaya

Fedora

Mandriva

Conectiva

Currently we are not aware of any exploits for these vulnerabilities.

GDB Multiple Vulnerabilities

CVE-2005-1704
CVE-2005-1705

5.6
(CVE-2005-1704)

7
(CVE-2005-1705)

Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005

Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005

RedHat Security Advisory, RHSA-2005:659-9, September 28, 2005

RedHat Security Advisory, RHSA-2005:673-5 & RHSA-2005:709-6, October 5, 2005

Avaya Security Advisory, ASA-2005-222, October 18, 2005

Fedora Update Notifications,
FEDORA-2005-1032 & 1033, October 27, 2005

Mandriva Linux Security Advisory, MDKSA-2005:215, November 23, 2005

Conectiva Security Advisory, CLSA-2006:1060, January 23, 2006

Multiple Vendors

ImageMagick 5.3.3, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0-6.0.8, 6.1-6.1.7, 6.2

A format string vulnerability exists when handling malformed file names, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update available

Ubuntu

Gentoo

SUSE

RedHat

Fedora

Debian

Mandrake

FedoraLegacy

Mandriva

Currently we are not aware of any exploits for this vulnerability.

ImageMagick File Name Handling Remote Format String

CVE-2005-0397

Secunia Advisory,
SA14466,
March 4, 2005

Ubuntu Security
Notice,
USN-90-1, March 3, 2004

SUSE Security Announcement,
SUSE-SA:2005:017, March 23, 2005

RedHat Security Advisory,
RHSA-2005:320-10, March 23,
2005

Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005

Debian Security Advisory,
DSA 702-1 ,
April 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-
2005:065, April 3, 2005

Fedora Legacy Update Advisory, FLSA:152777, July 13, 2005

Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006

Multiple Vendors

KDE kword 1.4.2, kpdf 3.4.3, 3.2, KOffice 1.4-1.4.2, kdegraphics 3.4.3, 3.2;
Gentoo Linux

Multiple buffer and integer overflows have been reported, which could let a remote malicious user execute arbitrary code.

Gentoo

Ubuntu

Fedora

Mandriva

Ubuntu

Debian

Debian

SuSE

RedHat

RedHat

Fedora

Debian

Trustix

Mandriva

RedHat

SGI

Debian

TurboLinux

Gentoo

Debian

Debian

Currently we are not aware of any exploits for this vulnerability.

KPdf & KWord Multiple Unspecified Buffer & Integer Overflow

CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627

 

Not Available

Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006

Ubuntu Security Notice, USN-236-1, January 05, 2006

Fedora Update Notifications,
FEDORA-2005-000, January 5, 2006

Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006

Ubuntu Security Notice, USN-236-2, January 09, 2006

Debian Security Advisory DSA 931-1, January 9, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

SUSE Security Announcement, SUSE-SA:2006:001, January 11, 2006

RedHat Security Advisories, RHSA-2006:0163-2 & RHSA-2006:0177-5, January 11, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

Debian Security Advisories, DSA 937-1, 938-1, & 940-1, January 12 & 13, 2006

Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006

Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Gentoo Linux Security Advisory, GLSA 200601-17, January 30, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Multiple Vendors

Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32

 

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.

Ubuntu

Gentoo

Mandrake

RedHat

SGI

SUSE

Trustix

IBM

Fedora

Conectiva

FedoraLegacy

Proofs of Concept exploits have been published.

Perl SuidPerl Multiple Vulnerabilities

CVE-2005-0155
CVE-2005-0156

4.9 (CVE-2005-0155)

2.3 (CVE-2005-0156)

Ubuntu Security Notice, USN-72-1, February 2, 2005

MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005

RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005

IBM SECURITY ADVISORY, February 28, 2005

Fedora Update Notification,
FEDORA-2005-353, May 2, 2005

Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006

Fedora Legacy Update Advisory, FLSA:152845, January 25, 2006

Multiple Vendors

Linux kernel 2.6.15 & prior

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in 'netlink_rcv_skb()' due to insufficient validation of the 'nlmsg_len' value; a Denial of Service vulnerability was reported due to an error in the 'PPTP NAT' helper when handling inbound 'PPTP_IN_CALL_
REQUEST' packets; and a Denial of Service vulnerability was reported in the 'PPTP NAT' helper when calculating offsets based on the difference between two pointers to the header.

Update available

Trustix

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Multiple Denials of Service

CVE-2006-0035
CVE-2006-0036
CVE-2006-0037

3.5
(CVE-2006-0035)

3.3
(CVE-2006-0036)

2.3
(CVE-2006-0037)

Security Focus, Bugtraq ID: 16414, January 30, 2006

Trustix Security Advisory, TSLSA-2006-0004, January 27, 2006

Multiple Vendors

Mail-Audit 2.1, 2.0;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha, 3.0

A vulnerability has been reported due to the insecure creation of temporary files when logging is enabled, which could let a malicious user cause a Denial of Service or overwrite files.

Debian

There is no exploit code required.

Mail-Audit Insecure Temporary File Creation

CVE-2005-4536

Not Available
Debian Security Advisory,
DSA-960-1, January 31, 2006

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10

A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.

OpenSSL

FreeBSD

RedHat

Mandriva

Gentoo

Slackware

Fedora

Sun

Ubuntu

OpenPKG

SUSE

Trustix

SGI

Debian

NetBSD

BlueCoat Systems

Debian

Astaro Security Linux

SCO

IBM

IBM

IBM

FedoraLegacy

Cisco

Avaya

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors OpenSSL Insecure Protocol Negotiation

CVE-2005-2969

OpenSSL Security Advisory, October 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005

RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005

Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005

Slackware Security Advisory, SSA:2005-286-01, October 13, 2005

Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005

Ubuntu Security Notice, USN-204-1, October 14, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005

SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Debian Security Advisory DSA 875-1, October 27, 2005

NetBSD Security Update, November 1, 2005

BlueCoat Systems Advisory, November 3, 2005

Debian Security Advisory, DSA 888-1, November 7, 2005

Astaro Security Linux Announcement, November 9, 2005

SCO Security Advisory, SCOSA-2005.48, November 15, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Cisco Security Notice, Document ID: 68324, December 19, 2005

Avaya Security Advisory, ASA-2006-031, January 30, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, Corporate Server 3.0 x86_64, 3.0;
GNU Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in the email date parsing functionality due to an error in the handling of dates.

Mandriva

Ubuntu

Debian

There is no exploit code required.

GNU Mailman Remote Denial of Service

CVE-2005-4153

Security Focus, Bugtraq ID: 16248, January 16, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15

A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.

Updates available

Ubuntu

Trustix

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel DM-Crypt Local Information Disclosure

CVE-2006-0095

Security Focus, Bugtraq ID: 16301, January 18, 2006

Ubuntu Security Notice, USN-244-1 January 18, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

MyDNS

MyDNS 1.0.0

A remote Denial of Service vulnerability has been reported due to an error when handling certain malformed DNS queries.

Update available

Gentoo

Currently we are not aware of any exploits for this vulnerability.

MyDNS Remote Denial of Service

CVE-2006-0351

Security Tracker Alert ID: 1015521, January 20, 2006

Gentoo Linux Security Advisory, GLSA 200601-16, January 30, 2006

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available

Trustix

Fedora

RedHat

Mandriva

Ubuntu

RedHat

Conectiva

Avaya

Conectiva

Mandriva

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial of Service

CVE-2005-2177

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005

Ubuntu Security Notice, USN-190-1, September 29, 2005

RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005

Conectiva Linux Announcement, CLSA-2005:1032, October 13, 2005

Avaya Security Advisory, ASA-2005-225, October 18, 2005

Conectiva Linux Announcement, CLSA-2005:1050, November 21, 2005

Mandriva Security Advisory, MDKSA-2006:025, January 26, 2006

Net-snmp

Net-snmp 5.x

A vulnerability has been reported in 'fixproc' due to a failure to securely create temporary files in world writeable locations, which could let a malicious user obtain elevated privileges and possibly execute arbitrary code with ROOT privileges.

Gentoo

Fedora

RedHat

RedHat

Avaya

Mandriva

There is no exploit code required.

Net-SNMP
Fixprox Insecure Temporary File Creation

CVE-2005-1740

Gentoo Linux Security Advisory, GLSA 200505-18, May 23, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562,
July 13, 2005

RedHat Security Advisory, RHSA-2005:373-23, September 28, 2005

RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005

Avaya Security Advisory, ASA-2005-225, October 18, 2005

Mandriva Security Advisory, MDKSA-2006:025, January 26, 2006

phpMyAdmin

phpMyAdmin 2.7 .0-beta1, 2.7

A vulnerability has been reported in the register_globals emulation layer in 'grab_globals.php' because the 'import_blacklist' variable is not properly protected, which could let a remote malicious user execute arbitrary HTML and script code and include arbitrary files.

Upgrades available

Gentoo

SuSE

There is no exploit code required.

PHPMyAdmin 'Import_Blacklist' Variable Overwrite

CVE-2005-4079

Secunia Advisory: SA17925, December 7, 2005

Gentoo Linux Security Advisory, GLSA 200512-03, December 12, 2005

SuSE Security Announcement, SUSE-SA:2006:004, January 26, 2006

SCO

Unixware 7.1.4, 7.1.3

A buffer overflow vulnerability has been reported in 'UIDAdmin' when processing excessive data, which could let a malicious user obtain superuser privileges.

Updates available

Avaya

Currently we are not aware of any exploits for this vulnerability.

SCO UnixWare Buffer Overflow

CVE-2005-3903

SCO Security Advisory, SCOSA-2005.54, December 12, 2005

Avaya Security Advisory, ASA-2006-034, January 30, 2006

Stalker Software, Inc.

Communigate Pro 5.0.7

A remote Denial of Service vulnerability has been reported in the LDAP component. This could potentially lead to the execution of arbitrary code.

Update to version 5.0.7.

Currently we are not aware of any exploits for this vulnerability.

Communigate Pro Server LDAP Remote Denial of Service

CVE-2006-0468

Security Focus, Bugtraq ID: 16407, January 28, 2006

Sun Microsystems, Inc.

Solaris 10.0 _x86

A Denial of Service vulnerability has been reported due to an unspecified error in the x64 kernel processing code.

Workaround & update available

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris x64 Kernel Processing Denial of Service

CVE-2006-0516

Sun(sm) Alert Notification
Sun Alert ID: 102149, January 31, 2006

SuSE

Novell Linux Desktop 1.0, Linux Professional 10.0, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1

A buffer overflow vulnerability has been reported in the 'nfs-server,' which could let a remote malicious user execute arbitrary code.

SUSE

Currently we are not aware of any exploits for this vulnerability.

SUSE NFS-SERVER Remote Buffer Overflow

CVE-2006-0043

SuSE Security Announcement, SUSE-SA:2006:005, January 25, 2006

Sylpheed

Sylpheed 2.0-2.0.3, 1.0.0-1.0.5

A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_get_line()' function when importing a LDIF file into the address book, which could let a remote malicious user obtain unauthorized access.

Upgrades available

Fedora

Gentoo

Debian

Debian

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Sylpheed LDIF Import Buffer Overflow

CVE-2005-3354

Bugtraq ID: 15363, November 9, 2005

Fedora Update Notification,
FEDORA-2005-1063, November 9, 2005

Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005

Debian Security Advisory, DSA 906-1, November 22, 2005

Debian Security Advisory, DSA 908-1, November 23, 2005

SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005

Conectiva Linux Security Advisory, CLSA-2006:1061, January 23, 2006

unalz

unalz 0.52, 0.51, 0.31, 0.23, 0.22, 0.2-0.5

A buffer overflow vulnerability has been reported when handling the '.alz' archive due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrades available

Debian

An exploit script has been published.

