Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #307
----------------------------------------

This Issue is Sponsored By: VeriSign

FREE SSL Security Kit from VeriSign
VeriSign(r) SSL Certificates protect e-commerce and other private information
with SGC-enabled 128-bit encryption, the strongest SSL protection available
anywhere. Get a Free SSL Security Kit.

http://www.securityfocus.com/sponsor/Verisign_sf-news_050719

------------------------------------------------------------------
I.    FRONT AND CENTER
        1. If it isn't broken...
        2. Microsoft and Claria, together at last?
        3. Introduction to IPAudit
II.   BUGTRAQ SUMMARY
        1. ID Team ID Board SQL.CLS.PHP SQL Injection Vulnerability
        2. Linux Kernel IA32 ExecVE Local Buffer Overflow Vulnerability
        3. DHCPCD Remote Denial of Service Vulnerability
        4. Web Wiz Forums Information Disclosure Vulnerability
        5. Spid lang_path  File Include Vulnerability
        6. PPA ppa_root_path  File Include Vulnerability
        7. Backup Manager Insecure Temporary File Creation Vulnerability
        8. DownloadProtect Download.PHP Directory Traversal Vulnerability
        9. SoftiaCom WMailserver Local Information Disclosure Vulnerability
        10. SoftiaCom WMailserver Remote Denial Of Service Vulnerability
        11. Microsoft Windows Color Management Module ICC Profile Buffer
Overflow Vulnerability
        12. F5 BIG-IP Unspecified SSL Authentication Bypass Vulnerability
        13. Microsoft Word Malformed Document Font Processing Buffer Overflow
Vulnerability
        14. Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
        15. SGI ArrayD ARShell Remote Privilege Escalation Vulnerability
        16. Squito Gallery Photolist.INC.PHP File Include Vulnerability
        17. Dragonfly Commerce Multiple SQL Injection Vulnerabilities
        18. Check Point SecuRemote NG Local Information Disclosure Vulnerability
        19. PHPsFTPd Inc.Login.PHP Privilege Escalation Vulnerability
        20. DVBBS ShowErr.ASP Cross-Site Scripting Vulnerability
        21. Moodle Unspecified Security Vulnerability
        22. Microsoft Outlook Express Multiple Vulnerabilities
        23. ASPNuke Comment_Post.ASP Cross-Site Scripting Vulnerability
        24. XPVM Insecure Temporary File Creation Vulnerability
        25. iPhotoAlbum Multiple File Include Vulnerabilities
        26. Nokia Affix BTFTP Client Filename Remote Buffer Overflow
Vulnerability
        27. Nokia Affix BTSRV/BTOBEX Remote Command Execution Vulnerability
        28. Linux-HA Heartbeat Insecure Temporary File Creation Vulnerability
        29. SMS Insecure Temporary File Creation Vulnerability
        30. ELMO Insecure Temporary File Creation Vulnerability
        31. MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap
Overflow Vulnerability
        32. Yawp Conf_Path Remote File Include Vulnerability
        33. Oracle July Security Update Multiple Vulnerabilities
        34. MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free
Vulnerability
        35. MIT Kerberos 5 Key Distribution Center Remote Denial of Service
Vulnerability
        36. Apple Mac OSX Unspecified TCP/IP Remote Denial Of Service
Vulnerability
        37. Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
        38. MailEnable IMAP SELECT Request Buffer Overflow Vulnerability
        39. Emilda Management.PHP Input Validation Vulnerability
        40. WPS Wps_shop.CGI Remote Command Execution Vulnerability
        41. Cisco ONS 15216 OADM Management Plane Telnet Service Remote Denial
Of Service Vulnerability
        42. Cisco Security Agent Crafted IP Packet Denial Of Service
Vulnerability
        43. Clearswift MIMEsweeper For Web ActiveX Bypass Vulnerability
        44. ESi WebEOC Multiple Input Validation Privilege Escalation and Denial
of Service Vulnerabilities
        45. Cisco CallManager RISDC Remote Denial Of Service Vulnerability
        46. Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability
        47. Cisco CallManager CCM.EXE Remote Denial Of Service Vulnerability
        48. Cisco CallManager Multiple Failed Logins Remote Denial Of Service
Vulnerability
        49. SquirrelMail Variable Handling Vulnerability
        50. Cisco CallManager AUPair Service Remote Heap Buffer Overflow
Vulnerability
        51. PHPCounter EpochPrefix Cross Site Scripting Vulnerabillity
        52. NetPanzer Remote Denial of Service Vulnerability
        53. Hosting Controller Multiple SQL Injection Vulnerabilities
        54. Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial
Of Service Vulnerability
        55. Microsoft Windows Network Connections Manager Library Local Denial
of Service Vulnerability
        56. Class-1 Forum Users.PHP Cross Site Scripting Vulnerabilities
        57. BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers
Scan Evasion Vulnerability
        58. DG Remote Control Server Remote Denial of Service Vulnerability
        59. Laffer IM.PHP File Include Vulnerability
        60. Easy Software Products CUPS Access Control List Bypass Vulnerability
        61. Simple Message Board Forum.CFM Cross-Site Scripting Vulnerability
        62. Simple Message Board User.CFM Cross-Site Scripting Vulnerability
        63. Simple Message Board Thread.CFM Cross-Site Scripting Vulnerability
        64. Simple Message Board Search.CFM Cross-Site Scripting Vulnerability
        65. Sophos Anti-Virus BZip2 Archive Handling Remote Denial Of Service
Vulnerability
        66. Macromedia JRun Unauthorized Session Access Vulnerability
        67. Oracle HTTP Server Unspecified Malformed Request Denial Of Service
Vulnerability
        68. Oracle HTTP Server MOD_OSSO Partner Application Cookie Expiration
Weakness
        69. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
        70. Oracle HTTP Server MOD_ORADAV ORAALTPASSWORD Obfuscation Weakness
        71. Clever Copy Calendar.PHP Cross-Site Scripting Vulnerability
        72. Oracle Webcache SSL Encryption Downgrade Weakness
        73. MooseGallery Display.PHP File Include Vulnerability
        74. Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site
Scripting Vulnerability
        75. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer
Overflow Vulnerability
        76. Hosting Controller Multiple Remote Vulnerabilities
        77. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost
Denial Of Service Vulnerability
        78. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption
Denial Of Service Vulnerability
        79. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial
Of Service Vulnerability
        80. Sybase EAServer Remote Buffer Overflow Vulnerability
        81. Microsoft MSN Messenger / Internet Explorer Image ICC Profile
Processing Vulnerability
III.  SECURITYFOCUS NEWS
        1. Report: Squatters a major problem for credit-report site
        2. Desktop port proliferation a security risk?
        3. Microsoft to reward informants after Sasser conviction
        4. Flawed USC admissions site allowed access to applicant data
        5. Dell rejects spyware charge
        6. Phlooding attack could leave enterprises high and dry
        7. British government lost 150 PCs this year
        8. Sophos glitch leaves PCs hanging
IV.   SECURITY JOBS LIST SUMMARY
        1. [SJ-JOB] Security Engineer, Dallas
        2. [SJ-JOB] Quality Assurance, Cupertino
        3. [SJ-JOB] Manager, Information Security, Chicago
        4. [SJ-JOB] Information Assurance Analyst, Chicago
        5. [SJ-JOB] Management, Washington
        6. [SJ-JOB] Technical Support Engineer, Austin
        7. [SJ-JOB] CHECK Team Leader, London
        8. [SJ-JOB] Security Consultant, Toronto
        9. [SJ-JOB] Security Product Marketing Manager, San Mateo
        10. [SJ-JOB] Security Consultant, Boston
        11. [SJ-JOB] Sales Engineer, Boston
        12. [SJ-JOB] Customer Support, Austin
        13. [SJ-JOB] Security Consultant, New York City
        14. [SJ-JOB] Training / Awareness Specialist, Jersey City
V.    INCIDENTS LIST SUMMARY
        1. Port Zero
        2. Strange Traffic UDP port 8193
VI.   VULN-DEV RESEARCH LIST SUMMARY
        1. Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2
VII.  MICROSOFT FOCUS LIST SUMMARY
        1. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
        2. R: Changing Windows domain password over Internet
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
        1. SID HIDS 0.4.2 released
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. If it isn't broken...
By Jason Miller
The recently introduced zlib vulnerability is both widespread and significant,
but it also brings to light some of the real advantages of open source software.
http://www.securityfocus.com/columnists/341

