Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #439
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical
event for ICT security experts. Featuring hands-on training courses and
Briefings presentations with lots of new content.  Network with 400+ delegates
from 30 nations and review products by leading vendors in a relaxed setting.
Black Hat Europe is supported by most leading European infosec associations.  
www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Skills for the Future
       2. Mother, May I?

II.   BUGTRAQ SUMMARY
       1. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
       2. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer
Overflow Vulnerability
       3. WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability
       4. Documentum Products 'dmclTrace.jsp' Arbitrary File Overwrite
Vulnerability
       5. Mailman 'list templates' and 'list info' Multiple HTML Injection
Vulnerabilities
       6. RaidenHTTPD Prior to 2.0.22 Unspecified Cross Site Scripting
Vulnerability
       7. RMSOFT Gallery System For XOOPS 'images.php' SQL Injection
Vulnerability
       8. Pagetool 'search_term' Parameter Cross-Site Scripting Vulnerability
       9. LinPHA Multiple Cross-Site Scripting Vulnerabilities
       10. Microsoft February 2008 Advance Notification Multiple Vulnerabilities
       11. RETIRED: dBpowerAMP Audio Player M3U Buffer Overflow Vulnerability
       12. photokorn 'pic' Parameter SQL Injection Vulnerability
       13. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability
       14. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation
Vulnerability
       15. Joomla! and Mambo com_doc Component 'sid' Parameter SQL Injection
Vulnerability
       16. Joomla! and Mambo com_sermon Component 'gid' Parameter SQL Injection
Vulnerability
       17. Joomla! and Mambo YNews Component 'id' Parameter SQL Injection
Vulnerability
       18. Joomla! and Mambo com_downloads Component 'filecatid' Parameter SQL
Injection Vulnerability
       19. OpenSiteAdmin 'path' Multiple Remote File Include Vulnerabilities
       20. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple
Local Vulnerabilities
       21. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow
Vulnerability
       22. Apache Tomcat JK Connector Double Encoding Security Bypass
Vulnerability
       23. IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
       24. Multiple Vendors BIND 'inet_network()' Off-by-One Buffer Overflow
Vulnerability
       25. Linux Kernel Driver Fault Handler 'mmap.c' Local Denial of Service
Vulnerability
       26. Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access
Vulnerabilities
       27. libexif Image Tag Remote Integer Overflow Vulnerability
       28. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
       29. ImageMagick File Name Handling Remote Format String Vulnerability
       30. ImageMagick Image Filename Remote Command Execution Vulnerability
       31. SafeNET HighAssurance Remote and SoftRemote IPSecDrv.SYS Local
Privilege Escalation Vulnerability
       32. Philboard Philboard_forum.ASP SQL Injection Vulnerability
       33. husrevforum Philboard_forum.ASP SQL Injection Vulnerability
       34. Ipswitch Instant Messaging 2.0.8.1 Multiple Security Vulnerabilities
       35. Netpbm GIFtoPNM Utility Buffer Overflow Vulnerability
       36. IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflow
Vulnerabilities
       37. Adobe Acrobat and Reader Multiple Unspecified Security
Vulnerabilities
       38. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
       39. Sift Unity 'search.cgi' Cross-Site Scripting Vulnerability
       40. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting
Vulnerability
       41. osCommerce 'customer_testimonials.php' SQL Injection Vulnerability
       42. mini-Pub 'sFileName' Parameter Multiple Input Validation
Vulnerabilities
       43. RETIRED: Philboard 'philboard_forum.asp' SQL Injection Vulnerability
       44. HP Select Identity 4.20 and Prior Unspecified Remote Unauthorized
Access Vulnerability
       45. MODx HTML Injection Vulnerability and Multiple Cross-Site Scripting
Vulnerabilities
       46. Check Point VPN SecureClient/SecuRemote Local Login Credentials
Information Disclosure Vulnerability
       47. WordPress 'xmlrpc.php' Post Edit Unauthorized Access Vulnerability
       48. libexif Image Tag Remote Denial Of Service Vulnerability
       49. RETIRED: MailBee Objects 'MailBee.dll' ActiveX Control Multiple
Insecure Method Vulnerabilities
       50. MySQL Server RENAME TABLE System Table Overwrite Vulnerability
       51. MySQL Rename Table Function Access Validation Vulnerability
       52. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
       53. Moodle 'install.php' Cross Site Scripting Vulnerability
       54. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation
Vulnerability
       55. MySQL Security Invoker Privilege Escalation Vulnerability
       56. PHP Multiple Input Validation Vulnerabilities
       57. Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass
Vulnerability
       58. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
       59. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow
Vulnerability
       60. MySQL Server Privilege Escalation And Denial Of Service
Vulnerabilities
       61. PADL Nss_ldap Race Condition Security Vulnerability
       62. X.Org X Server 'Xinput' Extension Local Privilege Escalation
Vulnerability
       63. X.Org X Server 'EVI' Extension Local Privilege Escalation
Vulnerability
       64. MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial
Of Service Vulnerability
       65. Python ImageOP Module Multiple Integer Overflow Vulnerabilities
       66. Astanda Directory Project 'detail.php' SQL Injection Vulnerability
       67. MySQL IF Query Handling Remote Denial Of Service Vulnerability
       68. Symantec Altiris Notification Server Agents Shatter Attack Privilege
Escalation Vulnerability
       69. MyNews 'hash' Parameter Cross Site Scripting Vulnerability
       70. Mozilla Firefox 2.0.0.11 Multiple Remote Vulnerabilities
       71. TinTin++ and WinTin++ '#chat' Command Multiple Security
Vulnerabilities
       72. WS_FTP Server Manager Authentication Bypass and Information
Disclosure Vulnerabilities
       73. KAME Project IPv6 IPComp Header Denial Of Service Vulnerability
       74. Mihalism Multi Host 'users.php' SQL Injection Vulnerability
       75. OpenBSD PRNG DNS Cache Poisoning and Predictable IP ID Weakness
       76. HP Storage Essentials SRM Unspecified Remote Unauthorized Access
Vulnerability
       77. Sun Java RunTime Environment Read and Write Permission Multiple
Privilege Escalation Vulnerabilities
       78. Webmin Search Feature Cross-Site Scripting Vulnerability
       79. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
       80. Linux Kernel AACRAID Driver Local Security Bypass Vulnerability
       81. Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution
Vulnerability
       82. Trolltech Qt QSslSocket Class Certificate Verification Security
Bypass Vulnerability
       83. Mozilla Firefox chrome:// URI JavaScript File Request Information
Disclosure Vulnerability
       84. Mozilla Products Multiple Remote Vulnerabilities
       85. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
       86. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
       87. X.Org X Server 'PassMessage' Request Local Privilege Escalation
Vulnerability
       88. Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
       89. Linux Kernel Parent Process Death Signal Local Security Bypass
Weakness
       90. Linux Kernel IEEE80211 HDRLen Remote Denial Of Service Vulnerability
       91. Linux Kernel VFS Unauthorized File Access Vulnerability
       92. Linux Kernel CIFS Local Security Bypass Weakness
       93. Linux Kernel CIFS Local Privilege Escalation Vulnerability
       94. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
       95. SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer
Overflow Vulnerability
       96. SDL_image IFF ILBM File Remote Buffer Overflow Vulnerability
       97. HP OpenView Network Node Manager 'ovtopmd' Denial of Service
Vulnerability
       98. Novell Challenge Response Client Local Clipboard Disclosure Weakness
       99. dBpowerAMP Audio Player M3U Buffer Overflow Vulnerability
       100. Apple iPhoto Photocast Subscription Remote Format String
Vulnerability
III.  SECURITYFOCUS NEWS
       1. Federal agencies miss deadline on secure configs
       2. Universities fend off phishing attacks
       3. Antivirus firms, test labs to form standards group
       4. Legitimate sites serving up stealthy attacks
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Security Engineer, Evansville
       2. [SJ-JOB] Compliance Officer, Deerfield
       3. [SJ-JOB] Jr. Security Analyst, Deerfield
       4. [SJ-JOB] Security Architect, Arlington
       5. [SJ-JOB] Sales Engineer, Houston
       6. [SJ-JOB] Security Engineer, St. Louis
       7. [SJ-JOB] Technical Support Engineer, Columbia
       8. [SJ-JOB] Information Assurance Engineer, Arlington
       9. [SJ-JOB] Security Consultant, St. Louis
       10. [SJ-JOB] Information Assurance Engineer, Arlington
       11. [SJ-JOB] Auditor, Deerfield
       12. [SJ-JOB] Security Engineer, St. Louis
       13. [SJ-JOB] Senior Software Engineer, Alpharetta
       14. [SJ-JOB] Application Security Architect, Coral Gables
       15. [SJ-JOB] Director, Information Security, New York City
       16. [SJ-JOB] Security System Administrator, Coral Gables
       17. [SJ-JOB] Sr. Security Engineer, Edison
       18. [SJ-JOB] Security System Administrator, Miami
       19. [SJ-JOB] Security Engineer, Raleigh
       20. [SJ-JOB] Security System Administrator, Denver
       21. [SJ-JOB] Sr. Security Analyst, Coral Gables
       22. [SJ-JOB] Security Architect, Washington
       23. [SJ-JOB] Security Consultant, London
       24. [SJ-JOB] Security Researcher, Montpellier (France)
       25. [SJ-JOB] Information Assurance Engineer, McLean
       26. [SJ-JOB] Sr. Security Analyst, Wilmington
       27. [SJ-JOB] Security System Administrator, McLean
       28. [SJ-JOB] Sales Engineer, Houston
       29. [SJ-JOB] Software Engineer, Remote
       30. [SJ-JOB] Information Assurance Engineer, Arlington
       31. [SJ-JOB] Incident Handler, Arlington & Reston
       32. [SJ-JOB] Application Security Architect, Roseland, NJ
       33. [SJ-JOB] Training / Awareness Specialist, Washington
       34. [SJ-JOB] Senior Software Engineer, St.Louis
       35. [SJ-JOB] Sales Engineer, Washington, DC
       36. [SJ-JOB] Account Manager, Cambridgeshire
       37. [SJ-JOB] Disaster Recovery Coordinator, Saint Charles
       38. [SJ-JOB] Application Security Engineer, Amsterdam
       39. [SJ-JOB] Training / Awareness Specialist, Amsterdam
       40. [SJ-JOB] Security Architect, Leatherhead
       41. [SJ-JOB] Security Engineer, Amsterdam
V.    INCIDENTS LIST SUMMARY
       1. Possible Mail server compromise ?
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. Suspecious JPEG Files
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #379
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Skills for the Future
By Don Parker
A lot of the emails sent to me ask a basic question: Just how does one break
into computer security or what skills should you learn to get that first
security job. Lately though, I have been receiving many more queries on
specifically how one can leverage an existing skill set to become an
information-technology security analyst.
http://www.securityfocus.com/columnists/464

2. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion
before -- either with our parents or our kids. A recent case from North Dakota
reveals that the difference between those two concepts may lead not only to
civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463



II.  BUGTRAQ SUMMARY
--------------------
1. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
BugTraq ID: 27655
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27655
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails
to perform adequate boundary checks on user-supplied GIF image data before
copying it to an insufficiently sized buffer.

Successful exploits may allow attackers to execute arbitrary code in the context
of applications that use the affected toolkit. Failed exploit attempts likely
result in denial-of-service conditions.

Versions prior to TCL/TK 8.5.1 are vulnerable to this issue.

2. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer
Overflow Vulnerability
BugTraq ID: 24195
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/24195
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied data before copying it to an
insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser
privileges, facilitating the complete remote compromise of affected computers.
Failed exploit attempts will result in a denial of service.

This issue affects Samba 3.0.25rc3 and prior versions.

3. WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability
BugTraq ID: 27633
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27633
Summary:
WordPress is prone to a vulnerability that lets remote attackers execute
arbitrary code because the application fails to sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary PHP code within the
context of the affected webserver process.

This issue affects these versions:

WordPress 2.3.2 and earlier
WordPress MU 1.3.1 and earlier

4. Documentum Products 'dmclTrace.jsp' Arbitrary File Overwrite Vulnerability
BugTraq ID: 27632
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27632
Summary:
Multiple Documentum products are prone to a vulnerability that could permit an
attacker to overwrite arbitrary files because the software fails to verify
user-supplied input.

A remote attacker can exploit this issue to overwrite arbitrary files on the
victim's computer.  This can allow the attacker to upload and execute arbitrary
scripts in the context of the user running the affected application.

This issue affects the following:

Documentum Administrator 5.3.0.313
Documentum Webtop 5.3.0.317

Other Documentum applications and versions may also be affected.

5. Mailman 'list templates' and 'list info' Multiple HTML Injection
Vulnerabilities
BugTraq ID: 27630
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27630
Summary:
Mailman is prone to multiple HTML-injection vulnerabilities because it fails to
properly sanitize user-supplied input. 

Attacker-supplied HTML and script code could execute in the context of the
affected website, potentially allowing an attacker to steal cookie-based
authentication credentials or to control how the site is rendered to the user;
other attacks are also possible.

These issues affect Mailman 2.1.9; prior versions may also be affected.

6. RaidenHTTPD Prior to 2.0.22 Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 27628
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27628
Summary:
RaidenHTTPD is prone to an unspecified cross-site scripting vulnerability
because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help an attacker steal cookie-based authentication
credentials and launch other attacks.