Unalz Archive Filename Buffer Overflow

CVE-2005-3862

Security Focus, Bugtraq ID: 15577, November 28, 2005

Debian Security Advisory, DSA-959-1, January 30, 2006

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Description

Common Name

CVSS
Resources

AndoNET

AndoNet Blog 2004.9.2

An SQL injection vulnerability has been reported in 'comentarios.php' due to insufficient sanitization of the 'entrada' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AndoNET Blog SQL Injection

CVE-2006-0462

Bugtraq ID: 16393, January 26, 2006

Andreas Huggel

Exiv2 0.6.2, 0.6.1, 0.3-0.8

A remote Denial of Service vulnerability has been reported when the 'sscanf()' function is used on input file data that is not NULL terminated.

Update available

A Proof of Concept exploit image file, exiv2-bug447.jpg, has been published.

Exiv2 Corrupted EXIF Data Remote Denial of Service

CVE-2005-4676

Security Focus, Bugtraq ID: 16400, January 27, 2006

Apache Software Foundation

Apache prior to 1.3.35-dev, 2.0.56-dev

A Cross-Site Scripting vulnerability has been reported in the 'Referer' directive in 'mod_imap' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.

OpenPKG

Trustix

Mandriva

Ubuntu

RedHat

Fedora

TurboLinux

There is no exploit code required.

Apache mod_imap Cross-Site Scripting

CVE-2005-3352

Security Tracker Alert ID: 1015344, December 13, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.029, December 14, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005

Mandriva Linux Security Advisory, MDKSA-2006:007, January 6, 2006

Ubuntu Security Notice, USN-241-1, January 12, 2006

RedHat Security Advisory, RHSA-2006:0158-4, January 17, 2006

Fedora Security Advisory, FEDORA-2006-052, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-1, January 25, 2006

Ashwebstudio

Ashnews 0.83

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a file include vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Ashwebstudio Ashnews Cross-Site Scripting & File Include

CVE-2003-1292
CVE-2006-0524

Not available
Security Focus, Bugtraq IDs: 16426 & 16436, January 30, 2006

Blackboard

Blackboard Academic Suite 6.0, Blackboard 6.0, 5.5.1, 5.5, 5.0.2, 5.0

A vulnerability has been reported in the authentication mechanism, which could let a malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

There is no exploit code required.

Blackboard Learning System Unauthorized Access

CVE-2006-0511

Not Available
Security Focus, Bugtraq ID: 16438, January 31, 2006

BrowserCRM

BrowserCRM 0

A Cross-Site Scripting vulnerability has been reported in 'results.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

BrowserCRM Cross-Site Scripting

CVE-2006-0521

Not available
Security Focus, Bugtraq ID: 16435, January 31, 2006

Calendarix

Calendarix 0.6.20050830

SQL injection vulnerabilities have been reported in 'cal_day.php' due to insufficient sanitization of the 'catview' parameter and in in 'admin/cal_login.php' due to insufficient sanitization of the 'login' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Calendarix Multiple SQL Injection

CVE-2006-0492

Secunia Advisory: SA18667, February 1, 2006

Chain Reaction Edition

CRE Loaded 6.15

A vulnerability has been reported in the '/admin/htmlarea/popups/
file/files.php' script due to insufficient authentication, which could let a remote malicious user upload/create/delete arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.

CRE Loaded Files.PHP Access Validation

CVE-2006-0478

Secunia Advisory: SA18648, January 30, 2006

Cheesy
Blog

CheesyBlog 1.4, 1.0

An HTML vulnerability has been reported due to insufficient sanitization of various fields when posting a comment, which could let a remote malicious user execute arbitrary HLTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

CheesyBlog Multiple HTML Injection

CVE-2006-0443

Secunia Advisory: SA18610, January 26, 2006

Cisco Systems

Cisco IOS 12.0T & later

A vulnerability has been reported in the AAA (Authentication, Authorization, and Accounting) command due to insufficient authorization checks, which could let a remote malicious user obtain elevated privileges.

Patch Information

There is no exploit code required.

Cisco IOS AAA Command Authorization

CVE-2006-0485

Cisco Security Notice, 68840, January 25, 2006

Cisco Systems

Cisco VPN 3080 Concentrator 4.7.1 F, 4.7.1, VPN 3060 Concentrator 4.7.1 F, 4.7.1 , VPN 3030 Concentrator 4.7.1 F, 4.7.1, VPN 3020 Concentrator 4.7.1 F, 4.7.1, VPN 3015 Concentrator 4.7.1 F, 4.7.1, VPN 3005 Concentrator 4.7.1 F, 4.7.1, Catalyst 2926GL 4.7.2 A, 2926GL 4.7.2, 2926GL 4.7, 2926GL 4.7 REL

A remote Denial of Service vulnerability has been reported when handling a specially-crafted HTTP packet.

The vendor reports that the vulnerability has been fixed in software version 4.7.2.B. However, this is not correct according to the discoverer of the vulnerability.

Currently we are not aware of any exploits for this vulnerability.

Cisco VPN 3000 Concentrator Remote Denial of Service

CVE-2006-0483

Cisco Security Advisory, cisco-sa-20060126, January 26, 2006

Daffodil CRM

Daffodil CRM 1.5

An SQL injection vulnerability has been reported in 'userlogin.asp' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Daffodil CRM SQL Injection

CVE-2006-0510

Not Available
Security Focus, Bugtraq ID: 16433, January 30, 2006

Dragoran Portal

Dragoran Portal 1.3

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'site' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit script , ipbpro.pl, has been published.

IPB Portal Module SQL Injection

CVE-2006-0520

Not available
Secunia Advisory: SA18664, February 1, 2006

Drupal

Drupal 4.6-4.6.3, 4.5-4.5.5

Multiple vulnerabilities have been reported: an input validation vulnerability was reported when filtering HTML code, which could let a remote malicious user inject arbitrary JavaScript code; an input validation vulnerability was reported due to an error in the attachment handling, which could let a remote malicious user upload a malicious image and inject arbitrary HTTP headers; and a vulnerability was reported in the 'access user profile' permission can a remote malicious user can bypass it.

Upgrades available

Debian

There is no exploit code required.

Drupal Multiple Vulnerabilities

CVE-2005-3973
CVE-2005-3974
CVE-2005-3975

2.3
(CVE-2005-3973)

1.4
(CVE-2005-3975)

Secunia Advisory: SA17824, December 1, 2005

Debian Security Advisory,
DSA-958-1, January 27, 2006

EasyCMS

EasyCMS 0

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

The vendor has announced that fixes for this issue are pending.

There is no exploit code required.

EasyCMS Multiple Cross-Site Scripting

CVE-2006-0507
CVE-2006-0508

Not Available
Security Focus, Bugtraq ID: 16430, January 31, 2006

E-Post Corporation

Mail Server 4.x, Mail Server Enterprise 4.x, SMTP Server 4.x, SMTP Server Enterprise 4.x,
SPA-PRO Mail @Solomon 4.x,
SPA-PRO Mail @Solomon Enterprise 4.x.
SPA-PRO SMTP @Solomon 4.x

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the SMTP service due to a boundary error when handling the username supplied to the 'AUTH PLAIN' and 'AUTH LOGIN' commands, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in the POP3 service when handling the username supplied to the APOP command, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the IMAP service when handling the mailbox name passed to the DELETE command; a vulnerability was reported in the IMAP service due to an input validation error when handling arguments passed to the LIST command, which could let a remote malicious user obtain sensitive information and cause a Denial of Service; input validation vulnerabilities were reported in the IMAP service when handling the APPEND, COPY, and RENAME commands, which could let a remote malicious user create 'MSG' files and arbitrary directories; and a remote Denial of Service vulnerability was reported in the IMAP service when handling the APPEND command.

The vendor has released patches and updates to address these issues

Currently we are not aware of any exploits for these vulnerabilities.

E-Post Mail Server Products Multiple Vulnerabilities

CVE-2006-0447
CVE-2006-0448
CVE-2006-0449

7
(CVE-2006-0447)

7
(CVE-2006-0448)

2.3
(CVE-2006-0449)

Secunia Advisory: SA18480, January 25, 2006

FarsiNews

FarsiNews 2.1 Beta2

A file include vulnerability has been reported in 'loginout.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

FarsiNews Remote File Include

CVE-2006-0502

Not Available
Security Focus, Bugtraq ID: 16440, January 31, 2006

Gallery Project

Gallery 1.5.2-RC2

An HTML injection vulnerability has been reported due to insufficient sanitization of the user's fullname before using, which could let a remote malicious user execute arbitrary HTML and script code.

Gentoo

There is no exploit code required.

Gallery HTML Injection

CVE-2006-0330

Secunia Advisory: SA18557, January 20, 2006

Gentoo Linux Security Advisory, GLSA 200601-13, January 26, 2006

 

Groupee.com

UBBThreads 6.3 & prior

An SQL injection vulnerability has been reported in the 'showflat.php' script due to insufficient validation of the 'Number' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

UBBThreads SQL Injection
Not available
Security Tracker Alert ID: 1015549, January 29, 2006

MiniGal

MG2 0.5.1

An HTML-injection vulnerability has been reported in the 'Name' form field when adding a comment on a picture, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

MiniGal MG2 HTML Injection

CVE-2006-0493

Security Focus, Bugtraq ID: 16428, January 30, 2006

MiniNuke

MiniNuke CMS 1.8.2

Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code and change an arbitrary user's password.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits and an exploit script, mininuke_182.pl, have been published.

MiniNuke Multiple Input Validation
Not available
Security Focus, Bugtraq ID: 16416, January 30, 2006

Mozilla

Firefox 1.5 & prior

A Cross-Domain Scripting vulnerability has been reported in the '-moz-binding' property which could lead to the execution of arbitrary script code.

No workaround or patch available at time of publishing.

Proof of Concept exploits have been published.

Mozilla Firefox Cross-Domain Scripting

CVE-2006-0496

Security Focus, Bugtraq ID: 16427, January 30, 2006

Mozilla

Firefox 1.5, Netscape Browser 8.0.4; Netscape Browser 8.0.4

A remote Denial of Service vulnerability has been reported when handling large history information. Note: The vendor disputes this claim.

Netscape

A Proof of Concept exploit script has been published.

Mozilla History File Remote Denial of Service

CVE-2005-4134

Secunia Advisory: SA17934, December 8, 2005

Security Focus, Bugtraq ID: 15773, January 27, 2006

Multiple Vendors

EMC Legato Networker 7.2.1; Sun Solstice Backup 6.x, StorEdge Enterprise Backup 7.x

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling corrupted RPC packets due to an error; and a vulnerability was reported due to two unspecified errors, which could let a remote malicious user obtain unauthorized access and execute arbitrary code.

Hotfix

Sun

Currently we are not aware of any exploits for these vulnerabilities.

EMC NetWorker Code Execution

CVE-2005-3658
CVE-2005-3659

7
(CVE-2005-3658)

2.3
(CVE-2005-3659)

Secunia Advisory: SA18495, January 17, 2006

Sun(sm) Alert Notification
Sun Alert ID: 102148, January 30, 2006

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available

RedHat

Mandriva

Gentoo

Trustix

SGI

OpenPKG

SCO

FedoraLegacy

SCO

Avaya

There is no exploit code required.