2. Microsoft and Claria, together at last?
By Scott Granneman
Microsoft is looking to buy Claria, the nefarious spyware company that created
Gator, and it's an absolute slap in the face to all Windows users concerned
about security.
http://www.securityfocus.com/columnists/340

3. Introduction to IPAudit
By Paul Asadoorian
This article described the usefulness of IPAudit, a network took similar to
Netflow that is used to discover botnets, compromised hosts, and other security
issues on larger networks.
http://www.securityfocus.com/infocus/1842


II.  BUGTRAQ SUMMARY
--------------------
1. ID Team ID Board SQL.CLS.PHP SQL Injection Vulnerability
BugTraq ID: 14204
Remote: Yes
Date Published: 2005-07-10
Relevant URL: http://www.securityfocus.com/bid/14204
Summary:
ID Board is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

This issue is reported to affect ID Board version 1.1.3; other versions may also
be vulnerable.


2. Linux Kernel IA32 ExecVE Local Buffer Overflow Vulnerability
BugTraq ID: 14205
Remote: No
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14205
Summary:
The Linux kernel is susceptible to a local buffer overflow vulnerability. This
issue is due to a race condition in an ia32 emulation system call that leads to
a memory copy operation that overflows a previously allocated memory buffer.

During the time between two function calls to obtain buffer sizes, there exists
a window of opportunity for attackers to alter memory contents. This race
condition allows local attackers to overwrite critical kernel memory,
facilitating kernel-level machine code execution and privilege escalation.

On multiprocessor computers, attackers can directly alter the memory contents to
exploit this race condition. On uniprocessor computers, a blocking function call
allows attackers to exploit the race condition.

Versions of Linux 2.4 prior to 2.4.32-pre1, and Linux 2.4, prior to 2.6.7 are
susceptible to this issue.

This vulnerability only affects computers running on either the ia64, or the
amd64 hardware platforms with ia32 emulation enabled.

3. DHCPCD Remote Denial of Service Vulnerability
BugTraq ID: 14206
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14206
Summary:
dhcpcd is prone to a remote denial of service vulnerability.

The issue presents itself when the application handles malformed data and
accesses out of bounds memory.

dhcpcd 1.3.22pl4 is reported to be affected.  It is possible that older versions
are vulnerable as well.

4. Web Wiz Forums Information Disclosure Vulnerability
BugTraq ID: 14207
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14207
Summary:
Web Wiz Forums is affected by an information disclosure vulnerability.  This
issue is due to a failure in the application to properly verify user credentials
before displaying message titles.  An attacker can retrieve the titles of
messages in hidden forums.

This issue is reported to affect Web Wiz Forums version 8.0alpha and 7.9;
earlier versions may also be vulnerable.

5. Spid lang_path  File Include Vulnerability
BugTraq ID: 14208
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14208
Summary:
SPiD is a gallery management application written in PHP.

SPiD is prone to a remote file include vulnerability, due to lack of validation
of user input.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.



6. PPA ppa_root_path  File Include Vulnerability
BugTraq ID: 14209
Remote: Yes
Date Published: 2005-07-10
Relevant URL: http://www.securityfocus.com/bid/14209
Summary:
PPA is susceptible to a remote file include vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.



7. Backup Manager Insecure Temporary File Creation Vulnerability
BugTraq ID: 14210
Remote: No
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14210
Summary:
Backup Manager is affected by an insecure temporary file creation vulnerability.

