Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #319
----------------------------------------

This Issue is Sponsored By: Qualys

Test your Network Security with QualysGuard
Testing and improving your network security has never been easier. Requiring NO
software, QualysGuard will safely and accurately audit your network and provide
you with the necessary fixes to proactively guard your network. Try QualysGuard
Risk Free with No Obligation.

http://altfarm.mediaplex.com/ad/ck/6148-32572-6929-0

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Can writing software be a crime?
       2. Reducing browser privileges
II.   BUGTRAQ SUMMARY
       1. ProZilla Buffer Overflow Vulnerability
       2. GNU CFEngine Insecure Temporary File Creation Vulnerability
       3. Bugzilla config.cgi Information Disclosure Vulnerability
       4. Bugzilla User-Matching Information Disclosure Vulnerability
       5. Procom Technology NetFORCE 800 Information Disclosure Vulnerability
       6. Kaspersky Anti-Virus Library CAB Record Remote Heap Overflow
Vulnerability
       7. Weex Log_Flush() Function Remote Format String Vulnerability
       8. DIA SVG File Import Remote Arbitrary Code Execution Vulnerability
       9. Symantec AntiVirus Scan Engine Web Service Administrative Interface
Buffer Overflow Vulnerability
       10. Berkeley MPEG Tools Insecure Temporary File Creation Vulnerabilities
       11. Hitachi Cosminexus Remote Information Disclosure Vulnerability
       12. Gnome-PTY-Helper UTMP Hostname Spoofing Vulnerability
       13. PHP-Fusion Multiple SQL Injection Vulnerabilities
       14. MailEnable W3C Logging Buffer Overflow Vulnerability
       15. UIM LibUIM Environment Variables Privilege Escalation Weakness
       16. Microsoft Windows Wireless Zero Configuration Service Information
Disclosure Vulnerability
       17. University Of Washington IMAP Mailbox Name Buffer Overflow
Vulnerability 
       18. ALTools ALZip Multiple Archive Formats File Name Buffer Overflow
Vulnerability
       19. IBM Tivoli Monitoring Web Health Console Multiple Denial of Service
Vulnerabilities
       20. TellMe Multiple Cross-Site Scripting Vulnerabilities
       21. Sun ONE Directory Server Unspecified Remote Vulnerability
       22. Planet Technology FGSW-2402RS Switch Backdoor Password Reset
Vulnerability
       23. Mozilla Firefox IFRAME Handling Denail Of Service Vulnerability
       24. Webroot Software Desktop Firewall Multiple Local Vulnerabilities
       25. MyBloggie Search.PHP SQL Injection Vulnerability
       26. PHP-Fusion Register.PHP And FAQ.PHP SQL Injection Vulnerabilities
       27. Debian Linux Mason Init.d Firewall Loading Failure Vulnerability
       28. Microsoft October Advance Notification Unspecified Security
Vulnerabilities
       29. AspReady FAQ Manager SQL Injection Vulnerability
       30. OScommerce Additional_Images.PHP SQL Injection Vulnerability
       31. MediaWiki HTML Inline Style Attributes Unspecified Cross-Site
Scripting Vulnerability
       32. Computer Associates Multiple Product HTTP Request Remote Buffer
Overflow Vulnerability
       33. SuSE YaST Package Repositories Insecure Permissions Vulnerability
       34. Utopia News Pro Multiple Cross-Site Scripting Vulnerabilities
       35. Utopia News Pro SQL Injection Vulnerability
       36. Mozilla Firefox Multiple Unspecified Vulnerabilities
       37. Oracle iSQLPlus Cross-Site Scripting Vulnerability
       38. Oracle HTML DB Cross-Site Scripting Vulnerabilities
       39. Oracle iSQL*Plus TLS Listener Remote Denial Of Service Vulnerability
       40. Oracle HTML DB Plaintext Password Storage Vulnerability
       41. Oracle XML DB Cross-Site Scripting Vulnerability
       42. W3C Libwww Multiple Unspecified Vulnerabilities
       43. Aenovo Multiple SQL Injection Vulnerabilities
       44. SUSE ResMgr Unauthorized USB Device Access Vulnerabilities
       45. Aenovo Multiple Unspecified Cross-Site Scripting Vulnerabilities
       46. Oracle Forms Servlet TLS Listener Remote Denial Of Service
Vulnerability
       47. SUSE Linux Multiple Local Privilege Escalation Vulnerabilities
       48. MediaWiki History Database Corruption Vulnerability
       49. SUSE Linux PowerSave Daemon Local Denial Of Service Vulnerability
       50. HylaFAX Insecure UNIX Domain Socket Usage Vulnerability
       51. Xine-Lib Remote CDDB Information Format String Vulnerability
       52. HAURI Anti-Virus ALZ Archive Handling Remote Buffer Overflow
Vulnerability
       53. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion
Vulnerability
       54. Cyphor Multiple Input Validation Vulnerabilities
III.  SECURITYFOCUS NEWS
       1. Fingerprint payments taking off despite security concerns
       2. E-voting experts call for revised security guidelines
       3. Digital plague hits online game World of Warcraft
       4. Mozilla's popularity stressing its security image
       5. Users want ISPs to filter spyware
       6. Security pros savage Tsunami hacker verdict
       7. Virus naming scheme gets mixed reception
       8. 'DEC hacking' trial opens
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Auditor, Seattle
       2. [SJ-JOB] Instructor, Various US locations
       3. [SJ-JOB] Certification & Accreditation Engineer, Silver Spring
       4. [SJ-JOB] Security Architect, DC area
       5. [SJ-JOB] Manager, Information Security, La Jolla
       6. [SJ-JOB] Sales Engineer, San Francisco
       7. [SJ-JOB] Developer, Eagan
       8. [SJ-JOB] Application Security Engineer, New York
       9. [SJ-JOB] Security Consultant, New York
       10. [SJ-JOB] Sr. Security Analyst, Morristown
       11. [SJ-JOB] Information Assurance Engineer, Reston
       12. [SJ-JOB] Security Director, San Diego
       13. [SJ-JOB] Sales Representative, Washington DC/Baltimore/Virginia
       14. [SJ-JOB] Sr. Security Analyst, Ottawa
       15. [SJ-JOB] Security Consultant, Austin, Texas
       16. [SJ-JOB] Security Consultant, Austin. Texas
       17. [SJ-JOB] Security Architect, Portsmouth
V.    INCIDENTS LIST SUMMARY
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. PullThePlug Contest: Call For Papers
       2. XSS in fotolog.net
       3. PAKCON II:  Call for Paper (CfP), Final Call!
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #259
       2. windows secure copy
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
       1. routing_based_on_port/services
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Can writing software be a crime?
By Mark Rasch
Can writing software be a crime? A recent indictment in San Diego, California
indicates that the answer to that question may be yes.
http://www.securityfocus.com/columnists/360