Lynx URI Handlers Arbitrary Command Execution

CVE-2005-2929

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

SCO Security Advisory, SCOSA-2005.55, December 14, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

SCO Security Advisory, SCOSA-2006.7, January 10, 2006

Avaya Security Advisory, ASA-2006-035, January 30, 2006

Multiple Vendors

Cisco Systems Cisco Aironet 1200 Series Access Point, 350 Series Access Point, Content Services Switch 11000 Series (WebNS), MGX 8200 Series Edge Concentrators, MGX 8800 Series Multiservice Switches, MGX 8900 Series Multiservice Switches, SN5400 Series Storage Routers; OpenBSD 3.x; Hitachi GR2000 Series Gigabit Routers, GR4000 Series Gigabit Routers, GS3000 Series Gigabit Switches, GS4000 Series Gigabit Switches; ALAXALA Networks AX5400S, AX7800R, AX7800S; FreeBSD FreeBSD 2.x, 3.x, 4.x; Avaya Intuity Audix R4, R5

A remote Denial of Service vulnerability has been reported in the Protection Against Wrapped Sequence Numbers (PAWS) technique that was included to increase overall TCP performance.

Update information

OpenBSD

Hitachi: The vendor has issued updated versions.

ALAXALA: Customers are advised to contact the vendor in regards to obtaining and applying the appropriate update.

Microsoft

FreeBSD

Avaya

An exploit script has been published.

Cisco Various Products TCP Timestamp Denial of Service

CVE-2005-0356

Cisco Security Notice, 64909, May 18, 2005

Microsoft Security Advisory (899480), May 18, 2005

US-CERT VU#637934

FreeBSD CVS Log, May 25, 2005

Avaya Security Advisory, ASA-2006-032, January 30, 2006

My little homepage

My Little Weblog 2004.4.20, My Little Guestbook 2004.4.20, my little forum 2004.4.20

A vulnerability has been reported due to insufficient sanitization of the 'link' BBcode tag when posting a message, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

My Little Homepage BBCode Link Tag Script Injection

CVE-2006-0471
CVE-2006-0472
CVE-2006-0473

2.3
(CVE-2006-0471)

2.3
(CVE-2006-0472)

2.3
(CVE-2006-0473)

Security Focus, Bugtraq ID: 16395, January 26, 2006

MyBB Group

MyBulletinBoard 1.2

 

Cross-Site Scripting vulnerabilities have been reported in 'search.php' due to insufficient sanitization of the 'sortby' and 'sortordr' parameters and in 'usercp2.php' due to insufficient sanitization of the 'referer' HTTP header when adding a thread to favorites, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'plugin' parameter because arbitrary files can be included when activating a plugin in the plugin manager.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

MyBB Cross-Site Scripting & Plugin Manager

CVE-2006-0470

Secunia Advisory: SA18617, January 31, 2006

Nuked-Klan

Nuked-Klan 1.7

A Cross-Site Scripting vulnerability has been reported in 'Index.PHP' due to insufficient sanitization of the 'letter' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Nuked-klaN Cross-Site Scripting

CVE-2006-0506

Not Available
Security Focus, Bugtraq ID: 16424, January 30, 2006

OpenSSH

OpenSSH 4.1, 4.0, p1

Several vulnerabilities have been reported: a vulnerability was reported due to an error when handling dynamic port forwarding when no listen address is specified, which could let a remote malicious user cause "GatewayPorts" to be incorrectly activated; and a vulnerability was reported due to an error when handling GSSAPI credential delegation, which could let a remote malicious user be delegated with GSSAPI credentials.

OpenBSD

Fedora

Trustix

Slackware

Fedora

RedHat

Mandriva

Ubuntu

Conectiva

HP

Avaya

There is no exploit code required.

OpenSSH DynamicForward Inadvertent GatewayPorts Activation & GSSAPI Credentials

CVE-2005-2797
CVE-2005-2798

3.3
(CVE-2005-2797)

3.3
(CVE-2005-2798)

Secunia Advisory: SA16686, September 2, 2005

Fedora Update Notification,
FEDORA-2005-858, September 7, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005

Slackware Security Advisory, SSA:2005-251-03, September 9, 2005

Fedora Update Notification,
FEDORA-2005-860, September 12, 2005

RedHat Security Advisory, RHSA-2005:527-16, October 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:172, October 6, 2005

Ubuntu Security Notice, USN-209-1, October 17, 2005

Conectiva Linux Announcement, CLSA-2005:1039, October 19, 2005

Security Focus, Bugtraq ID: 14729, January 10, 2006

Avaya Security Advisory, ASA-2006-033, January 30, 2006

Oracle Corporation

JD Edwards EnterpriseOne 8.x, Oracle Application Server 10g,
Collaboration Suite Release 1 & Release 2,
Database 8.x, Database Server 10g, Developer Suite 10g, E-Business Suite 11i, Enterprise Manager 10.x,
Oracle9i Application Server,
Oracle9i Database Enterprise Edition,
Oracle9i Database Standard Edition,
Oracle9i Developer Suite,
PeopleSoft Enterprise Portal 8.x; HP Oracle for OpenView (OfO) 8.x, 9.x

82 vulnerabilities and security issues have been reported in various Oracle products, which could lead to information disclosure, arbitrary files overwritten, and arbitrary SQL code injection.

patch information

HP

An exploit would not be required for some of these issues.

Oracle January Security Update

CVE-2005-2371
CVE-2005-2378

CVE-2006-0256 through CVE-2006-0291

3.3
(CVE-2005-2371)

3.3
(CVE-2005-2378)

7
(CVE-2006-0256 through CVE-2006-0271)

7
(CVE-2006-0272 through CVE-2006-0278)

4.9
(CVE-2006-0279 & CVE-2006-0280)

7
(CVE-2006-0281 through CVE-2006-0291)

Security Focus, Bugtraq ID: 16287, January 17, 2006

US-CERT VU#545804

Technical Cyber Security Alert TA06-018A

US-CERT VU#472148

US-CERT VU#925261

US-CERT VU#857412

US-CERT VU#871756

US-CERT VU#999268

US-CERT VU#629316

US-CERT VU#983340

US-CERT VU#150332

US-CERT VU#891644

US-CERT VU#870172

Hewlett Packard Security Bulletin, HPSBMA02094, January 25, 2006

Oracle Corporation

Oracle Application Server 10g, Database 8.x, HTTP Server 8.x, 9.x,
Oracle9i Application Server,
Oracle9i Database Enterprise Edition,
Oracle9i Database Standard Edition

A vulnerability has been reported in the Oracle PL/SQL Gateway component when validating certain HTTP requests, which could let a remote malicious user bypass certain security restrictions.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Oracle Products PL/SQL Gateway Security Bypass

CVE-2006-0435

Security Tracker Alert ID: 1015544, January 25, 2006

US-CERT VU#169164

Paros

Paros 3.2.5

A vulnerability has been reported in the built-in 'hsqldb' database due to a default password, which could let a remote malicious bypass authentication procedures.

U[date available

Gentoo

There is no exploit code required.

Paros 'HSQLDB' Remote Authentication Bypass

CVE-2005-3280

Security Focus, Bugtraq ID: 15141, October 19, 2005

Gentoo Linux Security Advisory, GLSA 200601-15, January 29, 2006

PHP

PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_
globals' directive; a Cross-Site Scripting vulnerability was reported in the 'phpinfo()' PHP function due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an integer overflow vulnerability was reported in 'pcrelib' due to an error, which could let a remote malicious user corrupt memory.

Upgrades available

SUSE

TurboLinux

Fedora

RedHat

RedHat

Gentoo

Mandriva

SUSE

Trustix

SGI

OpenPKG

Ubuntu

Avaya

There is no exploit code required.

3.3
(CVE-2005-3388)

3.3
(CVE-2005-3389)

8
(CVE-2005-3390)

7
(CVE-2005-3391)

7
(CVE-2005-3392)

Secunia Advisory: SA17371, October 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Turbolinux Security Advisory TLSA-2005-97, November 5, 2005

Fedora Update Notifications,
FEDORA-2005-1061 & 1062, November 8, 2005

RedHat Security Advisories, RHSA-2005:838-3 & RHSA-2005:831-15, November 10, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.027, December 3, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

SUSE Security Announcement, SUSE-SA:2005:069, December 14, 2005

Ubuntu Security Notice, USN-232-1, December 23, 2005

Avaya Security Advisory, ASA-2006-037, January 31, 2006

Phpclanwebsite

Phpclanwebsite 1.23.1

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'par' and 'poll_id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script, Phpclanwebsite.
1.23.1.SQL.Injection.pl, has been published.

Phpclanwebsite SQL Injection

CVE-2006-0444

Security Focus, Bugtraq ID: 16391, January 26, 2006

PHP-Ping

PHP-Ping 1.3

A remote Denial of Service vulnerability has been reported in the 'count' parameter due to insufficient validation.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

PHP-Ping Remote Denial of Service

CVE-2006-0475

Secunia Advisory: SA18645, January 30, 2006

Pioneers

Pioneers 0.9.40

A remote Denial of Service vulnerability has been reported due to a boundary error when handling overly long chat messages.

Update available

There is no exploit code required.

Pioneers Remote Denial of Service

CVE-2006-0467

Security Focus, Bugtraq ID: 16429, January 30, 2006

PMachine

ExpressionEngine 1.4.1

An HTML injection vulnerability has been reported in the HTTP 'Referer' header due to insufficient sanitization before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PMachine ExpressionEngine HTML Injection

CVE-2006-0461

Security Focus, Bugtraq ID: 16377, January 25, 2006

PmWiki

PmWiki 2.1 beta20

A vulnerability has been reported in the 'GLOBALS' array parameter due to an error in the unregister 'register_globals' layer, which could let a remote malicious user execute arbitrary HTML and script code.