RaidenHTTPD 2.0.19 is vulnerable to this issue; prior versions may also be
affected.

7. RMSOFT Gallery System For XOOPS 'images.php' SQL Injection Vulnerability
BugTraq ID: 27623
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27623
Summary:
RMSOFT Gallery System for XOOPS is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

This issue affects RMSOFT Gallery System 2.0; other versions may also be
vulnerable.

8. Pagetool 'search_term' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 27653
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27653
Summary:
Pagetool is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

Pagetool 1.0.7 is vulnerable; other versions may also be affected.

9. LinPHA Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 27678
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27678
Summary:
LinPHA is prone to multiple cross-site scripting vulnerabilities because it
fails to sufficiently sanitize user-supplied input data.

Attackers can leverage these issues to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help attackers steal cookie-based authentication credentials and launch other
attacks.

Versions prior to LinPHA 1.3.3 are vulnerable.

10. Microsoft February 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 27674
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27674
Summary:
Microsoft has released advance notification that the vendor will be releasing
twelve security bulletins on February 12, 2008. The highest severity rating for
these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to
compromise affected computers.

Individual records will be created for each issue when the bulletins are
released.

11. RETIRED: dBpowerAMP Audio Player M3U Buffer Overflow Vulnerability
BugTraq ID: 27639
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27639
Summary:
dBpowerAMP Audio Player is prone to a buffer-overflow vulnerability because it
fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of  the application. Failed exploit attempts will cause
denial-of-service conditions.

This issue affects dBpoweramp Audio Player Release 2; other versions may also be
affected.

NOTE: This BID is being retired because the vulnerability discussed was
previously documented in BID 27635.

12. photokorn 'pic' Parameter SQL Injection Vulnerability
BugTraq ID: 27627
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27627
Summary:
The photokorn gallery is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

This issue affects photokorn 1.543; other versions may also be vulnerable.

13. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability
BugTraq ID: 27681
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27681
Summary:
IBM DB2 is prone to a buffer-overflow vulnerability because the application
fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of
the affected service. Successfully exploiting this issue may facilitate in the
remote compromise of affected computers. Failed exploit attempts will likely
crash the affected application.

NOTE: This vulnerability was previously disclosed in BID 27596 (IBM DB2
Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local
Vulnerabilities). Due to more information, it has been assigned its own record.

14. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation
Vulnerability
BugTraq ID: 27680
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27680
Summary:
IBM DB2 Universal Database Server is prone to a local privilege-escalation
vulnerability because of how the application contructs library paths.

Exploiting this issue allows local attackers to gain root privileges.  Note that
an attacker must be able to execute the set-uid root 'db2pd' binary to exploit
this issue.

DB2 Universal Database Server 9.1 FixPack 2 on Linux systems is vulnerable.
Other versions, including those for other UNIX platforms, are suspected to be
vulnerable.

NOTE: This vulnerability was previously disclosed in BID 27596 'IBM DB2
Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local
Vulnerabilities'.  Due to more information, it has been assigned its own record.

15. Joomla! and Mambo com_doc Component 'sid' Parameter SQL Injection
Vulnerability
BugTraq ID: 27679
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27679
Summary:
The Joomla! and Mambo 'com_doc' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

16. Joomla! and Mambo com_sermon Component 'gid' Parameter SQL Injection
Vulnerability
BugTraq ID: 27673
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27673
Summary:
The Joomla! and Mambo 'com_sermon' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

17. Joomla! and Mambo YNews Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27649
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27649
Summary:
Joomla! and Mambo YNews component is prone to an SQL-injection vulnerability
because the application fails to properly sanitize user-supplied input before
using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects YNews 1.0.0; other versions may also be affected.

18. Joomla! and Mambo com_downloads Component 'filecatid' Parameter SQL
Injection Vulnerability
BugTraq ID: 27648
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27648
Summary:
The Joomla! and Mambo 'com_downloads' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

19. OpenSiteAdmin 'path' Multiple Remote File Include Vulnerabilities
BugTraq ID: 27640
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27640
Summary:
OpenSiteAdmin is prone to multiple remote file-include vulnerabilities because
it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and
the underlying system; other attacks are also possible.

These issues affect OpenSiteAdmin 0.9.1 BETA; prior versions may also be
vulnerable.

20. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local
Vulnerabilities
BugTraq ID: 27596
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27596
Summary:
IBM DB2 Universal Database Server is prone to multiple local vulnerabilities,
including:

- An unspecified local vulnerability 
- A local security-bypass vulnerability

Attackers can exploit these issues to compromise the affected application,
execute arbitrary code within the context of the affected application, and
bypass certain security restrictions. Other attacks are also possible.

These issues affect  versions prior to IBM DB2 Universal Database Server 8.2
Fixpak 16.

NOTE: Two issues that were previously documented in this BID were given their
own records to better document the details: BID 27681 ('IBM DB2 Universal
Database DAS Buffer Overflow Vulnerability') and BID 27680 ('IBM DB2 Universal
Database Server 'db2db' Local Privilege Escalation Vulnerability').

21. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow
Vulnerability
BugTraq ID: 22553
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/22553
Summary:
Total Video Player is prone to a buffer-overflow vulnerability because the
application fails to properly verify the size of user-supplied data before
copying it into an insufficiently sized process buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code
in the context of the user running the affected application. Failed exploit
attempts will likely crash applications, denying service to legitimate users.

This issue affects Total Video Player 1.03; other versions may also be
vulnerable.

UPDATE (February 7, 2008): Total Video Player 1.20 is also affected.

22. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
BugTraq ID: 24147
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/24147
Summary:
Apache HTTP server running with the Tomcat JK Web Server Connector is prone to a
security-bypass vulnerability because it decodes request URLs multiple times.

Exploiting this issue allows attackers to access restricted files in the Tomcat
web directory. This can expose sensitive information that could help attackers
launch further attacks.

This issue is present in versions  prior to Apache Tomcat JK Connector 1.2.23.

23. IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21440
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/21440
Summary:
IBM Tivoli Storage Manager is prone to multiple buffer-overflow vulnerabilities
because the application fails to check the size of message fields before copying
them into finite-sized internal memory buffers. 

An attacker can exploit these issues to execute arbitrary code within the
context of the Tivoli application. This may facilitate the compromise of
affected servers. Authentication is not required to leverage these issues.

Tivoli Storage Manager versions prior to and including 5.2.9 and 5.3.4 are
confirmed affected by these issues.

24. Multiple Vendors BIND 'inet_network()' Off-by-One Buffer Overflow
Vulnerability
BugTraq ID: 27283
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27283
Summary:
Multiple applications that use the 'libbind' BIND library are prone to an 
off-by-one buffer-overflow vulnerability because the 'inet_network()'  function
fails to properly bounds-check user-supplied input before  copying it to an
insufficiently sized memory buffer. 