2. Reducing browser privileges
By Mark Squire
Security companies and researchers have made careers out of identifying the
latest bugs in Internet Explorer.
http://www.securityfocus.com/infocus/1848


II.  BUGTRAQ SUMMARY
--------------------
1. ProZilla Buffer Overflow Vulnerability
BugTraq ID: 14993
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14993
Summary:
ProZilla is prone to a buffer overflow vulnerability. This issue is due to the
failure of the application to properly bounds check user-supplied input prior to
copying it to an insufficiently sized memory buffer.

Arbitrary code execution in the context of the user running the application is
possible.

2. GNU CFEngine Insecure Temporary File Creation Vulnerability
BugTraq ID: 14994
Remote: No
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14994
Summary:
GNU cfengine is prone to an insecure temporary file creation vulnerability. 
Exploitation may allow arbitrary files to be overwritten.


3. Bugzilla config.cgi Information Disclosure Vulnerability
BugTraq ID: 14995
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14995
Summary:
Bugzilla is prone to an information disclosure issue exposed through config.cgi.
 This may allow an unauthorized user to access product names that are supposed
to be confidential.

Bugzilla versions 2.18rc1 to 2.18.3, 2.19 to 2.20rc2, and 2.21 are affected.

4. Bugzilla User-Matching Information Disclosure Vulnerability
BugTraq ID: 14996
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14996
Summary:
Bugzilla is prone to an information disclosure vulnerability when user-matching
is turned on.  This could allow an attacker to enumerate usernames on the
system.

Bugzilla 2.19.1 to 2.20rc2 and 2.21 are prone to this vulnerability.


5. Procom Technology NetFORCE 800 Information Disclosure Vulnerability
BugTraq ID: 14997
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14997
Summary:
Procom Technology NetFORCE 800 is prone to an information disclosure issue.  The
operating system sends password hashes in plaintext diagnostic email messages.

This issue was reported to exist in NetFORCE 800 v4.02 M10 (Build 20).  Other
versions may also be affected.