The vulnerability has been fixed in version 2.1 beta 21.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PmWiki Unregister Layer Bypass

CVE-2006-0479

Secunia Advisory: SA18634, January 30, 2006

PunctWeb

MyCO Guestbook 1.0

An HTML injection vulnerability has been reported due to insufficient sanitization of the name field before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required

PunctWeb MyCO HTML Injection

CVE-2006-0500
CVE-2006-0501

Not Available
Security Focus, Bugtraq ID: 16444, January 31, 2006

spaiz-nuke.net

sPaiz-Nuke CMS 0

A Cross-Site Scripting vulnerability has been reported in 'Modules.PHP' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

sPaiz-Nuke Cross-Site Scripting

CVE-2006-0480

Security Focus, Bugtraq ID: 16412, January 30, 2006

SPIP

SPIP 1.9.Alpha 1, 1.8.2-d

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'forum.php3' due to insufficient sanitization of the 'id_article' and 'id_forum' parameters being using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'index.php3' due to insufficient sanitization of the 'lang' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

SPIP SQL Injection & Cross-Site Scripting

CVE-2006-0518
CVE-2006-0519

2.3
(CVE-2006-0518)

2.3
(CVE-2006-0519)

Secunia Advisory: SA18676 , February 1, 2006

subzane

SZUserMgnt 1.4

An SQL injection vulnerability has been reported in 'login.verify.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SZUserMgnt SQL Injection

CVE-2006-0491

Security Focus, Bugtraq ID: 16454, February 1, 2006

UebiMiau

UebiMiau 2.7.9

An HTML injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

UebiMiau HTML Injection

CVE-2006-0469

Security Focus, Bugtraq ID: 16413, January 30, 2006

Webgroup Media

Cerberus Helpdesk 2.7.1 Development Release, Helpdesk 2.7

A Cross-Site Scripting vulnerability has been reported in 'clients.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Cerberus Helpdesk Cross-Site Scripting

CVE-2006-0509

Not Available
Security Focus, Bugtraq ID: 16439, January 31, 2006

Xpdf

Xpdf 3.01

A heap-based buffer overflow vulnerability has been reported when handling PDF splash images with overly large dimensions, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Xpdf PDF Splash Remote Buffer Overflow

CVE-2006-0301

Secunia Advisory: SA18677, February 1, 2006

Yourboard

Rlink 1.0

A Cross-Site Scripting vulnerability has been reported in 'Rlink.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

phpBB Rlink Module Cross-Site Scripting

CVE-2006-0499

Not Available
Security Focus, Bugtraq ID: 16448, January 31, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.
  • Bluetooth set to take over wireless from Wi-Fi... : The IEEE has abandoned its effort to create a Ultra-Wide Band (UWB) standard, but has agreed on a draft for the next generation of WiFi, 802.11n.
  • Mobile devices are IT managers' security headache: According to a survey of 500 enterprise IT managers in the U.S., U.K., Germany and France, two-thirds of IT managers are still experiencing security breaches because of poor practices on mobile devices. The survey found that companies lacked the necessary corporate policies to prevent laptops and other devices access to the network without adequate security checks. Sixty-six percent of IT Managers experienced security breaches and feel anti-virus software is not enough to keep malware out of their infrastructure. Sixty percent of respondents said their organization has no way of scanning devices connecting to their network or quarantining any system that does not meet their company's security requirements.


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.

  • Expert: Botnets No. 1 emerging Internet threat: According to the security firm, Panda Labs, bots are the fastest growing malware threat. More than 10,000 new variants were detected last year. They reported a 175-percent jump in new bots in 2005, making them 20 percent of the total new malware detected.
  • Exploit for Buffer Overflow Vulnerability in Winamp: US-CERT is aware of a public exploit for a buffer overflow vulnerability in Winamp. The buffer overflow is triggered when Winamp processes a specially crafted playlist (.PLS) file that has a long computer name.
  • BIOS Could Hide Rootkits: According to a presentation at the Black Hat conference in Washington, D.C., attackers armed with rootkits may hide some of their malicious code inside the PC's BIOS flash memory. Attackers could use the Advanced Configuration and Power Interface (ACPI), a collection of power management controls, and its programming language to code and/or deploy a rootkit into the BIOS flash memory. They could even replace legitimate functions in the ACPI's language with their own, malicious, operations.
  • Security vendors open another front against spyware: Trend Micro, Symantec, and McAfee have joined forced with ICSA Labs and Thompson Cyber Security Labs to develop standards for spyware detection.
  • Browsers face triple threat: According to Polish security researcher, Michael Zalewski, due to the way cookies are handled three bugs exist that could be used to carry out attacks on commercial websites. The bugs are fundamental to the design and implementation of cookies. One of which was first disclosed eight years ago, but still hasn't been fixed in the major browsers.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2 Lovgate.w Win32 Worm Increase April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
3 Mytob-GH Win32 Worm Slight Decrease November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
4 Netsky-D Win32 Worm Slight Decrease March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
5 Mytob.C Win32 Worm Increase March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
6 Mytob-BE Win32 Worm Increase June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
7 Sober-Z Win32 Worm Decrease December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
8 Zafi-B Win32 Worm Decrease June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
9 Mytob-AS Win32 Worm Slight Increase June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
10 Zafi-D Win32 Worm Decrease December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.

Table updated February 1, 2006

[back to top]

 

 

 

Last updated

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Adobe

Acrobat, Creative Suite, Illustrator, InDesign, Pagemaker, Pagemaker Plus, Photoshop Premiere, and Version Cue various versions

Multiple vulnerabilities have been reported in multiple Adobe products that could let local malicious users obtain elevated privileges or execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Adobe Multiple Product Privilege Elevation or Arbitrary Code Execution

CVE-2006-0525

Not Available Security Focus, ID: 16451, January 31, 2006

America Online

AOL Client Software 8.0, 9.0, 9.0 Optimized, 9.0 Security

A vulnerability has been reported in AOL Client Software that could let local malicious users obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

AOL Client Software Privilege Elevation

CVE-2006-0526

Not Available Security Focus, ID: 16453, January 31, 2006
ASPThai 8.0 and prior

An input validation vulnerability has been reported in ASPThai that could let remote malicious users perform SQL injection.

ASPThai 8.5 or later

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASPThai SQL Injection

CVE-2006-0490

7 Security Tracker, Alert ID: 1015548, January 27, 2006

Blue Coat Systems

WinProxy 6.0

Multiple vulnerabilities have been reported in WinProxy that could let remote malicious users cause a Denial of Service,

Blue Coat Systems

Exploit scripts, CVE-2005-4085_exploit.pl and bluecoat_winproxy.pm, have been published.

Blue Coat WinProxy Multiple Vulnerabilities

CVE-2005-3187
CVE-2005-3654
CVE-2005-4085

2.3 (CVE-2005-3187)

7
(CVE-2005-3654)

7
(CVE-2005-4085)

Secunia, Advisory: SA18288, January 6, 2006

Security Focus, ID: 16147, February 1, 2006

MailEnable Professional prior to 1.72

A vulnerability has been reported in MailEnable Professional that could let remote malicious users cause a Denial of Service.

MailEnable Professional 1.72

Currently we are not aware of any exploits for this vulnerability.

MailEnable Professional Denial of Service

CVE-2006-0503

Not Available Secunia, Advisory: SA18668, February 1, 2006

Microsoft

Internet Explorer 5.0.1 through SP4, 5.5 through SP2, 6.0, 6.0 SP1

A vulnerability has been reported in Internet Explorer, ActiveX kill bit checking, that could let malicious users to execute arbitrary code.

Microsoft

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2006-0057

7

Security Focus, ID: 16409, January 28, 2006

Microsoft Security Bulletin MS05-054 v1.1, February 1, 2006

US-CERT VU#998297

Nullsoft

WinAmp 5.12

A buffer overflow vulnerability has been reported in WinAmp that could let malicious users execute arbitrary code.

WinAmp 5.13

Exploit scripts, winamp_playlist_unc.pm and winamp0day.c have been published.

Winamp Arbitrary Code Execution

CVE-2006-0476

5.6

Secunia, Advisory: SA18649, January 30, 2006

Technical Cyber Security Alert TA06-032A

US-CERT VU#604745

Pegasus Mail

Mercury Mail 4.01b

Multiple buffer overflow vulnerabilities have been reported in Mercury Mail that could let remote malicious users execute arbitrary code.

Pegasus Mail Mercury Mail Patch

An exploit script, mercurysexywarez.pl, has been published.

Mercury Mail Arbitrary Code Execution

CVE-2005-4411

7

Security Tracker, Alert ID: 1015374, December 16, 2005

Security Focus, ID; 16396, January 31, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

bzip2

bzip2 1.0.2 & prior

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.

Ubuntu

Mandriva

Debian

TurboLinux

OpenPKG

RedHat

FreeBSD

Conectiva

SGI

FedoraLegacy

Mandriva

There is no exploit code required.

BZip2 File Permission Modification

CVE-2005-0953

Security
Focus,
12954,
March 31, 2005

Ubuntu Security Notice,
USN-127-1,
May 17, 2005

Mandriva Linux Security
Update
Advisory,
MDKSA-2005:
091, May 19,
2005

Debian Security Advisory,
DSA 730-1,
May 27, 2005

Turbolinux
Security
Advisory,
TLSA-2005-60, June 1, 2005

OpenPKG
Security
Advisory, OpenPKG-SA-2005.008,
June 10, 2005

RedHat
Security Advisory,
RHSA-2005
:474-15,
June 16, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:14, June 29, 2005

Conectiva Linux Announcement, CLSA-2005:972,
July 6, 2005

SGI Security Advisory, 20050605-
01-U, July 12, 2005

Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005

Mandriva Security Advisory, MDKSA-2006:026, January 30, 2006

Edgewall Software

Trac 0.9.1, 0.9, 0.8.1- 0.8.4, 0.7.1

An SQL injection vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available

Debian

Debian

There is no exploit code required; however, a Proof of Concept exploit has been published.

Edgewall Software Trac Search Module SQL Injection

CVE-2005-4065

7

Security Focus, Bugtraq ID: 15720, December 5, 2005

Debian Security Advisory, DSA-951-1, January 23, 2006

Debian Security Advisory DSA 951-2, January 30, 2006

Edgewall Software

Trac 0.9.2

An HTML injection vulnerability has been reported in the WikiProcessor Wiki Content due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

Trac

Debian

Debian

There is no exploit code required.

Trac HTML Injection

CVE-2005-4644

2.3

Security Focus, Bugtraq ID: 16198, January 10, 2006

Debian Security Advisory, DSA-951-1, January 23, 2006

Debian Security Advisory DSA 951-2, January 30, 2006

Elido

Face Control 0

Multiple Directory Traversal vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Elido Face Control Multiple Directory Traversal

CVE-2006-0484

Security Focus, Bugtraq ID: 16401, January 27, 2006

ETERM

LibAST prior to 0.7

A buffer overflow vulnerability has been reported in 'conf.c' due to a boundary error in the 'conf_find_file()' function, which could let a malicious user execute arbitrary code.

Update available

Gentoo

An exploit script, eterm-exploit.c, has been published.

LibAST Buffer Overflow

CVE-2006-0224

Secunia Advisory: SA18586, January 25, 2006

Gentoo Linux Security Advisory, GLSA 200601-14, January 29, 2006

 

GIT

GIT 1.1.

A buffer overflow vulnerability has been reported in 'git-checkout-index' due to a boundary error when handling of an overly long symbolic link, which could let a remote malicious user execute arbitrary code.

Update available

Currently we are not aware of any exploits for this vulnerability.

GIT Remote Buffer Overflow

CVE-2006-0477

Secunia Advisory: SA18643, January 30, 2006

GNOME Development Team

Evolution 2.3.1-2.3.7

A buffer overflow vulnerability has been reported which could lead to a Denial of Service when processing messages that contain inline XML file attachments with excessively long strings.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

GNOME Evolution Remote Buffer Overflow

CVE-2006-0528

Not available
Security Focus, Bugtraq ID: 16408, January 30, 2006

GNU

Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.

Mandriva

SuSE

Ubuntu

Debian

There is no exploit code required.

GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service

CVE-2005-3573

Secunia Advisory: SA17511, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

Patch available

Mandriva

TurboLinux

RedHat

RedHat

SGI

Fedora

SGI

F5

Ubuntu

Trustix

Avaya

FedoraLegacy

SCO

SCO

Mandriva

Mandriva

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CVE-2005-0758

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603
-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Secunia Advisory: SA16159, July 21, 2005

Ubuntu Security Notice,
USN-158-1, August 01, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

Mandriva Security Advisories, MDKSA-2006:026 & MDKSA-2006:027, January 30, 2006

Hewlett Packard Company

HP-UX 11.23, 11.11, 11.0 4, 11.0, B.11.23, B.11.11, B.11.11, B.11.04, B.11.00; Avaya Predictive Dialing System (PDS) 12.0

A remote Denial of Service vulnerability has been reported in the HP-UX ftpd implementation.