Successfully exploiting this issue may allow attackers to execute arbitrary
machine code in the context of applications that use the affected library.
Failed exploit attempts may crash applications, denying service to legitimate
users.

25. Linux Kernel Driver Fault Handler 'mmap.c' Local Denial of Service
Vulnerability
BugTraq ID: 27705
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27705
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it
fails to properly bounds-check certain device driver fault handlers.

Attackers can exploit this issue to trigger kernel crashes, denying service to
legitimate users. Given the nature of this issue, attackers may also be able to
execute arbitrary code, but this has not been confirmed.

Versions prior to Linux kernel 2.6.24.1 are vulnerable.

26. Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access
Vulnerabilities
BugTraq ID: 27704
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27704
Summary:
The Linux kernel is prone to multiple memory access vulnerabilities, including: 

- A vulnerability that allows unauthorized users to read arbitrary memory
locations. 
- A vulnerability that allows unauthorized users to write to arbitrary memory
locations.

An attacker can exploit these issues to read and write to arbitrary memory
locations on the affected computer.

This issue affects Linux kernel versions prior to 2.6.24.1.

27. libexif Image Tag Remote Integer Overflow Vulnerability
BugTraq ID: 26942
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26942
Summary:
The libexif library is prone to an integer-overflow vulnerability because the
software fails to ensure that integer values are not overrun.

Successful exploits of this vulnerability allow remote attackers to execute
arbitrary machine code in the context of an application using the vulnerable
library. Failed attempts will likely result in denial-of-service conditions.

28. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
BugTraq ID: 26701
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26701
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that
may aid in further attacks.

Versions of the Linux kernel prior to 2.6.24-rc4 are vulnerable.

29. ImageMagick File Name Handling Remote Format String Vulnerability
BugTraq ID: 12717
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/12717
Summary:
ImageMagick is reported prone to a remote format-string vulnerability. 

Reportedly, this issue arises when the application handles malformed filenames.
An attacker can exploit this vulnerability by crafting a malicious file with a
name that contains format specifiers and sending the file to an unsuspecting
user. 

Note that there are other attack vectors that may not require user interaction,
since the application can be used with custom printing systems and web
applications. 

A successful attack may crash the application or lead to arbitrary code
execution. 

All versions of ImageMagick are considered vulnerable at the moment.

30. ImageMagick Image Filename Remote Command Execution Vulnerability
BugTraq ID: 16093
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/16093
Summary:
ImageMagick is prone to a remote shell command-execution vulnerability. 

Successful exploitation can allow arbitrary commands to be executed in the
context of the affected user. Note that attackers could exploit this issue
through other applications that use ImageMagick as the default image viewer. 

ImageMagick 6.2.4.5 is reportedly vulnerable. Other versions may be affected as
well.

31. SafeNET HighAssurance Remote and SoftRemote IPSecDrv.SYS Local Privilege
Escalation Vulnerability
BugTraq ID: 27496
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27496
Summary:
SafeNET HighAssurance Remote and SoftRemote are prone to a local
privilege-escalation vulnerability.

A successful exploit allows a local attacker to gain SYSTEM-level privileges on
affected computers.

This issue affects 'IPSecDrv.sys' 10.4.0.12 when running on Windows operating
systems. The driver is included with SafeNET HighAssurance Remote and SafeNET
HighAssurance SoftRemote. This issue may also affect other versions as well as
versions running on other operating platforms.

32. Philboard Philboard_forum.ASP SQL Injection Vulnerability
BugTraq ID: 22532
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/22532
Summary:
Philboard is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

33. husrevforum Philboard_forum.ASP SQL Injection Vulnerability
BugTraq ID: 24928
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/24928
Summary:
The 'husrevforum' program is prone to an SQL-injection vulnerability because it
fails to properly sanitize user-supplied input before using it in an SQL query. 
 
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects husrevforum v 1.0.1 (tr); other versions may be affected as
well.

34. Ipswitch Instant Messaging 2.0.8.1 Multiple Security Vulnerabilities
BugTraq ID: 27677
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27677
Summary:
Ipswitch Instant Messaging is prone to multiple security vulnerabilities,
including a denial-of-service vulnerability, a format-string vulnerability, and
a vulnerability that allows attackers to overwrite arbitrary files. 

Attackers can exploit these issues to execute arbitrary code, cause
denial-of-service conditions, or overwrite files with arbitrary content.

These issues affect Ipswitch Instant Messaging 2.0.8.1; other versions may also
be affected.

35. Netpbm GIFtoPNM Utility Buffer Overflow Vulnerability
BugTraq ID: 27682
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27682
Summary:
Netpbm is prone to a buffer-overflow vulnerability because it fails to perform
adequate boundary checks on user-supplied input.

The precise implications of this issue are currently unavailable, but given the
nature of the issue, a successfully exploit may allow remote attackers to
execute arbitrary code in the context of the application. Failed exploit
attempts will likely cause denial-of-service conditions.

Versions prior to Netpbm 10.27 are vulnerable.

36. IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflow Vulnerabilities
BugTraq ID: 11084
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/11084
Summary:
Multiple buffer-overflow vulnerabilities are reported to reside in the
Iimlib/Imlib2 libraries. These issues may be triggered when handling malformed
bitmap images.  
 
A remote attacker could exploit these vulnerabilities to cause a denial of
service in applications that use the vulnerable library to render images.
Reportedly, attackers may also exploit these vulnerabilities to execute
arbitrary code.

37. Adobe Acrobat and Reader Multiple Unspecified Security Vulnerabilities
BugTraq ID: 27641
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27641
Summary:
Adobe Acrobat Reader are prone to multiple unspecified security vulnerabilities.

No further details are currently available. We will update this BID as more
information emerges.

Versions  prior to Adobe Acrobat and Adobe Reader 8.1.2 are vulnerable to these
issues.

UPDATE (February 8, 2008): One of these issues is caused by a design error and
can be leveraged to gain unauthorized access to an unsuspecting user's printer.
Further details regarding this issue are still unavailable.

38. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
BugTraq ID: 26438
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26438
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it into an
insufficiently sized buffer. 

An attacker can exploit this issue to execute arbitrary code with kernel-level
privileges or cause the affected kernel to crash, denying service to legitimate
users. 

This issue affects version 2.6.23.1; previous versions may also be affected.

39. Sift Unity 'search.cgi' Cross-Site Scripting Vulnerability
BugTraq ID: 27684
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27684
Summary:
Sift Unity is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

40. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability
BugTraq ID: 27665
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27665
Summary:
IBM WebSphere Edge Server Caching Proxy is prone to a cross-site scripting
vulnerability that affects the caching proxy server because it fails to properly
sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

The vulnerability affects Caching Proxy 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, and 6.1.
Other versions may also be affected.