6. Kaspersky Anti-Virus Library CAB Record Remote Heap Overflow Vulnerability
BugTraq ID: 14998
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/14998
Summary:
The Kaspersky Anti-Virus library is prone to a remote heap overflow
vulnerability.  The vulnerability is exposed during analysis of .CAB files. 
This issue may potentially affect all Kaspersky products that include the
library, including desktop, server, and gateway anti-virus products.  This issue
only affects Windows releases.  Kaspersky Anti-Virus 4.5 releases are not
affected by this issue.

Successful exploitation may result in system-level compromise of a computer
hosting a vulnerable application.



7. Weex Log_Flush() Function Remote Format String Vulnerability
BugTraq ID: 14999
Remote: Yes
Date Published: 2005-10-02
Relevant URL: http://www.securityfocus.com/bid/14999
Summary:
Weex is affected by a remote format string vulnerability.

The vulnerability presents itself in the 'log_flush()' function of the 'log.c'
file and is exposed when the application attempts to write an error log entry
containing format specifiers. 

Weex versions 2.6.1 and 2.6.1.5 are reported to be vulnerable.

8. DIA SVG File Import Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 15000
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15000
Summary:
DIA is affected by an arbitrary code execution vulnerability.

This vulnerability presents itself when the application handles a malicious
Scalable Vector Graphics (SVG) file. 

A successful attack can allow remote attackers to execute arbitrary python code
in the context of the application.  This may facilitate a remote compromise.

All versions of DIA are suspected to be vulnerable at the moment.  

9. Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer
Overflow Vulnerability
BugTraq ID: 15001
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15001
Summary:
A buffer overflow vulnerability exists in the Web-based administrative interface
of the Symantec Antivirus Scan Engine. This issue is due to improper bound
checking of user-supplied data prior to copying it into an insufficiently sized
memory buffer.

This vulnerability allows attackers to execute arbitrary machine code in the
context of the affected application. This allows remote attackers to gain
privileged remote access to computers running the affected application.

10. Berkeley MPEG Tools Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 15002
Remote: No
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15002
Summary:
Berkeley MPEG Tools creates temporary files in an insecure manner.

Successful exploitation may result in sensitive data or configuration files
being overwritten. This may result in a denial of service due to data
corruption; other attacks may also be possible.

Berkeley MPEG Tools 1.5b is known to be vulnerable at the moment.  Other
versions may be affected as well.

11. Hitachi Cosminexus Remote Information Disclosure Vulnerability
BugTraq ID: 15003
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15003
Summary:
Hitachi Cosminexus is affected by an information disclosure vulnerability.  

An attacker may disclose potentially sensitive information such as other user's
personal information sent through previous HTTP POST requests.

Information gathered through the exploitation of this issue may aid in other
attacks.

12. Gnome-PTY-Helper UTMP Hostname Spoofing Vulnerability
BugTraq ID: 15004
Remote: No
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15004
Summary:
'gnome-pty-helper' is susceptible to a local UTMP hostname spoofing
vulnerability. This issue is due to the failure of the application to properly
validate user-supplied data prior to using it to update UTMP records.

This vulnerability allows users to spoof remote hostname information in UTMP
records. This may aid attackers by misdirecting administrators and users as to
the correct origin of the attacker.

13. PHP-Fusion Multiple SQL Injection Vulnerabilities
BugTraq ID: 15005
Remote: Yes
Date Published: 2005-10-04
Relevant URL: http://www.securityfocus.com/bid/15005
Summary:
PHP-Fusion is prone to multiple SQL injection vulnerabilities. These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


14. MailEnable W3C Logging Buffer Overflow Vulnerability
BugTraq ID: 15006
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15006
Summary:
MailEnable is prone to a buffer overflow vulnerability.

This issue arises when the application processes W3C logging and may allow an
attacker to execute arbitrary code on a vulnerable computer with SYSTEM
privileges.

MailEnable Professional version 1.6 and prior and MailEnable Enterprise version
1.1 and prior are affected.

15. UIM LibUIM Environment Variables Privilege Escalation Weakness
BugTraq ID: 15007
Remote: No
Date Published: 2005-10-04
Relevant URL: http://www.securityfocus.com/bid/15007
Summary:
Uim is reported prone to a privilege escalation weakness.

An attacker that has local interactive access to a system that has a vulnerable
application installed may potentially exploit this weakness to escalate
privileges.

This issue is reported to affect all stable versions prior to 0.4.9.1, and in
development versions prior to 0.5.0.1.