The issue arises when a user burns a CDR.  This issue may allow an attacker to
create a malicious symbolic link that will be written to by the vulnerable
utility when an unsuspecting user executes it.

Backup Manager versions prior to 0.5.8b are affected.

8. DownloadProtect Download.PHP Directory Traversal Vulnerability
BugTraq ID: 14211
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14211
Summary:
DownloadProtect is affected by a directory traversal vulnerability. This issue
is due to a failure in the application to properly sanitize input. The problem
presents itself in the 'download.php' script via the 'file' parameter.

This issue is reported to affect DownloadProtect versions 1.0.2b and prior.


9. SoftiaCom WMailserver Local Information Disclosure Vulnerability
BugTraq ID: 14212
Remote: No
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14212
Summary:
SoftiaCom WMailserver is prone to a local information disclosure vulnerability.
The application stores passwords in the windows registry.

A local attacker may exploit this issue to disclose potentially sensitive
information.

10. SoftiaCom WMailserver Remote Denial Of Service Vulnerability
BugTraq ID: 14213
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14213
Summary:
SoftiaCom WMailserver contains a denial of service vulnerability in its
connection handling code.

If an attacker is able to connect to the SMTP service, and send an excessive
chunk of data, reports indicate that the affected application will terminate
unexpectedly.

A remote attacker is able to terminate the application, denying service to
legitimate users.


11. Microsoft Windows Color Management Module ICC Profile Buffer Overflow
Vulnerability
BugTraq ID: 14214
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14214
Summary:
Microsoft Windows is prone to a buffer overflow vulnerability in the Color
Management Module.  The issue is due to a boundary condition error related to
the parsing of ICC (International Color Consortium) Profile tags in various
supported image and document formats.

ICC Profile data may possibly be embedded in various file formats, including
JPEG, GIF, EXIF, TIFF, PNG, PICT, PDF, PostScript, SVG, JDF, and CSS3.  Some of
these formats may not provide an attack vector, especially if Microsoft does not
provide native support or does not call the vulnerable functionality when
handling certain formats.

Successful exploitation may result in execution of arbitrary code in the context
of the currently logged in user.  This vulnerability could be exploited through
a Web site that hosts a malicious document, by previewing or opening malicious
content in email, or through other means that will allow an attacker to send the
victim a malicious document.

There is also a risk that other Microsoft or third-party applications that rely
on the affected functionality may be vulnerable.  A number of third-party
applications may ship with vulnerable libraries, so may remain vulnerable
despite having applied the Microsoft patch.  Symantec is not aware of any such
vendors at the time of writing.


12. F5 BIG-IP Unspecified SSL Authentication Bypass Vulnerability
BugTraq ID: 14215
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14215
Summary:
F5 BIG-IP is susceptible to an unspecified SSL authentication bypass
vulnerability.

It is conjectured that if the BIG-IP is configured to authenticate by utilizing
certificate-based authentication, attackers may be able to bypass the requested
authentication checks. This allows remote attackers to gain access to protected
Web sites. Depending on the nature of the protected Web sites, various further
attacks may also be possible.

Further details are not currently available. This BID will be updated as more
information is disclosed.

Versions of BIP-IP from 9.0.2 through to 9.1 are affected.

13. Microsoft Word Malformed Document Font Processing Buffer Overflow
Vulnerability
BugTraq ID: 14216
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14216
Summary:
Microsoft Word is affected by a remote buffer overflow vulnerability.

This vulnerability presents itself when a .doc file contains specific malformed
input. Upon attempting to read the malformed .doc file, the affected application
fails to properly validate data within the file. This may result in the attacker
being able to control the flow of program execution.

Attackers may exploit this vulnerability to execute arbitrary code in the
context of the victim user attempting to access the malformed Word file.



14. Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
BugTraq ID: 14217
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14217
Summary:
ASP.NET is susceptible to a remote denial of service vulnerability. This issue
is due to the possibility of causing an infinite loop on the server when
handling RPC/encoded requests.

This issue presents itself when an RPC/encoded Web method accepts an array or
object derived from 'IList'. By sending a specially crafted XML request, the
'aspnet_wp.exe' executable enters into an infinite loop.

Remote attackers may exploit this vulnerability to consume excessive CPU
resources, potentially denying service to legitimate users.

15. SGI ArrayD ARShell Remote Privilege Escalation Vulnerability
BugTraq ID: 14218
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14218
Summary:
SGI arshell is susceptible to a remote unspecified privilege escalation
vulnerability.

In certain unspecified circumstances, users executing arshell may be able to
execute commands on remote array computers with superuser privileges.

This vulnerability allows attackers to gain superuser privileges on any computer
in an array or cluster.

Further details are not currently available. This BID will be updated as more
information is disclosed.

16. Squito Gallery Photolist.INC.PHP File Include Vulnerability
BugTraq ID: 14219
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14219
Summary:
Squito Gallery is susceptible to a remote file include vulnerability. This issue
is due to a failure in the application to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.


17. Dragonfly Commerce Multiple SQL Injection Vulnerabilities
BugTraq ID: 14220
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14220
Summary:
Dragonfly Commerce is prone to multiple SQL injection vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


18. Check Point SecuRemote NG Local Information Disclosure Vulnerability
BugTraq ID: 14221
Remote: No
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14221
Summary:
Check Point SecuRemote NG is affected by a local information disclosure
vulnerability.  This issue may allow an attacker to disclose authentication
credentials used to access the VPN application.

An attacker could use the information gathered through the exploitation of this
vulnerability to gain access to or carry out other attacks against an affected
computer or the network protected by the VPN.


19. PHPsFTPd Inc.Login.PHP Privilege Escalation Vulnerability
BugTraq ID: 14222
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14222
Summary:
PHPsFTPd is affected by a privilege escalation vulnerability.  PHPsFTPd is
affected by a privilege escalation vulnerability.  This issue is due to a
failure in 'inc.login.php' when processing login credentials.