41. osCommerce 'customer_testimonials.php' SQL Injection Vulnerability
BugTraq ID: 27664
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27664
Summary:
osCommerce is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

osCommerce 3.1 is vulnerable; other versions may also be affected.

42. mini-Pub 'sFileName' Parameter Multiple Input Validation Vulnerabilities
BugTraq ID: 27671
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27671
Summary:
mini-Pub is prone to multiple input-validation vulnerabilities because it fails
to properly sanitize user-supplied input.

These issues include:

- a local file-include vulnerability
- a remote file-include vulnerability
- an  arbitrary-command-execution vulnerability

Exploiting these issues can allow attackers to access potentially sensitive
information, to execute arbitrary script code in the context of the webserver
process, to steal cookie-based authentication credentials, or to compromise the
application and the underlying computer.

mini-Pub 0.3 is vulnerable; other versions may also be affected.

43. RETIRED: Philboard 'philboard_forum.asp' SQL Injection Vulnerability
BugTraq ID: 27696
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27696
Summary:
Philboard is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Philboard 1.14 is vulnerable; other versions may also be affected.

RETIRED: This BID is being retired because the issue described is already
covered by BID 22532.

44. HP Select Identity 4.20 and Prior Unspecified Remote Unauthorized Access
Vulnerability
BugTraq ID: 27667
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27667
Summary:
HP Select Identity is prone to an unauthorized-access vulnerability.

A remote attacker can exploit this issue to gain unauthorized access to affected
computers.

45. MODx HTML Injection Vulnerability and Multiple Cross-Site Scripting
Vulnerabilities
BugTraq ID: 27672
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27672
Summary:
MODx is prone to an HTML-injection vulnerability and multiple cross-site
scripting vulnerabilities because it fails to properly sanitize user-supplied
input. 

An attacker may leverage these issues to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

MODx 0.9.6.1 and 0.9.6.1p1 are vulnerable; other versions may also be affected.

46. Check Point VPN SecureClient/SecuRemote Local Login Credentials Information
Disclosure Vulnerability
BugTraq ID: 27675
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27675
Summary:
Check Point VPN-1 SecureClient/SecuRemote client for Microsoft Windows is prone
to an information-disclosure vulnerability because it fails to protect users'
login credentials.

Attackers can exploit this issue to harvest VPN login credentials and gain
unauthorized access to  networks and resources protected by the VPN.  This may
lead to further attacks.

47. WordPress 'xmlrpc.php' Post Edit Unauthorized Access Vulnerability
BugTraq ID: 27669
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27669
Summary:
WordPress is prone to an unauthorized access vulnerability.

Attackers can exploit this issue to edit other users' posts. Successfully
exploiting this issue may lead to other attacks. 
 
  This issue affects  versions prior to WordPress 2.3.3.

48. libexif Image Tag Remote Denial Of Service Vulnerability
BugTraq ID: 26976
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26976
Summary:
The libexif library is prone to a denial-of-service vulnerability because of an
infinite-recursion error.

Exploiting this issue allows remote attackers to cause denial-of-service
conditions in the context of an application using the vulnerable library.

49. RETIRED: MailBee Objects 'MailBee.dll' ActiveX Control Multiple Insecure
Method Vulnerabilities
BugTraq ID: 27481
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27481
Summary:
MailBee Objects ActiveX control is prone to multiple vulnerabilities that allow
attackers to create or overwrite arbitrary data with the privileges of the
application using the control (typically Internet Explorer).

Successful exploits can compromise affected computers or cause denial-of-service
conditions; other attacks are possible.

MailBee Objects 5.5 is vulnerable; other versions may also be affected.

NOTE: This BID is being retired because the affected control is marked as not
safe for scripting. This information was provided by the vendor.

50. MySQL Server RENAME TABLE System Table Overwrite Vulnerability
BugTraq ID: 26765
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26765
Summary:
MySQL is prone to a local denial-of-service vulnerability because the database
server fails to properly handle unexpected symbolic links.

Exploiting this issue allows attackers with local access to affected computers
to overwrite MySQL system tables. Further attacks against the MySQL database and
potentially the underlying operating system may be possible.

This issue affects versions prior to MySQL 5.0.51.

51. MySQL Rename Table Function Access Validation Vulnerability
BugTraq ID: 24016
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/24016
Summary:
MySQL is prone to an access-validation vulnerability because it fails to perform
adequate access control.

Attackers can exploit this issue to rename arbitrary tables. This could result
in denial-of-service conditions and may aid in other attacks.

Versions prior to MySQL 4.1.23, 5.0.42, and 5.1.18 are vulnerable.

52. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
BugTraq ID: 26650
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26650
Summary:
Cairo is prone to an integer-overflow vulnerability because it fails to ensure
that integer values aren't overrun. Attackers may exploit this issue to overflow
a buffer and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of an
affected application. Failed exploit attempts will likely result in a
denial-of-service condition.

This issue affects versions prior to Cairo 1.4.12.

53. Moodle 'install.php' Cross Site Scripting Vulnerability
BugTraq ID: 27259
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27259
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input.

 An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

This issue affects versions prior to Moodle 1.8.4.

54. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27355
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27355
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser
privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server
Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities),
but has been given its own record to better document the issue.

55. MySQL Security Invoker Privilege Escalation Vulnerability
BugTraq ID: 24011
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/24011
Summary:
MySQL is prone to a privilege-escalation vulnerability because it fails to
adequately restore access privileges during certain routines.

A remote authenticated attacker can exploit this issue to gain elevated
privileges on an affected database.

These versions are vulnerable:

MySQL 5 prior to 5.0.40
MySQL 5.1 prior to 5.1.18

56. PHP Multiple Input Validation Vulnerabilities
BugTraq ID: 19582
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/19582
Summary:
PHP is prone to multiple input-validation vulnerabilities. Successful exploits
could allow an attacker to write files in unauthorized locations, cause a
denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 4.4.3 and 5.1.4; other versions may also
be vulnerable.

57. Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass
Vulnerability
BugTraq ID: 27644
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27644
Summary:
Symantec Ghost Solution Suite is prone to an authentication-bypass
vulnerability. 

Attackers can exploit this issue by sending a spoofed ARP packet to the affected
client.

Successfully exploiting this issue will allow attackers to impersonate the
Symantec Ghost Solution Suite server and execute arbitrary commands on the
client with SYSTEM-level privileges, facilitating the complete compromise of
affected computers.
  
This issue affects Symantec Ghost Solution Suite 1.1, 2.0.0, and 2.0.1.

NOTE: Users who do not use the Ghost Console or the Ghost Management Agent are
not affected.

58. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
BugTraq ID: 27350
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27350
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser
privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server
Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities),
but has been given its own record to better document the issue.

59. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
BugTraq ID: 23927
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/23927
Summary:
The libexif library is prone to an integer-overflow vulnerability because the
software fails to properly ensure that integer math operations do not result in
overflows.

Successful exploits of this vulnerability allow remote attackers to execute
arbitrary machine code in the context of an application using the vulnerable
library. Failed attempts will likely result in denial-of-service conditions.
 
Versions of libexif prior to 0.6.14 are vulnerable to this issue.

60. MySQL Server Privilege Escalation And Denial Of Service Vulnerabilities
BugTraq ID: 26832
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26832
Summary:
MySQL is prone to multiple vulnerabilities, including privilege-escalation and
denial-of-service issues.

Exploiting the privilege-escalation vulnerability may allow attackers to perform
certain actions with elevated privileges. Successful exploits of the
denial-of-service issue will cause the database server to crash, denying service
to legitimate users.

These issues affect versions prior to MySQL 5.0.52, MySQL 5.1.23, and MySQL
6.0.4.

61. PADL Nss_ldap Race Condition Security Vulnerability
BugTraq ID: 26452
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26452
Summary:
PADL 'nss_ldap' is prone to a race-condition security vulnerability; fixes are
available.

An attacker may exploit this condition to obtain potentially sensitive data or
to launch other attacks against an application that employs the vulnerable
function.

The issue affects versions prior to PADL 'nss_ldap' Build 259.

62. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27351
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27351
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser
privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server
Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities),
but has been given its own record to better document the issue.

63. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27353
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27353
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser
privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server
Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities),
but has been given its own record to better document the issue.

64. MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of
Service Vulnerability
BugTraq ID: 26353
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26353
Summary:
MySQL is prone to a remote denial-of-service vulnerability because the database
server fails to properly handle unexpected input.

Exploiting this issue allows remote attackers to crash affected database
servers, denying service to legitimate users. Attackers must be able to execute
arbitrary SQL statements on affected servers, which requires valid credentials
to connect to affected servers.

This issue affects MySQL 5.1.23 and prior versions.

65. Python ImageOP Module Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25696
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/25696
Summary:
Python's imageop module is prone to multiple integer-overflow vulnerabilities
because it fails to properly bounds-check user-supplied input to ensure that
integer operations do not overflow.

To successfully exploit these issues, an attacker must be able to control the
arguments to imageop functions. Remote attackers may be able to do this,
depending on the nature of applications that use the vulnerable functions.

Attackers would likely submit invalid or specially crafted images to
applications that perform imageop operations on the data.

A successful exploit may allow attacker-supplied machine code to run in the
context of affected applications, facilitating the remote compromise of
computers.

66. Astanda Directory Project 'detail.php' SQL Injection Vulnerability
BugTraq ID: 27646
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27646
Summary:
Astanda Directory Project is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Astanda Directory Project 1.2 and 1.3 are affected by this issue; other versions
may also be vulnerable.

67. MySQL IF Query Handling Remote Denial Of Service Vulnerability
BugTraq ID: 23911
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/23911
Summary:
MySQL is prone to a remote denial-of-service vulnerability because it fails to
handle certain specially crafted queries.

An attacker can exploit this issue to crash the application, denying access to
legitimate users. 
 
NOTE: An attacker must be able to execute arbitrary SELECT statements against
the database to exploit this issue. This may be through legitimate means or by
exploiting other latent SQL-injection vulnerabilities.

Versions prior to MySQL 5.0.40 are vulnerable.

68. Symantec Altiris Notification Server Agents Shatter Attack Privilege
Escalation Vulnerability
BugTraq ID: 27645
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27645
Summary:
Symantec Altiris Notification Server Agents are prone to shatter attacks that
can result in an escalation of privileges.

Successful exploits will completely compromise affected computers.

69. MyNews 'hash' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 27652
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27652
Summary:
MyNews is prone to a cross-site scripting vulnerability. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site.  This may
help the attacker steal cookie-based authentication credentials and launch other
attacks. 

MyNews 1.6.4 and prior versions are vulnerable.

70. Mozilla Firefox 2.0.0.11 Multiple Remote Vulnerabilities
BugTraq ID: 27683
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27683
Summary:
The Mozilla Foundation has released multiple security advisories specifying
various vulnerabilities in Firefox 2.0.0.11 and prior versions.

Exploiting these issues can allow attackers to:

- remotely execute arbitrary code 
- cause denial-of-service conditions
- hide contents of security warnings
- access sensitive information 
- escape sandbox and execute scripts with chrome privileges
- inject script code into other sites and violate the same-origin policy

Other attacks are possible.

These issues are present in Firefox 2.0.0.11 and prior versions. Mozilla
Thunderbird 2.0.0.9 and prior versions as well as SeaMonkey 1.1.7 and prior
versions are also affected by many of these vulnerabilities.

71. TinTin++ and WinTin++ '#chat' Command Multiple Security Vulnerabilities
BugTraq ID: 27660
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27660
Summary:
TinTin++ and WinTin++ are prone to multiple security vulnerabilities affecting
the application's '#chat' functionality.  These issues include a buffer-overflow
vulnerability, a denial-of-service vulnerability, and a file-overwrite
vulnerability.

Attackers can exploit these issues to execute arbitrary code, cause
denial-of-service conditions, or overwrite files with arbitrary content.

These issues affect TinTin++ and WinTin++ 1.97.9; other versions may also be
affected.

72. WS_FTP Server Manager Authentication Bypass and Information Disclosure
Vulnerabilities
BugTraq ID: 27654
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27654
Summary:
WS_FTP Server Manager is prone to an authentication-bypass vulnerability and an
information-disclosure vulnerability.

An attacker can exploit these issues to gain unauthorized access to the affected
application and gain access to potentially sensitive information. 

These issues affect WS_FTP Server Manager 6.1.0.0; prior versions may also be
affected.

73. KAME Project IPv6 IPComp Header Denial Of Service Vulnerability
BugTraq ID: 27642
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27642
Summary:
The KAME project is prone to a denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash affected
computers, denying service to legitimate users.

Operating systems that have IPv6 networking derived from the KAME project's IPv6
implementation may be vulnerable to this issue. Please see the references for a
list of vendors that may be affected by this issue.

74. Mihalism Multi Host 'users.php' SQL Injection Vulnerability
BugTraq ID: 27651
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27651
Summary:
Mihalism Multi Host is prone to an SQL-injection vulnerability because it fails
to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Mihalism Multi Host 3.0.0 is vulnerable; other versions may also be affected.