16. Microsoft Windows Wireless Zero Configuration Service Information Disclosure
Vulnerability
BugTraq ID: 15008
Remote: Unknown
Date Published: 2005-10-04
Relevant URL: http://www.securityfocus.com/bid/15008
Summary:
WZCSVC is affected by an information disclosure vulnerability. 

Reportedly, the Pairwise Master Key (PMK) of the Wi-Fi Protected Access (WPA)
preshared key authentication and the WEP keys of the interface may be obtained
by a local unauthorized attacker.

A successful attack can allow an attacker to obtain the keys and subsequently
gain unauthorized access to a device.  This attack would likely present itself
in a multi-user environment with restricted or temporary wireless access such as
an Internet cafe, where an attacker could return at a later time and gain
unauthorized access.

Microsoft Windows XP SP2 was reported to be vulnerable, however, it is possible
that other versions are affected as well.

17. University Of Washington IMAP Mailbox Name Buffer Overflow Vulnerability 
BugTraq ID: 15009
Remote: Yes
Date Published: 2005-10-04
Relevant URL: http://www.securityfocus.com/bid/15009
Summary:
University Of Washington imap is prone to a buffer overflow vulnerability.  This
issue is exposed when the application parses mailbox names.

Successful exploitation will permit arbitrary code execution in the context of
the server process.  Exploitation requires the attacker to authenticate to the
service.

18. ALTools ALZip Multiple Archive Formats File Name Buffer Overflow
Vulnerability
BugTraq ID: 15010
Remote: Yes
Date Published: 2005-10-05
Relevant URL: http://www.securityfocus.com/bid/15010
Summary:
ALZip is prone to a buffer overflow when handling various archive formats.

Long file names can be copied into a finite stack-based buffer without adequate
limitations on the size of the source data resulting in corruption of adjacent
regions of stack-based memory. 

This issue could be exploited to execute arbitrary code facilitating a remote
compromise. 


19. IBM Tivoli Monitoring Web Health Console Multiple Denial of Service
Vulnerabilities
BugTraq ID: 15011
Remote: Yes
Date Published: 2005-10-05
Relevant URL: http://www.securityfocus.com/bid/15011
Summary:
IBM Tivoli Monitoring is affected by multiple remote denial of service
vulnerabilities.  These issues affect the application because of an old version
of IBM HTTP Server (prior to 1.3.28) shipped with the Web Health Console of
Tivoli Monitoring.

All versions of Tivoli Monitoring shipped with IBM HTTP Server (prior to 1.3.28)
are vulnerable to these issues.

20. TellMe Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15012
Remote: Yes
Date Published: 2005-10-05
Relevant URL: http://www.securityfocus.com/bid/15012
Summary:
TellMe is prone to multiple cross-site scripting vulnerabilities. This is due to
a lack of proper sanitization of user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


21. Sun ONE Directory Server Unspecified Remote Vulnerability
BugTraq ID: 15013
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15013
Summary:
Sun ONE Directory Server is prone to an unspecified remote vulnerability.

The cause of this issue was not specified, however, it was reported that this
issue can allow attackers to remotely compromise a vulnerable computer.

Sun ONE Directory Server 5.2 patch 3 and prior versions are affected by this
issue.  It is possible that Sun Java System Directory Server is vulnerable as
well.

Due to a lack of details, further information is not available at the moment. 
This BID will be updated when more details become available.

22. Planet Technology FGSW-2402RS Switch Backdoor Password Reset Vulnerability
BugTraq ID: 15014
Remote: Unknown
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15014
Summary:
Planet Technology FGSW-2402RS switch contains a default password for resetting
the system password.

An attacker can exploit this vulnerability to gain administrative access to the
switch; the consequences will vary depending on the network configuration.

Reports indicate to exploit this vulnerability an attacker must have access to a
machine directly connected to the vulnerable device through the RS-232 port
connection.  

Though uncomfirmed this vulnerability may be remotely exploitable if access to
the affected device exists using some other means.  This would greatly affect
possible exposure to this vulnerability.


23. Mozilla Firefox IFRAME Handling Denail Of Service Vulnerability
BugTraq ID: 15015
Remote: Yes
Date Published: 2005-10-05
Relevant URL: http://www.securityfocus.com/bid/15015
Summary:
Mozilla Firefox is prone to a remote denial of service vulnerability.

The vulnerability presents itself when an affected browser handles a specially
crafted IFRAME.

A successful attack may result in crashing the application, or consuming
excessive CPU and memory resources of computers running the affected
application.