An attacker can exploit this vulnerability to retrieve the administrator
username and password.  This could aid in further attacks against the underlying
system; other attacks are also possible.

20. DVBBS ShowErr.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14223
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14223
Summary:
Dvbbs is prone to a cross-site scripting vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

21. Moodle Unspecified Security Vulnerability
BugTraq ID: 14224
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14224
Summary:
An unspecified security flaw exists within Moodle. This flaw could allow a
malicious user to compromise the application.

Due to a lack of details, further information cannot be provided at the moment.

This BID will be updated when more details become available.


22. Microsoft Outlook Express Multiple Vulnerabilities
BugTraq ID: 14225
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14225
Summary:
Microsoft has released an update to address various issues affecting Outlook
Express 6.0 running on Windows XP.  These issues may allow remote attackers to
cause the client to crash or disclose sensitive information.

Reportedly remote attackers may cause the client to crash by sending specially
crafted email messages.

Another issue allows the default news server account to be displayed when a user
replies to 'watched' conversation threads from multiple computers.

This BID will be updated when more details become available.

23. ASPNuke Comment_Post.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14226
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14226
Summary:
ASPNuke is prone to a cross-site scripting vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

24. XPVM Insecure Temporary File Creation Vulnerability
BugTraq ID: 14228
Remote: No
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14228
Summary:
XPVM creates temporary files in an insecure manner.

A local attacker would most likely take advantage of this vulnerability by
creating a malicious symbolic link in a directory where the temporary files will
be created. When the program attempts to perform an operation on a temporary
file, it will instead perform the operation on the file pointed to by the
malicious symbolic link.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack.  Other attacks may be possible as
well.

25. iPhotoAlbum Multiple File Include Vulnerabilities
BugTraq ID: 14229
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14229
Summary:
iPhotoAlbum is prone to multiple local and remote file include vulnerabilities.

An attacker may leverage these issues to execute arbitrary server-side script
code that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access.

26. Nokia Affix BTFTP Client Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 14230
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14230
Summary:
The Nokia Affix btftp client software is prone to a remote client-side buffer
overflow vulnerability. The issue exists due to a lack of sufficient boundary
checks that are performed on filename data before this data is copied into a
finite memory buffer.

This issue may be exploited by an attacker that is under control of an OBEX File
Transfer server, to execute arbitrary code in the context of the affected
clients that connect to the malicious server, and request a directory listing.



27. Nokia Affix BTSRV/BTOBEX Remote Command Execution Vulnerability
BugTraq ID: 14232
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14232
Summary:
Nokia Affix btsrv/btobex are reported prone to a remote command execution
vulnerability. The issue exists due to a lack of input sanitization that is
performed before using attacker-controlled data in a 'system()' call.

Because the affected services run with superuser privileges, this issue may be
exploited to fully compromise a target computer that is running the affected
software.


28. Linux-HA Heartbeat Insecure Temporary File Creation Vulnerability
BugTraq ID: 14233
Remote: No
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14233
Summary:
heartbeat creates temporary files in an insecure manner.

A local attacker would most likely take advantage of this vulnerability by
creating a malicious symbolic link in a directory where the temporary files will
be created. When the program attempts to perform an operation on a temporary
file, it will instead perform the operation on the file pointed to by the
malicious symbolic link.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.

29. SMS Insecure Temporary File Creation Vulnerability
BugTraq ID: 14234
Remote: No
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14234
Summary:
SMS creates temporary files in an insecure manner.

A local attacker would most likely take advantage of this vulnerability by
creating a malicious symbolic link in a directory where the temporary files will
be created. When the program attempts to perform an operation on a temporary
file, it will instead perform the operation on the file pointed to by the
malicious symbolic link.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.

30. ELMO Insecure Temporary File Creation Vulnerability
BugTraq ID: 14235
Remote: No
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14235
Summary:
ELMO creates temporary files in an insecure manner.

A local attacker would most likely take advantage of this vulnerability by
creating a malicious symbolic link in a directory where the temporary files will
be created. When the program attempts to perform an operation on a temporary
file, it will instead perform the operation on the file pointed to by the
malicious symbolic link.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.

31. MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow
Vulnerability
BugTraq ID: 14236
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14236
Summary:
The Kerberos 5 Key Distribution Center (KDC) implementation is affected by a
remote single-byte heap overflow vulnerability.

A remote unauthenticated attacker can exploit this vulnerability by sending
malformed data through a request over TCP or UDP to an affected computer.  This
may result in memory corruption and lead to an overflow condition.

If arbitrary code execution occurs, the attacker may gain complete access to an
entire Kerberos realm.

All MIT Kerberos 5 releases up to and including krb5-1.4.1 are vulnerable. 
Third party application servers employing Kerberos 5 may be affected as well.


32. Yawp Conf_Path Remote File Include Vulnerability
BugTraq ID: 14237
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14237
Summary:
Yawp is affected by a remote file include vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.

It should be noted even with 'register_globals' and 'allow_url_fopen' turned on
in the local PHP configuration, this vulnerability can still be exploited when
utilizing PHP5.

33. Oracle July Security Update Multiple Vulnerabilities
BugTraq ID: 14238
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14238
Summary:
Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application
Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications,
Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer
Suite, and Oracle Express Server are affected by multiple vulnerabilities.

The issues identified by the vendor affect all security properties of the Oracle
products and present local and remote threats.

Oracle has released a Critical Patch Update advisory for July 2005 to address
these vulnerabilities.  This Critical Patch Update addresses the vulnerabilities
for supported releases.  Earlier, unsupported releases are likely to be affected
by the issues as well.

34. MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free
Vulnerability
BugTraq ID: 14239
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14239
Summary:
MIT Kerberos 5 is prone to a remote double-free vulnerability; the issue can be
triggered by remote attackers prior to any authentication whatsoever. The issue
exists in the 'revcauth_common()' helper function.