75. OpenBSD PRNG DNS Cache Poisoning and Predictable IP ID Weakness
BugTraq ID: 27647
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27647
Summary:
A PRNG originating in OpenBSD is prone to a weakness that exposes DNS
cache-poisoning and predictable IP ID sequence issues. This issue stems from a
flaw in the linear congruential generator (LCG) pseudo-random number generator
algorithm.
 
An attacker may leverage this issue to manipulate DNS cache data, potentially
facilitating man-in-the-middle, site-impersonation, or denial-of-service
attacks. The attacker  may also predict IP ID sequences, allowing them to
perform OS fingerprinting, network idle-scanning, and potentially TCP blind
data-injection attacks.

The BIND 9 server included in OpenBSD 3.3 through to 4.2 is vulnerable to this
issue. The vulnerable PRNG algorithm and variants are also used in the IP ID
sequence generation in OpenBSD 2.6 through to 4.2.

The vulnerable PRNG has also been ported to other operating systems, including:

Mac OS X and Mac OS X Server 10.0 through to 10.5.1
Darwin 1.0 through to 9.1
FreeBSD 4.4 through to 7.0
NetBSD 1.6.2 through to 4.0
DragonFlyBSD 1.0 through to 1.10.1.

FreeBSD, NetBSD, and DragonFlyBSD are affected only if they enable the PRNG's
use through the 'net.inet.ip.random_id' sysctl to 1. This is a nondefault
configuration change.

Other operating systems and versions may also be affected.

76. HP Storage Essentials SRM Unspecified Remote Unauthorized Access
Vulnerability
BugTraq ID: 27643
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27643
Summary:
HP Storage Essentials SRM (Storage Resource Management) is prone to an
unauthorized-access vulnerability.

An attacker can exploit this issue to gain remote unauthorized access to
affected computers.

Versions prior to Storage Essentials SRM Standard and Enterprise 6.0.0 are
vulnerable.

77. Sun Java RunTime Environment Read and Write Permission Multiple Privilege
Escalation Vulnerabilities
BugTraq ID: 27650
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27650
Summary:
Sun Java Runtime Environment is prone to multiple privilege-escalation
vulnerabilities when running untrusted applications or applets.

Successful exploits will compromise arbitrary data and possibly the underlying
computer.

These issues affect the following versions:

JDK and JRE 6 Update 1 and earlier
JDK and JRE 5.0 Update 13 and earlier.

78. Webmin Search Feature Cross-Site Scripting Vulnerability
BugTraq ID: 27662
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27662
Summary:
Webmin is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

Webmin 1.390 and Usermin 1.300 are vulnerable; other versions may also be
affected.

79. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
BugTraq ID: 23615
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/23615
Summary:
IPv6 protocol implementations are prone to a denial-of-service vulnerability due
to a design error.

 Exploiting this issue allows attackers to cause denial-of-service conditions.

This issue is related to the issue discussed in BID 22210 (Cisco IOS IPv6 Source
Routing Remote Memory Corruption Vulnerability).

80. Linux Kernel AACRAID Driver Local Security Bypass Vulnerability
BugTraq ID: 25216
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/25216
Summary:
The Linux kernel is prone to a security-bypass vulnerability.

A local attacker may exploit this vulnerability to issue IOCTL commands to
AACRAID devices. This may lead to denial-of-service conditions, including data
loss and computer crashes.

Versions prior to 2.6.23-rc2 are vulnerable.

81. Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution
Vulnerability
BugTraq ID: 27536
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27536
Summary:
Gnumeric is prone to a vulnerability that lets remote attakers execute arbitrary
code.

Attackers may exploit this issue to corrupt memory and execute machine code in
the context of the affected application. Failed exploit attempts will result in
denial-of-service conditions.

The issue affects Gnumeric 1.6.3; other versions may also be vulnerable.

82. Trolltech Qt QSslSocket Class Certificate Verification Security Bypass
Vulnerability
BugTraq ID: 27112
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27112
Summary:
Trolltech Qt QSslSocket class is prone to a security-bypass vulnerability
because of an unspecified error in the certificate-validation functionality.

Remote attackers can exploit this issue to successfully authenticate to
applications using QSslSocket with an unverified spoofed certificate; other
attacks may also be possible.

This issue affects Qt 4.3.0, 4.3.1, and 4.3.2.

83. Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure
Vulnerability
BugTraq ID: 27406
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27406
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability because it
fails to restrict access to local JavaScript, images and stylesheets files.

Attackers can exploit this issue to gain access to potentially sensitive
information that could aid in further attacks.

Firefox 2.0.0.11 is vulnerable; other versions may also be affected.

NOTE: For an exploit to succeed, a user must have an addon installed that does
not store its contents in a '.jar' file. The attacker would have to target a
specific addon that uses "flat" packaging.

84. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying
vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

85. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
BugTraq ID: 27352
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27352
Summary:
X.Org X Server is prone to a buffer-overflow vulnerability because it fails to
perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges
of the server. Failed attacks will cause denial-of-service conditions.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server 
Multiple Local Privilege Escalation and Information Disclosure 
Vulnerabilities), but has been given its own record to better document the 
issue.

86. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
BugTraq ID: 27356
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27356
Summary:
X.Org X Server is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to gain access to sensitive information that
may lead to further attacks.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server
Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities),
but has been given its own record to better document the issue.

87. X.Org X Server 'PassMessage' Request Local Privilege Escalation
Vulnerability
BugTraq ID: 27354
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27354
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability. 

Attackers can exploit this issue to execute arbitrary code with superuser
privileges. Successfully exploiting this issue will result in the complete
compromise of an affected computer. Failed exploit attempts will likely crash
the computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server
Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities),
but has been given its own record to better document the issue.

88. Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
BugTraq ID: 26880
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26880
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it
fails to properly handle certain 'hrtimers' relative timeout values.

Attackers can exploit this issue to trigger kernel crashes, denying service to
legitimate users. Given the nature of this issue, attackers may also be able to
execute arbitrary code, but this has not been confirmed.

Versions prior to Linux kernel 2.6.23.10 are vulnerable.

89. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
BugTraq ID: 25387
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/25387
Summary:
The Linux kernel is prone to a security-bypass weakness when dealing with signal
handling.

This issue occurs because the software fails to properly validate access when
the parent process tries to deliver its death signal to the child that
registered it via 'prctl'.

A local attacker may exploit this issue to bypass certain security restrictions,
which may lead to other attacks.

Linux kernel versions prior to 2.6.22.4 are vulnerable.

90. Linux Kernel IEEE80211 HDRLen Remote Denial Of Service Vulnerability
BugTraq ID: 26337
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26337
Summary:
The Linux kernel ieee80211 driver is prone to a remote denial-of-service
vulnerability because it fails to perform adequate boundary checks on
user-supplied data.

An attacker can exploit this issue to crash a victim computer, effectively
denying service.

Versions prior to Linux kernel 2.6.22.11 are vulnerable.