It should be noted that this issue was reported to affect Firefox 1.0.6 and
1.0.7 running on Linux.  Other versions running on different platforms may be
vulnerable as well.

24. Webroot Software Desktop Firewall Multiple Local Vulnerabilities
BugTraq ID: 15016
Remote: No
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15016
Summary:
Webroot Software Desktop Firewall is susceptible to multiple local
vulnerabilities.

The first issue is a buffer overflow vulnerability, due to a failure of the
application to properly bounds check user-supplied data prior to copying it to
an insufficiently sized memory buffer.

Local attackers may exploit this first issue to execute arbitrary machine code
with SYSTEM privileges. Attackers require the ability to modify the firewall's
list of allowed applications.

The second issue is an authentication bypass vulnerability. This issue is due to
a failure of the firewall to properly enforce built-in password protection,
allowing local attackers to disable the firewall.

Local attackers may exploit the second issue to disable the firewall, aiding
them in further attacks.

These issues may only be exploited by local attackers with privileges allowing
them to utilize 'DeviceIoControl()' to send commands to the firewall driver.

These issues are reported to exist in version 1.3.0.43. Other versions may also
be affected.

25. MyBloggie Search.PHP SQL Injection Vulnerability
BugTraq ID: 15017
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15017
Summary:
myBloggie is prone to an SQL injection vulnerability. This is due to a lack of
sanitization of user-supplied input before passing it on to SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


26. PHP-Fusion Register.PHP And FAQ.PHP SQL Injection Vulnerabilities
BugTraq ID: 15018
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15018
Summary:
PHP-Fusion is prone to multiple SQL injection vulnerabilities.  These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

27. Debian Linux Mason Init.d Firewall Loading Failure Vulnerability
BugTraq ID: 15019
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15019
Summary:
The Debian Linux Mason package is prone to an issue that may cause the firewall
not to load at system startup. A startup script is missing from the installation
package which performs a required function.

A false sense of security is held by the application owner when the affected
computer is restarted.

A remote attacker may exploit this configuration error by connecting to ports
that would otherwise be remotely unavailable.


28. Microsoft October Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 15020
Remote: Unknown
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15020
Summary:
Microsoft has released advanced notification for nine security bulletins that
will be released on October 11, 2005.

Eight of these security bulletins affect Microsoft Windows and one affects
Microsoft Exchange and Microsoft Windows.

29. AspReady FAQ Manager SQL Injection Vulnerability
BugTraq ID: 15022
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15022
Summary:
aspReady FAQ Manager is prone to an SQL injection vulnerability.

It is conjectured that various parameters and fields are affected by SQL
injection attacks, however, this was not confirmed.  Successful exploitation
could result in a compromise of the application, disclosure or modification of
data, or may permit an attacker to exploit vulnerabilities in the underlying
database implementation.  Reportedly, an attacker can exploit this issue to gain
administrative access to a forum.

All versions of the application are considered to be vulnerable at the moment.

Specific details about this issue were not disclosed, however, this BID will be
updated when more information becomes available.

30. OScommerce Additional_Images.PHP SQL Injection Vulnerability
BugTraq ID: 15023
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15023
Summary:
OSCommerce is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before being
used as input to SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


31. MediaWiki HTML Inline Style Attributes Unspecified Cross-Site Scripting
Vulnerability
BugTraq ID: 15024
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15024
Summary:
MediaWiki is prone to a cross-site scripting vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


32. Computer Associates Multiple Product HTTP Request Remote Buffer Overflow
Vulnerability
BugTraq ID: 15025
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15025
Summary:
Multiple Computer Associates products are susceptible to a remote buffer
overflow vulnerability. This issue is due to a failure of the affected products
to properly bounds check user-supplied data prior to copying it to an
insufficiently sized memory buffer.

This issue exists in the iTechnology iGateway component that is included in
multiple Computer Associates products.

Versions 1.x, 2.x, and the current 4.x versions of the iGateway component are
not affected by this issue. Version 3.0.040107 and earlier 3.x versions are
affected. This issue is only exploitable if the non-default components are
installed, the 'igateway.conf' configuration file has debugging enabled, and the
service is then manually restarted.

This issue allows remote attackers to execute arbitrary machine code in the
context of affected applications.

33. SuSE YaST Package Repositories Insecure Permissions Vulnerability
BugTraq ID: 15026
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15026
Summary:
SuSE YaST is affected by an insecure permissions vulnerability that may allow
local users to overwrite package meta files.