HP-UX

Avaya

There is no exploit code required.

HP-UX FTPD Remote Denial of Service

CVE-2005-2993

HP Security Bulletin, HPSBUX02092, January 18, 2006

Avaya Security Advisory, ASA-2006-018, January 19, 2006

Image
Magick

ImageMagick 6.2.4 .5

A vulnerability has been reported in the delegate code that is used by various ImageMagick utilities when handling an image filename due to an error, which could let a remote malicious user execute arbitrary commands.

Ubuntu

Debian

Mandriva

There is no exploit code required.

ImageMagick Utilities Image Filename Remote Command Execution

CVE-2005-4601

Secunia Advisory: SA18261, December 30, 2005

Ubuntu Security Notice, USN-246-1, January 24, 2006

Debian Security Advisory,
DSA-957-1, January 26, 2006

Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

IpsecTools

Ubuntu

Gentoo

SUSE

Conectiva

Mandriva

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

IPsec-Tools ISAKMP IKE Remote Denial of Service

CVE-2005-3732

Security Focus, Bugtraq ID: 15523, November 22, 2005

Ubuntu Security Notice, USN-221-1, December 01, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006

Mandriva Security Advisory, MDKSA-2006:020, January 25, 2006

Joshua Chamas

Crypt::SSLeay 0.51

A vulnerability has been reported because a file is employed from a world writable location for its fallback entropy source, which could lead to weak cryptographic operations.

Ubuntu

Mandriva

There is no exploit code required.

Joshua Chamas Crypt::SSLeay Perl Module Insecure Entropy Source

CVE-2005-0106

Ubuntu Security Notice, USN-113-1, May 03, 2005

Mandriva Security Advisory, MDKSA-2006:023, January 26, 2006

LSH

LSH 2.0.1

A vulnerability has been reported in 'unix_random.c' because file descriptors that are related to the randomness generator are leaked, which could let a malicious user obtain sensitive information or cause a Denial of Service.

Patch available

Debian

Currently we are not aware of any exploits for this vulnerability.

LSH File Descriptor Leakage

CVE-2006-0353

Secunia Advisory: SA18564, January 23, 2006

Debian Security Advisory, DSA-956-1, January 26, 2006

Marc Lehmann

Convert-UUlib 1.50

A buffer overflow vulnerability has been reported in the Convert::UUlib module for Perl due to a boundary error, which could let a remote malicious user execute arbitrary code.

Update available

Gentoo

Debian

SuSE

Conectiva

Mandriva

Currently we are not aware of any exploits for this vulnerability.

Convert-UUlib Perl Module Buffer Overflow

CVE-2005-1349

Gentoo Linux Security Advisory, GLSA 200504-26, April 26, 2005

Secunia Advisory, SA15130, April 27, 2005

Debian Security Advisory, DSA 727-1, May 20, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Conectiva Linux Announcement, CLSA-2005:1031, October 13, 2005

Mandriva Security Advisory, MDKSA-2006:022, January 26, 2006

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available

Fedora

RedHat

KDE

SUSE

Ubuntu

Gentoo

RedHat

RedHat

RedHat

Mandriva

Debian

Debian

Debian

Fedora

SuSE

RedHat

SGI

Debian

TurboLinux

Debian

Debian

Currently we are not aware of any exploits for these vulnerabilities.

3.9
(CVE-2005-3191)

7
(CVE-2005-3192)

3.9
(CVE-2005-3193)

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

Debian Security Advisory, DSA-937-1, January 12, 2006

Debian Security Advisory, DSA 938-1, January 12, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Multiple Vendors

Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.1, 5.8.3, 5.8.4 -5, 5.8.4 -4, 5.8.4 -3, 5.8.4 -2.3, 5.8.4 -2, 5.8.4 -1, 5.8.4, 5.8.5, 5.8.6

A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.

Perl

Ubuntu

Gentoo

Debian

TurboLinux

Mandrake

HP

Fedora

Avaya

RedHat

Conectiva

FedoraLegacy

Currently we are not aware of any exploits for this vulnerability.

Perl 'rmtree()' Function Elevated Privileges

CVE-2005-0448

Ubuntu Security Notice, USN-94-1 March 09, 2005

Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005

Debian Security Advisory, DSA 696-1 , March 22, 2005

Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005

HP Security Bulletin, HPSBUX01208, June 16, 2005

Secunia, Advisory: SA16193, July 25, 2005

Avaya Security Advisory, ASA-2005-196, September 13, 2005

RedHat Security Advisory, RHSA-2005:674-10, October 5, 2005

Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006

Fedora Legacy Update Advisory, FLSA:152845, January 25, 2006

Multiple Vendors

libpng 1.0.16, 1.0.17, 1.2.6, 1.2.7.

A buffer overflow vulnerability has been reported in 'png_set_strip_alpha()' when handling a PNG image file that contains alpha channels, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.

Update available

Currently we are not aware of any exploits for this vulnerability.

libpng Buffer Overflow

CVE-2006-0481

Secunia Advisory: SA18654, February 1, 2006

Multiple Vendors

OpenSSH 3.x, 4.x; RedHat Fedora Core3 & Core4

A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges.

Fedora

Trustix

Patches available

There is no exploit code required.

OpenSSH SCP Shell Command Execution

CVE-2006-0225

Security Focus, Bugtraq ID: 16369, January 24, 2006

Fedora Security Advisory, FEDORA-2006-056, January 24, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

Security Focus, Bugtraq ID: 16369, January 31, 2006

Multiple Vendors

phpMyAdmin 2.7 .0-beta1, 2.6.4 -rc1, pl3, pl1, 2.6.3 -pl1, 2.6.2 -rc1, 2.6.2, 2.6.1 pl3, 2.6.1 pl1, 2.6.1 -rc1, 2.6.1, 2.6.0pl3, 2.6.0pl2, 2.6.0pl1, 2.5.7pl1, 2.5.7, 2.5.6 -rc1, 2.5.5 pl1, 2.5.5 -rc2, 2.5.5 -rc1, 2.5.5,
phpMyAdmin phpMyAdmin 2.5 .0-2.5.4, 2.4.0, 2.3.2, 2.3.1, 2.2-2.2.6, 2.1-2.1 .2, 2.0- 2.0.5

Cross-Site Scripting vulnerabilities have been reported in the 'HTTP_HOST' variable and certain scripts in the libraries directory due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available

Gentoo

SuSE

There is no exploit code required.

PHPMyAdmin Multiple Cross-Site Scripting

CVE-2005-3665

phpMyAdmin security announcement PMASA-2005-8, December 5, 2005

Gentoo Linux Security Advisory, GLSA 200512-03, December 12, 2005

SuSE Security Announcement, SUSE-SA:2006:004, January 26, 2006

Multiple Vendors

Gentoo Linux;
GNU GDB 6.3

Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.

Gentoo

Ubuntu

Ubuntu

Mandriva

Trustix

TurboLinux

RedHat

RedHat

RedHat

Avaya

Fedora

Mandriva

Conectiva

Currently we are not aware of any exploits for these vulnerabilities.

GDB Multiple Vulnerabilities

CVE-2005-1704
CVE-2005-1705

5.6
(CVE-2005-1704)

7
(CVE-2005-1705)

Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005

Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005

RedHat Security Advisory, RHSA-2005:659-9, September 28, 2005

RedHat Security Advisory, RHSA-2005:673-5 & RHSA-2005:709-6, October 5, 2005

Avaya Security Advisory, ASA-2005-222, October 18, 2005

Fedora Update Notifications,
FEDORA-2005-1032 & 1033, October 27, 2005

Mandriva Linux Security Advisory, MDKSA-2005:215, November 23, 2005

Conectiva Security Advisory, CLSA-2006:1060, January 23, 2006

Multiple Vendors

ImageMagick 5.3.3, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0-6.0.8, 6.1-6.1.7, 6.2

A format string vulnerability exists when handling malformed file names, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Update available

Ubuntu

Gentoo

SUSE

RedHat

Fedora

Debian

Mandrake

FedoraLegacy

Mandriva

Currently we are not aware of any exploits for this vulnerability.

ImageMagick File Name Handling Remote Format String

CVE-2005-0397

Secunia Advisory,
SA14466,
March 4, 2005

Ubuntu Security
Notice,
USN-90-1, March 3, 2004

SUSE Security Announcement,
SUSE-SA:2005:017, March 23, 2005

RedHat Security Advisory,
RHSA-2005:320-10, March 23,
2005

Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005

Debian Security Advisory,
DSA 702-1 ,
April 1, 2005

Mandrakelinux Security Update Advisory,
MDKSA-
2005:065, April 3, 2005

Fedora Legacy Update Advisory, FLSA:152777, July 13, 2005

Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006

Multiple Vendors

KDE kword 1.4.2, kpdf 3.4.3, 3.2, KOffice 1.4-1.4.2, kdegraphics 3.4.3, 3.2;
Gentoo Linux

Multiple buffer and integer overflows have been reported, which could let a remote malicious user execute arbitrary code.

Gentoo

Ubuntu

Fedora

Mandriva

Ubuntu

Debian

Debian

SuSE

RedHat

RedHat

Fedora

Debian

Trustix

Mandriva

RedHat

SGI

Debian

TurboLinux

Gentoo

Debian

Debian

Currently we are not aware of any exploits for this vulnerability.

KPdf & KWord Multiple Unspecified Buffer & Integer Overflow

CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627

 

Not Available

Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006

Ubuntu Security Notice, USN-236-1, January 05, 2006

Fedora Update Notifications,
FEDORA-2005-000, January 5, 2006

Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006

Ubuntu Security Notice, USN-236-2, January 09, 2006

Debian Security Advisory DSA 931-1, January 9, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

SUSE Security Announcement, SUSE-SA:2006:001, January 11, 2006

RedHat Security Advisories, RHSA-2006:0163-2 & RHSA-2006:0177-5, January 11, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

Debian Security Advisories, DSA 937-1, 938-1, & 940-1, January 12 & 13, 2006

Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006

Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Gentoo Linux Security Advisory, GLSA 200601-17, January 30, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Multiple Vendors

Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32

 

Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.

Ubuntu

Gentoo

Mandrake

RedHat

SGI

SUSE

Trustix

IBM

Fedora

Conectiva

FedoraLegacy

Proofs of Concept exploits have been published.

Perl SuidPerl Multiple Vulnerabilities

CVE-2005-0155
CVE-2005-0156

4.9 (CVE-2005-0155)

2.3 (CVE-2005-0156)

Ubuntu Security Notice, USN-72-1, February 2, 2005

MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005

RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005

SGI Security Advisory, 20050202-01-U, February 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005

IBM SECURITY ADVISORY, February 28, 2005

Fedora Update Notification,
FEDORA-2005-353, May 2, 2005

Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006

Fedora Legacy Update Advisory, FLSA:152845, January 25, 2006

Multiple Vendors

Linux kernel 2.6.15 & prior

Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in 'netlink_rcv_skb()' due to insufficient validation of the 'nlmsg_len' value; a Denial of Service vulnerability was reported due to an error in the 'PPTP NAT' helper when handling inbound 'PPTP_IN_CALL_
REQUEST' packets; and a Denial of Service vulnerability was reported in the 'PPTP NAT' helper when calculating offsets based on the difference between two pointers to the header.