A remote attacker may trigger this issue prior to authentication. Because of the
code path taken in the vulnerable function, exploitation may be hindered.
However, it is conjectured that this issue may be ultimately leveraged to
execute arbitrary code in the context of the affected service.

It should be noted that successful exploitation of this issue on a Kerberos Key
Distribution Center (KDC) computer, may result in the compromise of an entire
Kerberos realm.


35. MIT Kerberos 5 Key Distribution Center Remote Denial of Service
Vulnerability
BugTraq ID: 14240
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14240
Summary:
The Kerberos 5 Key Distribution Center (KDC) implementation is affected by a
remote denial of service vulnerability.  This issue arises because the
application attempts to free uninitialized memory at a random address when
handling a remote request over TCP.

Specifically, the vulnerability arises when the application handles a principle
name consisting of zero components.

All MIT Kerberos 5 releases up to and including krb5-1.4.1 are vulnerable. Third
party application servers employing Kerberos 5 may be affected as well.

36. Apple Mac OSX Unspecified TCP/IP Remote Denial Of Service Vulnerability
BugTraq ID: 14241
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14241
Summary:
Apple Mac OS X is prone to a remote denial of service vulnerability. The issue
exists due to a NULL pointer dereference that manifests in the kernel when
specially crafted TCP/IP packets of an unspecified type are processed.

A remote attacker may exploit this condition to trigger a kernel panic on a
target computer, effectively denying service for legitimate users.


37. Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
BugTraq ID: 14242
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14242
Summary:
The Mozilla Foundation has released 12 security advisories specifying security
vulnerabilities in Mozilla Suite, Firefox, and Thunderbird.

These vulnerabilities allow attackers to execute arbitrary machine code in the
context of the vulnerable application, bypass security checks, execute script
code in the context of targeted Web sites to disclose confidential information;
other attacks are also possible.

These vulnerabilities have been addressed in Firefox version 1.0.5, Mozilla
Suite 1.7.9. Mozilla Thunderbird has not been fixed at this time.

The issues described here will be split into individual BIDs as further analysis
is completed. This BID will then be retired.

Reportedly, Netscape is also vulnerable to the issue described in MFSA 2005-47.
Due to the nature of Netscape's fork from the Mozilla codebase, it is likely
that Netscape is also affected by most, or all of the issues that affect Mozilla
Firefox. This has not been confirmed at this time.

38. MailEnable IMAP SELECT Request Buffer Overflow Vulnerability
BugTraq ID: 14243
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14243
Summary:
MailEnable's IMAP server is prone to a remotely exploitable stack-based buffer
overflow vulnerability. This issue is due to a failure of the application to
properly bounds check user-supplied data prior to copying it to a fixed size
memory buffer.

Remote attackers may exploit this vulnerability to execute arbitrary machine
code in the context of the affected application. This allows attackers to gain
System level privileges, resulting in the complete compromise of the targeted
computer.

39. Emilda Management.PHP Input Validation Vulnerability
BugTraq ID: 14244
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14244
Summary:
Emilda is affected by an input validation vulnerability.

An attacker can supply an arbitrary value to the 'user_id' parameter and modify
the user's information. This would result in a loss of integrity and possible
confidentiality.

The vendor has addressed this version in Emilda version 1.2.3.

40. WPS Wps_shop.CGI Remote Command Execution Vulnerability
BugTraq ID: 14245
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14245
Summary:
WPS is prone to a remote arbitrary command execution vulnerability.

Reportedly, this issue arises when user-specified values are passed to the
'wps_shop.cgi' script.

Due to this, an attacker can supply arbitrary commands and have them executed in
the context of the server.

This issue may facilitate unauthorized remote access in the context of the Web
server to the affected computer.


41. Cisco ONS 15216 OADM Management Plane Telnet Service Remote Denial Of
Service Vulnerability
BugTraq ID: 14246
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14246
Summary:
The Cisco ONS 15216 OADM has separate data planes, one that exists solely for
device management, and the other that exists for data transport purposes.

The Telnet service used to access the Cisco ONS 15216 OADM management interface
may fail, if a maliciously crafted data stream is sent to a Cisco ONS 15216 OADM
Telnet session.

When the vulnerability is triggered, the Telnet service will no longer respond
to subsequent legitimate requests. However, the data plane (Network traffic that
is being switched and transmitted by the device.) is not affected by this
attack.

This vulnerability exists in the Cisco ONS 15216 OADM device that is running
software release 2.2.2 and earlier software releases.


42. Cisco Security Agent Crafted IP Packet Denial Of Service Vulnerability
BugTraq ID: 14247
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14247
Summary:
A denial of service vulnerability has been reported in Cisco Security Agent
(CSA).  This issue may be triggered by a maliciously crafted IP packet.

Successful exploitation will crash the Microsoft Windows operating system
hosting the Cisco Security Agent software.  This vulnerability only affects CSA
4.5 on Windows operating systems other than Windows XP.

43. Clearswift MIMEsweeper For Web ActiveX Bypass Vulnerability
BugTraq ID: 14248
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14248
Summary:
MIMEsweeper For Web may be exploited to bypass security restrictions.

Reportedly, the application fails to filter specially crafted files containing
ActiveX code.

Due to the nature of the application, this issue can create a false sense of
security for users protected by it, leading to various attacks.

MIMEsweeper For Web versions prior to 5.1 are affected.

44. ESi WebEOC Multiple Input Validation Privilege Escalation and Denial of
Service Vulnerabilities
BugTraq ID: 14249
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14249
Summary:
WebEOC is affected by multiple vulnerabilities.

WebEOC is prone to multiple cross-site scripting, SQL injection, information
disclosure, privilege escalation, access validation and denial of service
vulnerabilities.

These issues are due to a series of input validation, access validation and
other design errors in the application.

The vendor has addressed these issues in WebEOC version 6.0.2.