The application copies remote repositories including ownership and permissions
of the owner of the packages to the local system.  If insecure permissions are
associated with the packages, this issue could lead to data corruption and other
attacks.

This vulnerability can aid in the exploitation of BID 14861 (SuSE YaST Local
Buffer Overflow Vulnerability), which requires an attacker to overwrite YaST
package meta files prior to exploitation.
 

34. Utopia News Pro Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15027
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15027
Summary:
Utopia News Pro is prone to multiple cross-site scripting vulnerabilities.
These issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  These
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


35. Utopia News Pro SQL Injection Vulnerability
BugTraq ID: 15028
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15028
Summary:
Utopia News Pro is prone to an SQL injection vulnerability. This issue is due to
a failure in the application to properly sanitize user-supplied input before
using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


36. Mozilla Firefox Multiple Unspecified Vulnerabilities
BugTraq ID: 15029
Remote: Unknown
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15029
Summary:
Firefox is affected by multiple unspecified vulnerabilities. These issues may
allow remote attackers to execute arbitrary code to gain access to an affected
computer. Some issues may lead to denial of service attacks.

Mozilla Firefox 1.5 beta 2 has been released to address these issues.

This BID will be updated and divided into separate BIDs when more information is
available.


37. Oracle iSQLPlus Cross-Site Scripting Vulnerability
BugTraq ID: 15030
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15030
Summary:
Oracle iSQL*Plus is prone to a cross-site scripting vulnerability.  This issue
is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

This issue was originally described and addressed in Oracle Critical Patch
Update - April 2005, BID 13139 (Oracle Multiple Vulnerabilities). Due to the
availability of more information, this issue is being assigned a separate BID.

38. Oracle HTML DB Cross-Site Scripting Vulnerabilities
BugTraq ID: 15031
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15031
Summary:
Oracle HTML DB is prone to cross-site scripting vulnerabilities.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. 

An attacker can leverage these issues to execute SQL statements in the context
of an affected user as well.

These issues was originally described and addressed in Oracle Critical Patch
Update - April 2005, BID 13139 (Oracle Multiple Vulnerabilities).  Due to the
availability of more information, these issues are being assigned a separate
BID.

39. Oracle iSQL*Plus TLS Listener Remote Denial Of Service Vulnerability
BugTraq ID: 15032
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15032
Summary:
Oracle iSQL*PLUS is susceptible to a vulnerability that allows remote attackers
to stop the TNS Listener service, denying further database service to legitimate
users.

By issuing a specific HTTP request, remote attackers may cause the affected
application to stop the TNS Listener.

This issue was reported in Oracle Database version 9.0.2.4; other versions may
also be affected.

These issues was originally described and addressed in Oracle Critical Patch
Update - July 2005, BID 14238 (Oracle July Security Update Multiple
Vulnerabilities). Due to the availability of more information, these issues are
being assigned a separate BID.

40. Oracle HTML DB Plaintext Password Storage Vulnerability
BugTraq ID: 15033
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15033
Summary:
Oracle HTML DB is prone to a plaintext password storage vulnerability.

During a manual install, the application stores the password of the 'SYS' user
in a plaintext file on the filesystem.  A local attacker may access this file
and retrieve the password followed by gaining administrative access to the
application.

This issue was originally described and addressed in Oracle Critical Patch
Update - April 2005, BID 13139 (Oracle Multiple Vulnerabilities). Due to the
availability of more information, this issue is being assigned a separate BID.


41. Oracle XML DB Cross-Site Scripting Vulnerability
BugTraq ID: 15034
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15034
Summary:
Oracle XML DB is prone to a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

This issue was originally described and addressed in Oracle Critical Patch
Update - April 2005, BID 13139 (Oracle Multiple Vulnerabilities). Due to the
availability of more information, this issue is being assigned a separate BID.

42. W3C Libwww Multiple Unspecified Vulnerabilities
BugTraq ID: 15035
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15035
Summary:
W3C Libwww is prone to multiple unspecified vulnerabilities. 

These issues include a buffer overflow vulnerability and some issues related to
the handling of multipart/byteranges content.

Due to a lack of details, further information is not available at the moment. 
This BID will be updated when more details are released.

Libwww 5.4.0 is reported to be vulnerable.  Other versions may be affected as
well.  These issues may also be exploited through other applications that
implement the library.

43. Aenovo Multiple SQL Injection Vulnerabilities
BugTraq ID: 15036
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15036
Summary:
Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection
vulnerabilities.  These issues are due to a failure in the application to
properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


44. SUSE ResMgr Unauthorized USB Device Access Vulnerabilities
BugTraq ID: 15037
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15037
Summary:
resmgr is prone to multiple vulnerabilities that permit unauthorized access to
USB devices.