Update available

Trustix

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Multiple Denials of Service

CVE-2006-0035
CVE-2006-0036
CVE-2006-0037

3.5
(CVE-2006-0035)

3.3
(CVE-2006-0036)

2.3
(CVE-2006-0037)

Security Focus, Bugtraq ID: 16414, January 30, 2006

Trustix Security Advisory, TSLSA-2006-0004, January 27, 2006

Multiple Vendors

Mail-Audit 2.1, 2.0;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha, 3.0

A vulnerability has been reported due to the insecure creation of temporary files when logging is enabled, which could let a malicious user cause a Denial of Service or overwrite files.

Debian

There is no exploit code required.

Mail-Audit Insecure Temporary File Creation

CVE-2005-4536

Not Available
Debian Security Advisory,
DSA-960-1, January 31, 2006

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10

A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_
SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security.

OpenSSL

FreeBSD

RedHat

Mandriva

Gentoo

Slackware

Fedora

Sun

Ubuntu

OpenPKG

SUSE

Trustix

SGI

Debian

NetBSD

BlueCoat Systems

Debian

Astaro Security Linux

SCO

IBM

IBM

IBM

FedoraLegacy

Cisco

Avaya

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors OpenSSL Insecure Protocol Negotiation

CVE-2005-2969

OpenSSL Security Advisory, October 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005

RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005

Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005

Slackware Security Advisory, SSA:2005-286-01, October 13, 2005

Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005

Ubuntu Security Notice, USN-204-1, October 14, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005

SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Debian Security Advisory DSA 875-1, October 27, 2005

NetBSD Security Update, November 1, 2005

BlueCoat Systems Advisory, November 3, 2005

Debian Security Advisory, DSA 888-1, November 7, 2005

Astaro Security Linux Announcement, November 9, 2005

SCO Security Advisory, SCOSA-2005.48, November 15, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Cisco Security Notice, Document ID: 68324, December 19, 2005

Avaya Security Advisory, ASA-2006-031, January 30, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, Corporate Server 3.0 x86_64, 3.0;
GNU Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in the email date parsing functionality due to an error in the handling of dates.

Mandriva

Ubuntu

Debian

There is no exploit code required.

GNU Mailman Remote Denial of Service

CVE-2005-4153

Security Focus, Bugtraq ID: 16248, January 16, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15

A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.

Updates available

Ubuntu

Trustix

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel DM-Crypt Local Information Disclosure

CVE-2006-0095

Security Focus, Bugtraq ID: 16301, January 18, 2006

Ubuntu Security Notice, USN-244-1 January 18, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

MyDNS

MyDNS 1.0.0

A remote Denial of Service vulnerability has been reported due to an error when handling certain malformed DNS queries.

Update available

Gentoo

Currently we are not aware of any exploits for this vulnerability.

MyDNS Remote Denial of Service

CVE-2006-0351

Security Tracker Alert ID: 1015521, January 20, 2006

Gentoo Linux Security Advisory, GLSA 200601-16, January 30, 2006

Net-SNMP

Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1

A remote Denial of Service vulnerability has been reported when handling stream-based protocols.

Upgrades available

Trustix

Fedora

RedHat

Mandriva

Ubuntu

RedHat

Conectiva

Avaya

Conectiva

Mandriva

Currently we are not aware of any exploits for this vulnerability.

Net-SNMP
Protocol Denial of Service

CVE-2005-2177

Secunia
Advisory: SA15930,
July 6, 2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0034,
July 8, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562, July 13, 2005

RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005

Ubuntu Security Notice, USN-190-1, September 29, 2005

RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005

Conectiva Linux Announcement, CLSA-2005:1032, October 13, 2005

Avaya Security Advisory, ASA-2005-225, October 18, 2005

Conectiva Linux Announcement, CLSA-2005:1050, November 21, 2005

Mandriva Security Advisory, MDKSA-2006:025, January 26, 2006

Net-snmp

Net-snmp 5.x

A vulnerability has been reported in 'fixproc' due to a failure to securely create temporary files in world writeable locations, which could let a malicious user obtain elevated privileges and possibly execute arbitrary code with ROOT privileges.

Gentoo

Fedora

RedHat

RedHat

Avaya

Mandriva

There is no exploit code required.

Net-SNMP
Fixprox Insecure Temporary File Creation

CVE-2005-1740

Gentoo Linux Security Advisory, GLSA 200505-18, May 23, 2005

Fedora Update Notifications,
FEDORA-2005
-561 & 562,
July 13, 2005

RedHat Security Advisory, RHSA-2005:373-23, September 28, 2005

RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005

Avaya Security Advisory, ASA-2005-225, October 18, 2005

Mandriva Security Advisory, MDKSA-2006:025, January 26, 2006

phpMyAdmin

phpMyAdmin 2.7 .0-beta1, 2.7

A vulnerability has been reported in the register_globals emulation layer in 'grab_globals.php' because the 'import_blacklist' variable is not properly protected, which could let a remote malicious user execute arbitrary HTML and script code and include arbitrary files.

Upgrades available

Gentoo

SuSE

There is no exploit code required.

PHPMyAdmin 'Import_Blacklist' Variable Overwrite

CVE-2005-4079

Secunia Advisory: SA17925, December 7, 2005

Gentoo Linux Security Advisory, GLSA 200512-03, December 12, 2005

SuSE Security Announcement, SUSE-SA:2006:004, January 26, 2006

SCO

Unixware 7.1.4, 7.1.3

A buffer overflow vulnerability has been reported in 'UIDAdmin' when processing excessive data, which could let a malicious user obtain superuser privileges.

Updates available

Avaya

Currently we are not aware of any exploits for this vulnerability.

SCO UnixWare Buffer Overflow

CVE-2005-3903

SCO Security Advisory, SCOSA-2005.54, December 12, 2005

Avaya Security Advisory, ASA-2006-034, January 30, 2006

Stalker Software, Inc.

Communigate Pro 5.0.7

A remote Denial of Service vulnerability has been reported in the LDAP component. This could potentially lead to the execution of arbitrary code.

Update to version 5.0.7.

Currently we are not aware of any exploits for this vulnerability.

Communigate Pro Server LDAP Remote Denial of Service

CVE-2006-0468

Security Focus, Bugtraq ID: 16407, January 28, 2006

Sun Microsystems, Inc.

Solaris 10.0 _x86

A Denial of Service vulnerability has been reported due to an unspecified error in the x64 kernel processing code.

Workaround & update available

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris x64 Kernel Processing Denial of Service

CVE-2006-0516

Sun(sm) Alert Notification
Sun Alert ID: 102149, January 31, 2006

SuSE

Novell Linux Desktop 1.0, Linux Professional 10.0, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1

A buffer overflow vulnerability has been reported in the 'nfs-server,' which could let a remote malicious user execute arbitrary code.

SUSE

Currently we are not aware of any exploits for this vulnerability.

SUSE NFS-SERVER Remote Buffer Overflow

CVE-2006-0043

SuSE Security Announcement, SUSE-SA:2006:005, January 25, 2006

Sylpheed

Sylpheed 2.0-2.0.3, 1.0.0-1.0.5

A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_get_line()' function when importing a LDIF file into the address book, which could let a remote malicious user obtain unauthorized access.

Upgrades available

Fedora

Gentoo

Debian

Debian

SUSE

Conectiva

Currently we are not aware of any exploits for this vulnerability.

Sylpheed LDIF Import Buffer Overflow

CVE-2005-3354

Bugtraq ID: 15363, November 9, 2005

Fedora Update Notification,
FEDORA-2005-1063, November 9, 2005

Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005

Debian Security Advisory, DSA 906-1, November 22, 2005

Debian Security Advisory, DSA 908-1, November 23, 2005

SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005

Conectiva Linux Security Advisory, CLSA-2006:1061, January 23, 2006

unalz

unalz 0.52, 0.51, 0.31, 0.23, 0.22, 0.2-0.5

A buffer overflow vulnerability has been reported when handling the '.alz' archive due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrades available

Debian

An exploit script has been published.

Unalz Archive Filename Buffer Overflow

CVE-2005-3862

Security Focus, Bugtraq ID: 15577, November 28, 2005

Debian Security Advisory, DSA-959-1, January 30, 2006

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Description

Common Name

CVSS
Resources

AndoNET

AndoNet Blog 2004.9.2

An SQL injection vulnerability has been reported in 'comentarios.php' due to insufficient sanitization of the 'entrada' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AndoNET Blog SQL Injection

CVE-2006-0462

Bugtraq ID: 16393, January 26, 2006

Andreas Huggel

Exiv2 0.6.2, 0.6.1, 0.3-0.8

A remote Denial of Service vulnerability has been reported when the 'sscanf()' function is used on input file data that is not NULL terminated.

Update available

A Proof of Concept exploit image file, exiv2-bug447.jpg, has been published.

Exiv2 Corrupted EXIF Data Remote Denial of Service

CVE-2005-4676

Security Focus, Bugtraq ID: 16400, January 27, 2006

Apache Software Foundation

Apache prior to 1.3.35-dev, 2.0.56-dev

A Cross-Site Scripting vulnerability has been reported in the 'Referer' directive in 'mod_imap' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.

OpenPKG

Trustix

Mandriva

Ubuntu

RedHat

Fedora

TurboLinux

There is no exploit code required.

Apache mod_imap Cross-Site Scripting

CVE-2005-3352

Security Tracker Alert ID: 1015344, December 13, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.029, December 14, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005

Mandriva Linux Security Advisory, MDKSA-2006:007, January 6, 2006

Ubuntu Security Notice, USN-241-1, January 12, 2006

RedHat Security Advisory, RHSA-2006:0158-4, January 17, 2006

Fedora Security Advisory, FEDORA-2006-052, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-1, January 25, 2006

Ashwebstudio

Ashnews 0.83

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a file include vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Ashwebstudio Ashnews Cross-Site Scripting & File Include

CVE-2003-1292
CVE-2006-0524

Not available
Security Focus, Bugtraq IDs: 16426 & 16436, January 30, 2006

Blackboard

Blackboard Academic Suite 6.0, Blackboard 6.0, 5.5.1, 5.5, 5.0.2, 5.0

A vulnerability has been reported in the authentication mechanism, which could let a malicious user obtain unauthorized access.

No workaround or patch available at time of publishing.

There is no exploit code required.

Blackboard Learning System Unauthorized Access

CVE-2006-0511

Not Available
Security Focus, Bugtraq ID: 16438, January 31, 2006

BrowserCRM

BrowserCRM 0

A Cross-Site Scripting vulnerability has been reported in 'results.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

BrowserCRM Cross-Site Scripting

CVE-2006-0521

Not available
Security Focus, Bugtraq ID: 16435, January 31, 2006

Calendarix

Calendarix 0.6.20050830

SQL injection vulnerabilities have been reported in 'cal_day.php' due to insufficient sanitization of the 'catview' parameter and in in 'admin/cal_login.php' due to insufficient sanitization of the 'login' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Calendarix Multiple SQL Injection

CVE-2006-0492

Secunia Advisory: SA18667, February 1, 2006

Chain Reaction Edition

CRE Loaded 6.15

A vulnerability has been reported in the '/admin/htmlarea/popups/
file/files.php' script due to insufficient authentication, which could let a remote malicious user upload/create/delete arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.