45. Cisco CallManager RISDC Remote Denial Of Service Vulnerability
BugTraq ID: 14250
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14250
Summary:
The CallManager RISDC (Realtime Information Server Data Collection) service is
susceptible to a remote denial of service vulnerability.

This issue is documented in Cisco bug CSCed37403, which is available to Cisco
customers.

If attackers repeatedly create, and then drop TCP connections to the vulnerable
service, excessive memory resources will be consumed, potentially leading to
further connections being refused.

This issue was originally documented in BID 14227.

46. Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability
BugTraq ID: 14251
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14251
Summary:
The CallManager CTI Manager service is susceptible to a remote denial of service
vulnerability.

This issue is documented in Cisco bug CSCee00116, which is available to Cisco
customers.

This issue may be exploited to cause the affected application to restart,
denying service to legitimate users.

This issue was originally documented in BID 14227.

47. Cisco CallManager CCM.EXE Remote Denial Of Service Vulnerability
BugTraq ID: 14252
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14252
Summary:
The CallManager 'ccm.exe' process is susceptible to a remote denial of service
vulnerability.

This issue is documented in Cisco bug CSCee00118, which is available to Cisco
customers.

This issue may be exploited to cause the affected application to restart,
denying service to legitimate users.

This issue was originally documented in BID 14227.

48. Cisco CallManager Multiple Failed Logins Remote Denial Of Service
Vulnerability
BugTraq ID: 14253
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14253
Summary:
CallManager is susceptible to a remote denial of service vulnerability when MLA
(Multi Level Admin) is enabled.

This issue is documented in Cisco bug CSCef47060, which is available to Cisco
customers.

Attackers may exploit this vulnerability by repeatedly attempting, and failing,
to log into the affected service. It is reported that as much as 750 megabytes
of memory may be consumed, resulting in a sever reduction in performance,
possibly denying service to legitimate users.

This issue was originally documented in BID 14227.

49. SquirrelMail Variable Handling Vulnerability
BugTraq ID: 14254
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14254
Summary:
SquirrelMail is affected by an insecure variable handling vulnerability.

It was reported that an attacker can exploit this vulnerability to disclose and
manipulate users' preferences, write arbitrary files in the context of
'www-data', carry out cross-site scripting and various other attacks.

Due to a lack of information, further details cannot be described at the moment.
 This BID will be update when more information becomes available.

50. Cisco CallManager AUPair Service Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 14255
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14255
Summary:
The CallManager aupair service is susceptible to an unspecified remote buffer
overflow vulnerability. This issue is due to a failure of the application to
properly bounds check user-supplied data prior to copying it to a fixed size
memory buffer.

This issue is documented in Cisco bug CSCsa75554, which is available to Cisco
customers.

This vulnerability allows remote attackers to execute arbitrary machine code in
the context of the affected application. Failed exploit attempts will likely
result in crashing the affected process, denying service to legitimate users.

This issue was originally documented in BID 14227.

51. PHPCounter EpochPrefix Cross Site Scripting Vulnerabillity
BugTraq ID: 14256
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14256
Summary:
A vulnerabililty exists that allows an attacker to perform cross-site scripting
attacks.

This issue is due to a failure of the application to properly sanitize
user-supplied input.



52. NetPanzer Remote Denial of Service Vulnerability
BugTraq ID: 14257
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14257
Summary:
netPanzer is affected by a remote denial of service vulnerability.

A successful attack can crash the server and deny service to legitimate users.

netPanzer 0.8 and prior versions are affected by this vulnerability.

53. Hosting Controller Multiple SQL Injection Vulnerabilities
BugTraq ID: 14258
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14258
Summary:
Hosting Controller is prone to an SQL injection vulnerability.

This issue allows a remote attacker to manipulate query structure and logic. It
has been reported that the attacker may gain unauthorized access to sensitive
information. Other attacks may be possible depending on the capabilities of the
underlying database and the nature of the affected query.


54. Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial Of
Service Vulnerability
BugTraq ID: 14259
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14259
Summary:
An unspecified remote denial of service vulnerability has been reported in the
kernel for Microsoft Windows. The vendor has confirmed that this vulnerability
permits remote attackers to crash affected computers. This issue is due to a
failure of the application to properly handle malformed Remote Desktop requests.

This BID will be updated as further information is made available.



55. Microsoft Windows Network Connections Manager Library Local Denial of
Service Vulnerability
BugTraq ID: 14260
Remote: No
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14260
Summary:
netman.dll is affected by a local denial of service vulnerability.

A successful attack can cause a denial of service condition in the Network
Connections Service.

Various services such as Wuauserv, Browser, CryptSvc, TrkWks, dmserver,
seclogon, lanmanserver, ShellHWDetection, AudioSrv, WZCSVC and lanmanworkstation
may also become inaccessible to the exploitation of this issue.


56. Class-1 Forum Users.PHP Cross Site Scripting Vulnerabilities
BugTraq ID: 14261
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14261
Summary:
Vulnerabilities exist in class-1 Forum that allows an attacker to perform
cross-site scripting attacks.

These issues are due to a failure of the application to properly sanitize
user-supplied input.

57. BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers Scan
Evasion Vulnerability
BugTraq ID: 14262
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14262
Summary:
BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers is
susceptible to an antivirus scan evasion vulnerability.

This vulnerability allows malicious content to pass undetected, leading to a
false sense of security.  A malicious attachment may be opened by a vulnerable
user facilitating a malicious code infection.

BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers versions
1.6.1 and prior are affected by this issue.

58. DG Remote Control Server Remote Denial of Service Vulnerability
BugTraq ID: 14263
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14263
Summary:
DG Remote Control Server is affected by a remote denial of service
vulnerability.

An attacker can cause a denial of service condition by sending large amounts of
data to the listening ports of the application.

This issue may lead to a buffer overflow condition facilitating remote access,
however, this has not been confirmed.

DG Remote Control Server 1.6.2 is affected by this vulnerability.