Exploitation of these issues would result in a bypass of access controls leading
to a false sense of security and a possible loss of confidentiality if data is
intercepted; other attacks are also possible.

45. Aenovo Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 15038
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15038
Summary:
aeNovo is prone to multiple cross-site scripting vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  These
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

46. Oracle Forms Servlet TLS Listener Remote Denial Of Service Vulnerability
BugTraq ID: 15039
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15039
Summary:
Oracle Forms is susceptible to a vulnerability that allows remote attackers to
stop the TNS Listener service, denying further database service to legitimate
users.

By issuing a specific HTTP request, remote attackers may cause the affected
application to stop the TNS Listener.

This issue was reported in Oracle Forms versions prior to July 2005.

This issue was originally described and addressed in Oracle Critical Patch
Update - July 2005, BID 14238 (Oracle July Security Update Multiple
Vulnerabilities). Due to the availability of more information, this issue is
being assigned a separate BID.

47. SUSE Linux Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 15040
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15040
Summary:
Multiple SUSE Linux applications are prone to a local privilege escalation
vulnerability.  The issue exists because affected binaries handle the 
'LD_LIBRARY_PATH' variable in an unsafe manner.

A local attacker may exploit this vulnerability to execute arbitrary code in
shared libraries in the context of a user that runs the affected application.

Other unspecified packages are affected; if these other packages contain
setuid-superuser privileges, then local escalation of privileges may be
possible.


48. MediaWiki History Database Corruption Vulnerability
BugTraq ID: 15041
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15041
Summary:
MediaWiki is prone to a vulnerability that could result in a corruption of the
database.

An attacker can exploit this vulnerability to corrupt the most recent revision
in the database.

49. SUSE Linux PowerSave Daemon Local Denial Of Service Vulnerability
BugTraq ID: 15042
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15042
Summary:
SUSE Linux powersave daemon is susceptible to a local denial of service
vulnerability. This issue is due to a flaw in the installed permissions of the
daemon.

Local attackers may exploit this issue to control the power management daemon,
to suspend the computer, denying service to legitimate users. Other attacks may
also be possible.

50. HylaFAX Insecure UNIX Domain Socket Usage Vulnerability
BugTraq ID: 15043
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15043
Summary:
HylaFAX is susceptible to a local insecure UNIX domain socket usage
vulnerability. This issue is due to a failure of the application to securely
implement UNIX domain network communication.

Attackers may gain access to the contents of fax messages containing potentially
sensitive information, or deny fax services to legitimate users. Other attacks
may also be possible.

51. Xine-Lib Remote CDDB Information Format String Vulnerability
BugTraq ID: 15044
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15044
Summary:
Xine-lib is susceptible to a remote format string vulnerability. This issue is
due to a failure of the application to securely implement a formatted printing
function.

Successful exploitation of this vulnerability allows remote attackers to execute
arbitrary machine code in the context of the affected application.

Xine-lib versions 0.9.13, 1.0, 1.0.1, 1.0.2, and 1.1.0 are reported to be
affected. Other versions may also be affected, as well as all applications that
utilize a vulnerable version of the library.

52. HAURI Anti-Virus ALZ Archive Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 15045
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15045
Summary:
HAURI Anti-Virus is affected by a remote buffer overflow vulnerability when
handling ALZ archives.

An attacker can exploit this issue by crafting a malicious ALZ archive
containing a compressed file with a specially crafted file name and sending this
archive to a vulnerable computer.

The attacker may exploit this vulnerability to gain unauthorized remote access
in the context of the superuser.

This issue is reported to affect products containing 'vrAZMain.dll' version
5.8.22.137; other versions may also be affected.

53. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion
Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a
vulnerability that may allow malformed archive files to bypass detection.

This issue arises when an affected application processes a specially altered
archive file that contains a fake, misleading MS-DOS executable MZ header.

This issue could result in malicious archives bypassing detection and allowing
the contents to be opened by a recipient.

It should be noted that specific information regarding affected packages and
versions is currently unavailable. The reporter of this issue used the EICAR
test message stored in multiple different malformed archives. It may be possible
that some of the reportedly affected packages may actually be immune to this
issue.

This BID will be updated as further information is disclosed.