CRE Loaded Files.PHP Access Validation

CVE-2006-0478

Secunia Advisory: SA18648, January 30, 2006

Cheesy
Blog

CheesyBlog 1.4, 1.0

An HTML vulnerability has been reported due to insufficient sanitization of various fields when posting a comment, which could let a remote malicious user execute arbitrary HLTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

CheesyBlog Multiple HTML Injection

CVE-2006-0443

Secunia Advisory: SA18610, January 26, 2006

Cisco Systems

Cisco IOS 12.0T & later

A vulnerability has been reported in the AAA (Authentication, Authorization, and Accounting) command due to insufficient authorization checks, which could let a remote malicious user obtain elevated privileges.

Patch Information

There is no exploit code required.

Cisco IOS AAA Command Authorization

CVE-2006-0485

Cisco Security Notice, 68840, January 25, 2006

Cisco Systems

Cisco VPN 3080 Concentrator 4.7.1 F, 4.7.1, VPN 3060 Concentrator 4.7.1 F, 4.7.1 , VPN 3030 Concentrator 4.7.1 F, 4.7.1, VPN 3020 Concentrator 4.7.1 F, 4.7.1, VPN 3015 Concentrator 4.7.1 F, 4.7.1, VPN 3005 Concentrator 4.7.1 F, 4.7.1, Catalyst 2926GL 4.7.2 A, 2926GL 4.7.2, 2926GL 4.7, 2926GL 4.7 REL

A remote Denial of Service vulnerability has been reported when handling a specially-crafted HTTP packet.

The vendor reports that the vulnerability has been fixed in software version 4.7.2.B. However, this is not correct according to the discoverer of the vulnerability.

Currently we are not aware of any exploits for this vulnerability.

Cisco VPN 3000 Concentrator Remote Denial of Service

CVE-2006-0483

Cisco Security Advisory, cisco-sa-20060126, January 26, 2006

Daffodil CRM

Daffodil CRM 1.5

An SQL injection vulnerability has been reported in 'userlogin.asp' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Daffodil CRM SQL Injection

CVE-2006-0510

Not Available
Security Focus, Bugtraq ID: 16433, January 30, 2006

Dragoran Portal

Dragoran Portal 1.3

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'site' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit script , ipbpro.pl, has been published.

IPB Portal Module SQL Injection

CVE-2006-0520

Not available
Secunia Advisory: SA18664, February 1, 2006

Drupal

Drupal 4.6-4.6.3, 4.5-4.5.5

Multiple vulnerabilities have been reported: an input validation vulnerability was reported when filtering HTML code, which could let a remote malicious user inject arbitrary JavaScript code; an input validation vulnerability was reported due to an error in the attachment handling, which could let a remote malicious user upload a malicious image and inject arbitrary HTTP headers; and a vulnerability was reported in the 'access user profile' permission can a remote malicious user can bypass it.

Upgrades available

Debian

There is no exploit code required.

Drupal Multiple Vulnerabilities

CVE-2005-3973
CVE-2005-3974
CVE-2005-3975

2.3
(CVE-2005-3973)

1.4
(CVE-2005-3975)

Secunia Advisory: SA17824, December 1, 2005

Debian Security Advisory,
DSA-958-1, January 27, 2006

EasyCMS

EasyCMS 0

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

The vendor has announced that fixes for this issue are pending.

There is no exploit code required.

EasyCMS Multiple Cross-Site Scripting

CVE-2006-0507
CVE-2006-0508

Not Available
Security Focus, Bugtraq ID: 16430, January 31, 2006

E-Post Corporation

Mail Server 4.x, Mail Server Enterprise 4.x, SMTP Server 4.x, SMTP Server Enterprise 4.x,
SPA-PRO Mail @Solomon 4.x,
SPA-PRO Mail @Solomon Enterprise 4.x.
SPA-PRO SMTP @Solomon 4.x

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the SMTP service due to a boundary error when handling the username supplied to the 'AUTH PLAIN' and 'AUTH LOGIN' commands, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in the POP3 service when handling the username supplied to the APOP command, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the IMAP service when handling the mailbox name passed to the DELETE command; a vulnerability was reported in the IMAP service due to an input validation error when handling arguments passed to the LIST command, which could let a remote malicious user obtain sensitive information and cause a Denial of Service; input validation vulnerabilities were reported in the IMAP service when handling the APPEND, COPY, and RENAME commands, which could let a remote malicious user create 'MSG' files and arbitrary directories; and a remote Denial of Service vulnerability was reported in the IMAP service when handling the APPEND command.

The vendor has released patches and updates to address these issues

Currently we are not aware of any exploits for these vulnerabilities.

E-Post Mail Server Products Multiple Vulnerabilities

CVE-2006-0447
CVE-2006-0448
CVE-2006-0449

7
(CVE-2006-0447)

7
(CVE-2006-0448)

2.3
(CVE-2006-0449)

Secunia Advisory: SA18480, January 25, 2006

FarsiNews

FarsiNews 2.1 Beta2

A file include vulnerability has been reported in 'loginout.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

FarsiNews Remote File Include

CVE-2006-0502

Not Available
Security Focus, Bugtraq ID: 16440, January 31, 2006

Gallery Project

Gallery 1.5.2-RC2

An HTML injection vulnerability has been reported due to insufficient sanitization of the user's fullname before using, which could let a remote malicious user execute arbitrary HTML and script code.

Gentoo

There is no exploit code required.

Gallery HTML Injection

CVE-2006-0330

Secunia Advisory: SA18557, January 20, 2006

Gentoo Linux Security Advisory, GLSA 200601-13, January 26, 2006

 

Groupee.com

UBBThreads 6.3 & prior

An SQL injection vulnerability has been reported in the 'showflat.php' script due to insufficient validation of the 'Number' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

UBBThreads SQL Injection
Not available
Security Tracker Alert ID: 1015549, January 29, 2006

MiniGal

MG2 0.5.1

An HTML-injection vulnerability has been reported in the 'Name' form field when adding a comment on a picture, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

MiniGal MG2 HTML Injection

CVE-2006-0493

Security Focus, Bugtraq ID: 16428, January 30, 2006

MiniNuke

MiniNuke CMS 1.8.2

Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code and change an arbitrary user's password.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits and an exploit script, mininuke_182.pl, have been published.

MiniNuke Multiple Input Validation
Not available
Security Focus, Bugtraq ID: 16416, January 30, 2006

Mozilla

Firefox 1.5 & prior

A Cross-Domain Scripting vulnerability has been reported in the '-moz-binding' property which could lead to the execution of arbitrary script code.

No workaround or patch available at time of publishing.

Proof of Concept exploits have been published.

Mozilla Firefox Cross-Domain Scripting

CVE-2006-0496

Security Focus, Bugtraq ID: 16427, January 30, 2006

Mozilla

Firefox 1.5, Netscape Browser 8.0.4; Netscape Browser 8.0.4

A remote Denial of Service vulnerability has been reported when handling large history information. Note: The vendor disputes this claim.

Netscape

A Proof of Concept exploit script has been published.

Mozilla History File Remote Denial of Service

CVE-2005-4134

Secunia Advisory: SA17934, December 8, 2005

Security Focus, Bugtraq ID: 15773, January 27, 2006

Multiple Vendors

EMC Legato Networker 7.2.1; Sun Solstice Backup 6.x, StorEdge Enterprise Backup 7.x

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling corrupted RPC packets due to an error; and a vulnerability was reported due to two unspecified errors, which could let a remote malicious user obtain unauthorized access and execute arbitrary code.

Hotfix

Sun

Currently we are not aware of any exploits for these vulnerabilities.

EMC NetWorker Code Execution

CVE-2005-3658
CVE-2005-3659

7
(CVE-2005-3658)

2.3
(CVE-2005-3659)

Secunia Advisory: SA18495, January 17, 2006

Sun(sm) Alert Notification
Sun Alert ID: 102148, January 30, 2006

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available

RedHat

Mandriva

Gentoo

Trustix

SGI

OpenPKG

SCO

FedoraLegacy

SCO

Avaya

There is no exploit code required.

Lynx URI Handlers Arbitrary Command Execution

CVE-2005-2929

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

SCO Security Advisory, SCOSA-2005.55, December 14, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

SCO Security Advisory, SCOSA-2006.7, January 10, 2006

Avaya Security Advisory, ASA-2006-035, January 30, 2006

Multiple Vendors

Cisco Systems Cisco Aironet 1200 Series Access Point, 350 Series Access Point, Content Services Switch 11000 Series (WebNS), MGX 8200 Series Edge Concentrators, MGX 8800 Series Multiservice Switches, MGX 8900 Series Multiservice Switches, SN5400 Series Storage Routers; OpenBSD 3.x; Hitachi GR2000 Series Gigabit Routers, GR4000 Series Gigabit Routers, GS3000 Series Gigabit Switches, GS4000 Series Gigabit Switches; ALAXALA Networks AX5400S, AX7800R, AX7800S; FreeBSD FreeBSD 2.x, 3.x, 4.x; Avaya Intuity Audix R4, R5

A remote Denial of Service vulnerability has been reported in the Protection Against Wrapped Sequence Numbers (PAWS) technique that was included to increase overall TCP performance.

Update information

OpenBSD

Hitachi: The vendor has issued updated versions.

ALAXALA: Customers are advised to contact the vendor in regards to obtaining and applying the appropriate update.

Microsoft

FreeBSD

Avaya

An exploit script has been published.

Cisco Various Products TCP Timestamp Denial of Service

CVE-2005-0356

Cisco Security Notice, 64909, May 18, 2005

Microsoft Security Advisory (899480), May 18, 2005

US-CERT VU#637934

FreeBSD CVS Log, May 25, 2005

Avaya Security Advisory, ASA-2006-032, January 30, 2006

My little homepage

My Little Weblog 2004.4.20, My Little Guestbook 2004.4.20, my little forum 2004.4.20

A vulnerability has been reported due to insufficient sanitization of the 'link' BBcode tag when posting a message, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

My Little Homepage BBCode Link Tag Script Injection

CVE-2006-0471
CVE-2006-0472
CVE-2006-0473

2.3
(CVE-2006-0471)

2.3
(CVE-2006-0472)

2.3
(CVE-2006-0473)

Security Focus, Bugtraq ID: 16395, January 26, 2006

MyBB Group

MyBulletinBoard 1.2

 

Cross-Site Scripting vulnerabilities have been reported in 'search.php' due to insufficient sanitization of the 'sortby' and 'sortordr' parameters and in 'usercp2.php' due to insufficient sanitization of the 'referer' HTTP header when adding a thread to favorites, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'plugin' parameter because arbitrary files can be included when activating a plugin in the plugin manager.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

MyBB Cross-Site Scripting & Plugin Manager

CVE-2006-0470

Secunia Advisory: SA18617, January 31, 2006

Nuked-Klan

Nuked-Klan 1.7

A Cross-Site Scripting vulnerability has been reported in 'Index.PHP' due to insufficient sanitization of the 'letter' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Nuked-klaN Cross-Site Scripting

CVE-2006-0506

Not Available
Security Focus, Bugtraq ID: 16424, January 30, 2006

OpenSSH

OpenSSH 4.1, 4.0, p1

Several vulnerabilities have been reported: a vulnerability was reported due to an error when handling dynamic port forwarding when no listen address is specified, which could let a remote malicious user cause "GatewayPorts" to be incorrectly activated; and a vulnerability was reported due to an error when handling GSSAPI credential delegation, which could let a remote malicious user be delegated with GSSAPI credentials.

OpenBSD

Fedora

Trustix

Slackware

Fedora

RedHat

Mandriva

Ubuntu

Conectiva

HP

Avaya

There is no exploit code required.