59. Laffer IM.PHP File Include Vulnerability
BugTraq ID: 14264
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14264
Summary:
Laffer is susceptible to a remote PHP file include vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary PHP code on an affected
computer with the privileges of the Web server process. This may facilitate
unauthorized access.


60. Easy Software Products CUPS Access Control List Bypass Vulnerability
BugTraq ID: 14265
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14265
Summary:
CUPS is susceptible to an ACL (Access Control List) bypass vulnerability. This
issue is due to a failure of the application to properly apply ACLs to incoming
print jobs.

This vulnerability allows attackers to bypass configured ACLs, allowing them to
print jobs on printers, skipping any configured authentication checks or IP
restrictions.

61. Simple Message Board Forum.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14266
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14266
Summary:
A cross-site scripting vulnerability affects Simple Message Board. This issue is
due to a failure of the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


62. Simple Message Board User.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14267
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14267
Summary:
A cross-site scripting vulnerability affects Simple Message Board. This issue is
due to a failure of the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


63. Simple Message Board Thread.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14268
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14268
Summary:
A cross-site scripting vulnerability affects Simple Message Board. This issue is
due to a failure of the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


64. Simple Message Board Search.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14269
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14269
Summary:
A cross-site scripting vulnerability affects Simple Message Board. This issue is
due to a failure of the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


65. Sophos Anti-Virus BZip2 Archive Handling Remote Denial Of Service
Vulnerability
BugTraq ID: 14270
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14270
Summary:
Sophos Anti-Virus is prone to a remote denial of service vulnerability when it
is configured to 'Scan inside archive files'. This is not a default setting.

The issue exists due to failure of the software to adequately sanitize 'Extra
field length' values contained in BZip2 archives. Ultimately this vulnerability
may be exploited to conduct a denial of proper service for legitimate users.

Attackers may leverage this issue to prevent the software from completing file
scans, for files received subsequent to an attack. This may allow the attacker
to bypass Anti-Virus scans.


66. Macromedia JRun Unauthorized Session Access Vulnerability
BugTraq ID: 14271
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14271
Summary:
Macromedia JRun is affected by a vulnerability that may allow a user's session
to be shared with another user.

Under certain circumstances, two users may share the same session facilitating
various attacks including a compromise of the user's account.

It should be noted that this issue cannot be triggered by an attacker and occurs
rarely.

JRun 4.0, ColdFusion MX 7.0 Enterprise Multi-Server Edition, and ColdFusion MX
6.1 Enterprise with JRun are affected by this vulnerability.

67. Oracle HTTP Server Unspecified Malformed Request Denial Of Service
Vulnerability
BugTraq ID: 14272
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14272
Summary:
Oracle HTTP Server is prone to a denial of service vulnerability.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July.  Oracle has not released any further information about this
vulnerability.

68. Oracle HTTP Server MOD_OSSO Partner Application Cookie Expiration Weakness
BugTraq ID: 14273
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14273
Summary:
The Oracle HTTP Server mod_osso single sign-on module does not properly expire
partner application cookies.  This could present a security threat if a
malicious user has a means to gain unauthorized access to partner application
cookies.  The expected behavior is that application cookies will expire.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July. Oracle has not released any further information about this
weakness.  This issue could be related to vulnerability DB10 in the Critical
Patch Update for July, though this has not been confirmed.  This BID will be
updated if further information is released.

69. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
BugTraq ID: 14276
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14276
Summary:
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2
functionality. This issue is due to a failure of the application to properly
bounds check input data prior to copying it into a fixed size memory buffer.

This issue will facilitate remote exploitation as an attacker may distribute
malicious MP3 files and entice unsuspecting users to process them with the
affected application.

An attacker may exploit this issue to execute arbitrary code with the privileges
of the user that activated the vulnerable application.

Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other
versions are also likely affected.

70. Oracle HTTP Server MOD_ORADAV ORAALTPASSWORD Obfuscation Weakness
BugTraq ID: 14277
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14277
Summary:
A security weakness exists in the Oracle HTTP Server mod_oradav module.  The
issue is that the ORAALTPASSWORD is obfuscated when it should be encrypted.  A
malicious user with access to the obfuscated password could easily decode it as
a result.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July. Oracle has not released any further information about this
weakness.

71. Clever Copy Calendar.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14278
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14278
Summary:
A cross-site scripting vulnerability affects Clever Copy. This issue is due to a
failure of the application to properly sanitize user-supplied URI input that
will be output in dynamically generated Web pages.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.



72. Oracle Webcache SSL Encryption Downgrade Weakness
BugTraq ID: 14279
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14279
Summary:
A security weakness was reported in Oracle Webcache.  The issue is that
documents may be served with weaker SSL encryption than configured in Oracle
HTTP Server.

This could result in a false sense of security.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July. Oracle has not released any further information about this
weakness.

73. MooseGallery Display.PHP File Include Vulnerability
BugTraq ID: 14280
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14280
Summary:
MooseGallery is susceptible to a remote PHP file include vulnerability. This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker may exploit this issue to execute arbitrary PHP code on an affected
computer with the privileges of the Web server process. This may facilitate
unauthorized access.


74. Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site Scripting
Vulnerability
BugTraq ID: 14281
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14281
Summary:
An unspecified cross-site scripting vulnerability exists in the Single Sign-On
Server (SSO) for Oracle Database Server.

This issue could likely be exploited by enticing a victim to visit a malicious
link that includes hostile HTML and script code.  Theft of cookie-based
authentication credentials from legitimate users could result from exploitation.
 Other attacks may also be possible.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July. Oracle has not released any further information about this
vulnerability.

75. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow
Vulnerability
BugTraq ID: 14282
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14282
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the
JPEG image rendering library used by the browser. This issue is due to a failure
of the application to properly bounds check input data prior to copying it to a
fixed size memory buffer.

This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.

Successful exploitation may result in execution of arbitrary code in the context
of the user executing the affected browser.

This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.

76. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 14283
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14283
Summary:
Hosting Controller is reported prone to multiple vulnerabilities. These issues
can allow an attacker to carry out SQL injection attacks, gain unauthorized
access to scripts, gain elevated privileges and carry out potential denial of
service attacks.

Hosting Controller version 6.1 hotfix 2.1 is vulnerable to these issues.

77. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of
Service Vulnerability
BugTraq ID: 14284
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14284
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser. This
issue is reportedly similar to the one described in BID 14282.

This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.

Successful exploitation results in crashing the affected Web browser. It may be
possible that execution of arbitrary code may also be achieved, but this has not
been confirmed.

This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.

78. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial
Of Service Vulnerability
BugTraq ID: 14285
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14285
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser.

This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.

Successful exploitation results in crashing the affected Web browser by
consuming excessive memory.

This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.

79. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of
Service Vulnerability
BugTraq ID: 14286
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14286
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser.

This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.

Successful exploitation results in crashing the affected Web browser. This
vulnerability also reportedly consumes excessive CPU resources.

This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.

80. Sybase EAServer Remote Buffer Overflow Vulnerability
BugTraq ID: 14287
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14287
Summary:
Sybase EAServer is affected by a remote buffer overflow vulnerability.

The vulnerability exists in the server's WebConsole.  A successful attack can
result in overflowing a finite sized buffer and ultimately leading to arbitrary
code execution in the context of the 'jagsrv.exe' process.  This may allow the
attacker to gain elevated privileges.

It should be noted that an attacker needs to provide authentication credentials
prior to carrying out this attack.


81. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing
Vulnerability
BugTraq ID: 14288
Remote: Yes
Date Published: 2005-07-16
Relevant URL: http://www.securityfocus.com/bid/14288
Summary:
It has been reported that both Microsoft Internet Explorer and MSN Instant
Messenger can be crashed if image data with malformed embedded ICC profile data
is processed.  The condition is likely due to an integer handling error.  The
author has stated that the crash observed was due to an access violation on a
memory read attempt, possibly due to an out-of-bounds array access.  This means
that the flaw is not immediately exploitable, though there may yet be a way to
write data.


III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Report: Squatters a major problem for credit-report site
By: Robert Lemos
For consumers looking to get free credit reports at the government-created
AnnualCreditReport.com site, misspellings can mean lost money or even lost
privacy, a reports charges.
http://www.securityfocus.com/news/11251

2. Desktop port proliferation a security risk?
By: Robert Lemos
Peer-to-peer software applications that require users to open ports in their
firewalls are becoming more popular. The effect on desktop security is still
uncertain, however.
http://www.securityfocus.com/news/11248

3. Microsoft to reward informants after Sasser conviction
By: Robert Lemos
UPDATE: The software giant will split the $250,000 amongst two tipsters, after
German courts convicted and sentenced the creator of the Sasser worm and the
original Netsky viruses.
http://www.securityfocus.com/news/11242

4. Flawed USC admissions site allowed access to applicant data
By: Robert Lemos
UPDATE: A programming error in the University of Southern California's online
application system left prospective student information publicly accessible.
http://www.securityfocus.com/news/11239

5. Dell rejects spyware charge
By: John Leyden
Dell has rejected allegations that its PCs come pre-loaded with an intrusive
application that spies on users' surfing habits.
http://www.securityfocus.com/news/11250

6. Phlooding attack could leave enterprises high and dry
By: John Leyden
You've got to hand it to the IT security industry for its ability to coin new
and impressive sounding terms for security threats.
http://www.securityfocus.com/news/11249

7. British government lost 150 PCs this year
By: John Oates
The Home Office might be in charge of law and order but it's not very good at
keeping hold of its own property - it has lost more computers this year than any
other department.
http://www.securityfocus.com/news/11246

8. Sophos glitch leaves PCs hanging
By: John Leyden
A recent security update from Microsoft is tripping up users of Sophos's
flagship anti-virus scanning software.
http://www.securityfocus.com/news/11247

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Dallas
http://www.securityfocus.com/archive/77/405623

2. [SJ-JOB] Quality Assurance, Cupertino
http://www.securityfocus.com/archive/77/405626

3. [SJ-JOB] Manager, Information Security, Chicago
http://www.securityfocus.com/archive/77/405624

4. [SJ-JOB] Information Assurance Analyst, Chicago
http://www.securityfocus.com/archive/77/405625

5. [SJ-JOB] Management, Washington
http://www.securityfocus.com/archive/77/405286

6. [SJ-JOB] Technical Support Engineer, Austin
http://www.securityfocus.com/archive/77/405289

7. [SJ-JOB] CHECK Team Leader, London
http://www.securityfocus.com/archive/77/405291

8. [SJ-JOB] Security Consultant, Toronto
http://www.securityfocus.com/archive/77/405275

9. [SJ-JOB] Security Product Marketing Manager, San Mateo
http://www.securityfocus.com/archive/77/405276

10. [SJ-JOB] Security Consultant, Boston
http://www.securityfocus.com/archive/77/405190

11. [SJ-JOB] Sales Engineer, Boston
http://www.securityfocus.com/archive/77/405191

12. [SJ-JOB] Customer Support, Austin
http://www.securityfocus.com/archive/77/405192

13. [SJ-JOB] Security Consultant, New York City
http://www.securityfocus.com/archive/77/405189

14. [SJ-JOB] Training / Awareness Specialist, Jersey City
http://www.securityfocus.com/archive/77/405188

V.   INCIDENTS LIST SUMMARY
---------------------------
1. Port Zero
http://www.securityfocus.com/archive/75/405425

2. Strange Traffic UDP port 8193
http://www.securityfocus.com/archive/75/405044

VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2
http://www.securityfocus.com/archive/82/405465

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405648

2. R: Changing Windows domain password over Internet
http://www.securityfocus.com/archive/88/405460

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. SID HIDS 0.4.2 released
http://www.securityfocus.com/archive/91/405592
[ terug ]