54. Cyphor Multiple Input Validation Vulnerabilities
BugTraq ID: 15047
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15047
Summary:
Cyphor is prone to multiple cross-site scripting and SQL injection
vulnerabilities.

Exploitation could allow for theft of cookie-based authentication credentials or
unauthorized access to database data. Other attacks are also possible.


III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Fingerprint payments taking off despite security concerns
By: Robert Lemos
Consumers may be able to leave their wallets behind in the near future, but
security and privacy experts worry that pay-by-fingerprint schemes could lead to
hard-to-combat identity fraud and greater threats to civil rights.
http://www.securityfocus.com/news/11339

2. E-voting experts call for revised security guidelines
By: Robert Lemos
A federally funded group of voting technology experts call on the United States'
Election Assistance Commission to revamp its process for evaluating the security
of election systems.
http://www.securityfocus.com/news/11336

3. Digital plague hits online game World of Warcraft
By: Robert Lemos
A game effect with limited self-propagation gets spread further by malicious
gamers and underscores the danger of giving programs the ability to infect.
http://www.securityfocus.com/news/11330

4. Mozilla's popularity stressing its security image
By: Robert Lemos
Recent vulnerability disclosures and a biannual report noting increased flaw
reports raise questions about the open-source Firefox browser's security.
http://www.securityfocus.com/news/11327

5. Users want ISPs to filter spyware
By: John Leyden
A majority of net users want their ISPs so block spyware traffic. 
http://www.securityfocus.com/news/11340

6. Security pros savage Tsunami hacker verdict
By: John Oates
Last week Daniel Cuthbert was convicted of breaking the Computer Misuse Act,
fined £400, and ordered to pay £600 in costs.
http://www.securityfocus.com/news/11341

7. Virus naming scheme gets mixed reception
By: John Leyden
A group dedicated to curing virus-naming confusion enjoyed its official launch
on Wednesday.
http://www.securityfocus.com/news/11338

8. 'DEC hacking' trial opens
By: John Oates
Horseferry Road Magistrates Court has heard the first day of evidence against
the East London man accused of hacking into a donations site for the tsunami
appeal last December.
http://www.securityfocus.com/news/11337

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Auditor, Seattle
http://www.securityfocus.com/archive/77/412839

2. [SJ-JOB] Instructor, Various US locations
http://www.securityfocus.com/archive/77/412841

3. [SJ-JOB] Certification & Accreditation Engineer, Silver Spring
http://www.securityfocus.com/archive/77/412842

4. [SJ-JOB] Security Architect, DC area
http://www.securityfocus.com/archive/77/412837

5. [SJ-JOB] Manager, Information Security, La Jolla
http://www.securityfocus.com/archive/77/412838

6. [SJ-JOB] Sales Engineer, San Francisco
http://www.securityfocus.com/archive/77/412840

7. [SJ-JOB] Developer, Eagan
http://www.securityfocus.com/archive/77/412836

8. [SJ-JOB] Application Security Engineer, New York
http://www.securityfocus.com/archive/77/412654

9. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/412664

10. [SJ-JOB] Sr. Security Analyst, Morristown
http://www.securityfocus.com/archive/77/412653

11. [SJ-JOB] Information Assurance Engineer, Reston
http://www.securityfocus.com/archive/77/412656

12. [SJ-JOB] Security Director, San Diego
http://www.securityfocus.com/archive/77/412663

13. [SJ-JOB] Sales Representative, Washington DC/Baltimore/Virginia
http://www.securityfocus.com/archive/77/412659

14. [SJ-JOB] Sr. Security Analyst, Ottawa
http://www.securityfocus.com/archive/77/412517

15. [SJ-JOB] Security Consultant, Austin, Texas
http://www.securityfocus.com/archive/77/412518

16. [SJ-JOB] Security Consultant, Austin. Texas
http://www.securityfocus.com/archive/77/412520

17. [SJ-JOB] Security Architect, Portsmouth
http://www.securityfocus.com/archive/77/412516

V.   INCIDENTS LIST SUMMARY
---------------------------
VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. PullThePlug Contest: Call For Papers
http://www.securityfocus.com/archive/82/412893

2. XSS in fotolog.net
http://www.securityfocus.com/archive/82/412895

3. PAKCON II:  Call for Paper (CfP), Final Call!
http://www.securityfocus.com/archive/82/412681

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #259
http://www.securityfocus.com/archive/88/412498

2. windows secure copy
http://www.securityfocus.com/archive/88/412368

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. routing_based_on_port/services
http://www.securityfocus.com/archive/91/412365
[ terug ]