OpenSSH DynamicForward Inadvertent GatewayPorts Activation & GSSAPI Credentials

CVE-2005-2797
CVE-2005-2798

3.3
(CVE-2005-2797)

3.3
(CVE-2005-2798)

Secunia Advisory: SA16686, September 2, 2005

Fedora Update Notification,
FEDORA-2005-858, September 7, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005

Slackware Security Advisory, SSA:2005-251-03, September 9, 2005

Fedora Update Notification,
FEDORA-2005-860, September 12, 2005

RedHat Security Advisory, RHSA-2005:527-16, October 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:172, October 6, 2005

Ubuntu Security Notice, USN-209-1, October 17, 2005

Conectiva Linux Announcement, CLSA-2005:1039, October 19, 2005

Security Focus, Bugtraq ID: 14729, January 10, 2006

Avaya Security Advisory, ASA-2006-033, January 30, 2006

Oracle Corporation

JD Edwards EnterpriseOne 8.x, Oracle Application Server 10g,
Collaboration Suite Release 1 & Release 2,
Database 8.x, Database Server 10g, Developer Suite 10g, E-Business Suite 11i, Enterprise Manager 10.x,
Oracle9i Application Server,
Oracle9i Database Enterprise Edition,
Oracle9i Database Standard Edition,
Oracle9i Developer Suite,
PeopleSoft Enterprise Portal 8.x; HP Oracle for OpenView (OfO) 8.x, 9.x

82 vulnerabilities and security issues have been reported in various Oracle products, which could lead to information disclosure, arbitrary files overwritten, and arbitrary SQL code injection.

patch information

HP

An exploit would not be required for some of these issues.

Oracle January Security Update

CVE-2005-2371
CVE-2005-2378

CVE-2006-0256 through CVE-2006-0291

3.3
(CVE-2005-2371)

3.3
(CVE-2005-2378)

7
(CVE-2006-0256 through CVE-2006-0271)

7
(CVE-2006-0272 through CVE-2006-0278)

4.9
(CVE-2006-0279 & CVE-2006-0280)

7
(CVE-2006-0281 through CVE-2006-0291)

Security Focus, Bugtraq ID: 16287, January 17, 2006

US-CERT VU#545804

Technical Cyber Security Alert TA06-018A

US-CERT VU#472148

US-CERT VU#925261

US-CERT VU#857412

US-CERT VU#871756

US-CERT VU#999268

US-CERT VU#629316

US-CERT VU#983340

US-CERT VU#150332

US-CERT VU#891644

US-CERT VU#870172

Hewlett Packard Security Bulletin, HPSBMA02094, January 25, 2006

Oracle Corporation

Oracle Application Server 10g, Database 8.x, HTTP Server 8.x, 9.x,
Oracle9i Application Server,
Oracle9i Database Enterprise Edition,
Oracle9i Database Standard Edition

A vulnerability has been reported in the Oracle PL/SQL Gateway component when validating certain HTTP requests, which could let a remote malicious user bypass certain security restrictions.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Oracle Products PL/SQL Gateway Security Bypass

CVE-2006-0435

Security Tracker Alert ID: 1015544, January 25, 2006

US-CERT VU#169164

Paros

Paros 3.2.5

A vulnerability has been reported in the built-in 'hsqldb' database due to a default password, which could let a remote malicious bypass authentication procedures.

U[date available

Gentoo

There is no exploit code required.

Paros 'HSQLDB' Remote Authentication Bypass

CVE-2005-3280

Security Focus, Bugtraq ID: 15141, October 19, 2005

Gentoo Linux Security Advisory, GLSA 200601-15, January 29, 2006

PHP

PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x

Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_
globals' directive; a Cross-Site Scripting vulnerability was reported in the 'phpinfo()' PHP function due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an integer overflow vulnerability was reported in 'pcrelib' due to an error, which could let a remote malicious user corrupt memory.

Upgrades available

SUSE

TurboLinux

Fedora

RedHat

RedHat

Gentoo

Mandriva

SUSE

Trustix

SGI

OpenPKG

Ubuntu

Avaya

There is no exploit code required.

3.3
(CVE-2005-3388)

3.3
(CVE-2005-3389)

8
(CVE-2005-3390)

7
(CVE-2005-3391)

7
(CVE-2005-3392)

Secunia Advisory: SA17371, October 31, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Turbolinux Security Advisory TLSA-2005-97, November 5, 2005

Fedora Update Notifications,
FEDORA-2005-1061 & 1062, November 8, 2005

RedHat Security Advisories, RHSA-2005:838-3 & RHSA-2005:831-15, November 10, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.027, December 3, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

SUSE Security Announcement, SUSE-SA:2005:069, December 14, 2005

Ubuntu Security Notice, USN-232-1, December 23, 2005

Avaya Security Advisory, ASA-2006-037, January 31, 2006

Phpclanwebsite

Phpclanwebsite 1.23.1

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'par' and 'poll_id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script, Phpclanwebsite.
1.23.1.SQL.Injection.pl, has been published.

Phpclanwebsite SQL Injection

CVE-2006-0444

Security Focus, Bugtraq ID: 16391, January 26, 2006

PHP-Ping

PHP-Ping 1.3

A remote Denial of Service vulnerability has been reported in the 'count' parameter due to insufficient validation.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

PHP-Ping Remote Denial of Service

CVE-2006-0475

Secunia Advisory: SA18645, January 30, 2006

Pioneers

Pioneers 0.9.40

A remote Denial of Service vulnerability has been reported due to a boundary error when handling overly long chat messages.

Update available

There is no exploit code required.

Pioneers Remote Denial of Service

CVE-2006-0467

Security Focus, Bugtraq ID: 16429, January 30, 2006

PMachine

ExpressionEngine 1.4.1

An HTML injection vulnerability has been reported in the HTTP 'Referer' header due to insufficient sanitization before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PMachine ExpressionEngine HTML Injection

CVE-2006-0461

Security Focus, Bugtraq ID: 16377, January 25, 2006

PmWiki

PmWiki 2.1 beta20

A vulnerability has been reported in the 'GLOBALS' array parameter due to an error in the unregister 'register_globals' layer, which could let a remote malicious user execute arbitrary HTML and script code.

The vulnerability has been fixed in version 2.1 beta 21.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PmWiki Unregister Layer Bypass

CVE-2006-0479

Secunia Advisory: SA18634, January 30, 2006

PunctWeb

MyCO Guestbook 1.0

An HTML injection vulnerability has been reported due to insufficient sanitization of the name field before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required

PunctWeb MyCO HTML Injection

CVE-2006-0500
CVE-2006-0501

Not Available
Security Focus, Bugtraq ID: 16444, January 31, 2006

spaiz-nuke.net

sPaiz-Nuke CMS 0

A Cross-Site Scripting vulnerability has been reported in 'Modules.PHP' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

sPaiz-Nuke Cross-Site Scripting

CVE-2006-0480

Security Focus, Bugtraq ID: 16412, January 30, 2006

SPIP

SPIP 1.9.Alpha 1, 1.8.2-d

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'forum.php3' due to insufficient sanitization of the 'id_article' and 'id_forum' parameters being using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'index.php3' due to insufficient sanitization of the 'lang' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

SPIP SQL Injection & Cross-Site Scripting

CVE-2006-0518
CVE-2006-0519

2.3
(CVE-2006-0518)

2.3
(CVE-2006-0519)

Secunia Advisory: SA18676 , February 1, 2006

subzane

SZUserMgnt 1.4

An SQL injection vulnerability has been reported in 'login.verify.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SZUserMgnt SQL Injection

CVE-2006-0491

Security Focus, Bugtraq ID: 16454, February 1, 2006

UebiMiau

UebiMiau 2.7.9

An HTML injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

UebiMiau HTML Injection

CVE-2006-0469

Security Focus, Bugtraq ID: 16413, January 30, 2006

Webgroup Media

Cerberus Helpdesk 2.7.1 Development Release, Helpdesk 2.7

A Cross-Site Scripting vulnerability has been reported in 'clients.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Cerberus Helpdesk Cross-Site Scripting

CVE-2006-0509

Not Available
Security Focus, Bugtraq ID: 16439, January 31, 2006

Xpdf

Xpdf 3.01

A heap-based buffer overflow vulnerability has been reported when handling PDF splash images with overly large dimensions, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Xpdf PDF Splash Remote Buffer Overflow

CVE-2006-0301

Secunia Advisory: SA18677, February 1, 2006

Yourboard

Rlink 1.0

A Cross-Site Scripting vulnerability has been reported in 'Rlink.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

phpBB Rlink Module Cross-Site Scripting

CVE-2006-0499

Not Available
Security Focus, Bugtraq ID: 16448, January 31, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.
  • Bluetooth set to take over wireless from Wi-Fi... : The IEEE has abandoned its effort to create a Ultra-Wide Band (UWB) standard, but has agreed on a draft for the next generation of WiFi, 802.11n.
  • Mobile devices are IT managers' security headache: According to a survey of 500 enterprise IT managers in the U.S., U.K., Germany and France, two-thirds of IT managers are still experiencing security breaches because of poor practices on mobile devices. The survey found that companies lacked the necessary corporate policies to prevent laptops and other devices access to the network without adequate security checks. Sixty-six percent of IT Managers experienced security breaches and feel anti-virus software is not enough to keep malware out of their infrastructure. Sixty percent of respondents said their organization has no way of scanning devices connecting to their network or quarantining any system that does not meet their company's security requirements.


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.

  • Expert: Botnets No. 1 emerging Internet threat: According to the security firm, Panda Labs, bots are the fastest growing malware threat. More than 10,000 new variants were detected last year. They reported a 175-percent jump in new bots in 2005, making them 20 percent of the total new malware detected.
  • Exploit for Buffer Overflow Vulnerability in Winamp: US-CERT is aware of a public exploit for a buffer overflow vulnerability in Winamp. The buffer overflow is triggered when Winamp processes a specially crafted playlist (.PLS) file that has a long computer name.
  • BIOS Could Hide Rootkits: According to a presentation at the Black Hat conference in Washington, D.C., attackers armed with rootkits may hide some of their malicious code inside the PC's BIOS flash memory. Attackers could use the Advanced Configuration and Power Interface (ACPI), a collection of power management controls, and its programming language to code and/or deploy a rootkit into the BIOS flash memory. They could even replace legitimate functions in the ACPI's language with their own, malicious, operations.
  • Security vendors open another front against spyware: Trend Micro, Symantec, and McAfee have joined forced with ICSA Labs and Thompson Cyber Security Labs to develop standards for spyware detection.
  • Browsers face triple threat: According to Polish security researcher, Michael Zalewski, due to the way cookies are handled three bugs exist that could be used to carry out attacks on commercial websites. The bugs are fundamental to the design and implementation of cookies. One of which was first disclosed eight years ago, but still hasn't been fixed in the major browsers.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2 Lovgate.w Win32 Worm Increase April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
3 Mytob-GH Win32 Worm Slight Decrease November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
4 Netsky-D Win32 Worm Slight Decrease March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
5 Mytob.C Win32 Worm Increase March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
6 Mytob-BE Win32 Worm Increase June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
7 Sober-Z Win32 Worm Decrease December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
8 Zafi-B Win32 Worm Decrease June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
9 Mytob-AS Win32 Worm Slight Increase June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
10 Zafi-D Win32 Worm Decrease December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.

Table updated February 1, 2006

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top