91. Linux Kernel VFS Unauthorized File Access Vulnerability
BugTraq ID: 27280
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27280
Summary:
The Linux kernel is prone to an unauthorized file-access vulnerability affecting
the VFS (Virtual Filesystem) module.

A local attacker can exploit this issue to access arbitrary files on the
affected computer. Successfully exploiting this issue may grant the attacker
elevated privileges on affected computers. Other attacks are also possible.

This issue affects kernel versions prior to 2.6.23.14.

92. Linux Kernel CIFS Local Security Bypass Weakness
BugTraq ID: 25244
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/25244
Summary:
The Linux kernel is prone to a security-bypass weakness.

A local attacker may exploit this issue to bypass certain security restrictions,
which may lead to other attacks.

Linux kernel versions prior to 2.6.23-rc1 are vulnerable.

93. Linux Kernel CIFS Local Privilege Escalation Vulnerability
BugTraq ID: 25672
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/25672
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

An attacker could exploit this issue to execute arbitrary code with the
privileges of the victim.

94. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
BugTraq ID: 26605
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/26605
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it into an
insufficiently sized buffer. 

An attacker can exploit this issue to cause denial-of-service conditions. Given
the nature of this issue, the attacker may also be able to execute arbitrary
code, but this has not been confirmed.

This issue affects the Linux kernel versions prior to 2.6.23.10.

95. SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer Overflow
Vulnerability
BugTraq ID: 27417
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27417
Summary:
The SDL_image library is prone to a remote buffer-overflow vulnerability because
it fails to perform adequate boundary checks on user-supplied input. The issue
occurs when handling malformed GIF images.

Attackers can leverage this issue to execute arbitrary code in the context of an
application using the library. Successful exploits will compromise the
application and possibly the underlying computer. Failed attacks will cause
denial-of-service conditions.

Versions prior to SDL_image 1.2.7 are vulnerable.

96. SDL_image IFF ILBM File Remote Buffer Overflow Vulnerability
BugTraq ID: 27435
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27435
Summary:
The SDL_image library is prone to a remote buffer-overflow vulnerability because
it fails to perform adequate boundary checks on user-supplied input.

Attackers can leverage this issue to execute arbitrary code in the context of an
application using the library. Failed exploit attempts will likely cause
denial-of-service conditions.

The issue affects SDL_image 1.2.6; prior versions may also be vulnerable.

97. HP OpenView Network Node Manager 'ovtopmd' Denial of Service Vulnerability
BugTraq ID: 27629
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27629
Summary:
HP OpenView Network Node Manager is prone to a denial-of-service vulnerability.

An attacker may leverage this issue to crash the affected application, denying
service to affected users.

The issue affects HP OpenView Network Node Manager 6.41, 7.01, and 7.51.

98. Novell Challenge Response Client Local Clipboard Disclosure Weakness
BugTraq ID: 27631
Remote: No
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27631
Summary:
Novell Challenge Response Client is prone to a local information-disclosure
weakness because the software fails to properly restrict access to potentially
sensitive information.

Successful exploits may allow attackers with physical access to affected
computers to obtain the contents of the clipboard, even while the computer is in
a locked state. Information harvested may aid in further attacks.

99. dBpowerAMP Audio Player M3U Buffer Overflow Vulnerability
BugTraq ID: 27635
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27635
Summary:
dBpowerAMP Audio Player is prone to a buffer-overflow vulnerability because it
fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute
arbitrary code in the context of  the application. Failed exploit attempts will
cause denial-of-service conditions.

dBpowerAMP Audio Player 2.0.0 is vulnerable; other versions may also be
affected.

100. Apple iPhoto Photocast Subscription Remote Format String Vulnerability
BugTraq ID: 27636
Remote: Yes
Last Updated: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27636
Summary:
iPhoto is prone to a format-string vulnerability.

Exploiting this issue will allow attackers to execute arbitrary code with the
permissions of a user running the application. Failed attacks will likely cause
denial-of-service conditions. 

This issue affects versions prior to iPhoto 7.1.2.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Federal agencies miss deadline on secure configs
By: Robert Lemos
The U.S. government has made progress on moving to a standard configuration for
Windows XP and Windows Vista systems, but work remains.
http://www.securityfocus.com/news/11505

2. Universities fend off phishing attacks
By: Robert Lemos
Online fraudsters send e-mail messages that masquerade as help-desk requests for
usernames and passwords.
http://www.securityfocus.com/news/11504

3. Antivirus firms, test labs to form standards group
By: Robert Lemos
The makers of antivirus software as well as independent and media-sponsored
testing labs have agreed to create an industry group to standardize on methods
of evaluating anti-malware programs.
http://www.securityfocus.com/news/11502

4. Legitimate sites serving up stealthy attacks
By: Robert Lemos
The Random JS infection kit serves up malicious code that hides itself by
attempting to compromise each visitor only once and using a different file name
each time.
http://www.securityfocus.com/news/11501

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Evansville
http://www.securityfocus.com/archive/77/487546

2. [SJ-JOB] Compliance Officer, Deerfield
http://www.securityfocus.com/archive/77/487549

3. [SJ-JOB] Jr. Security Analyst, Deerfield
http://www.securityfocus.com/archive/77/487553

4. [SJ-JOB] Security Architect, Arlington
http://www.securityfocus.com/archive/77/487554

5. [SJ-JOB] Sales Engineer, Houston
http://www.securityfocus.com/archive/77/487540

6. [SJ-JOB] Security Engineer, St. Louis
http://www.securityfocus.com/archive/77/487550

7. [SJ-JOB] Technical Support Engineer, Columbia
http://www.securityfocus.com/archive/77/487552

8. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/487535

9. [SJ-JOB] Security Consultant, St. Louis
http://www.securityfocus.com/archive/77/487536

10. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/487548

11. [SJ-JOB] Auditor, Deerfield
http://www.securityfocus.com/archive/77/487551

12. [SJ-JOB] Security Engineer, St. Louis
http://www.securityfocus.com/archive/77/487537

13. [SJ-JOB] Senior Software Engineer, Alpharetta
http://www.securityfocus.com/archive/77/487538

14. [SJ-JOB] Application Security Architect, Coral Gables
http://www.securityfocus.com/archive/77/487539

15. [SJ-JOB] Director, Information Security, New York City
http://www.securityfocus.com/archive/77/487541

16. [SJ-JOB] Security System Administrator, Coral Gables
http://www.securityfocus.com/archive/77/487531

17. [SJ-JOB] Sr. Security Engineer, Edison
http://www.securityfocus.com/archive/77/487534

18. [SJ-JOB] Security System Administrator, Miami
http://www.securityfocus.com/archive/77/487542

19. [SJ-JOB] Security Engineer, Raleigh
http://www.securityfocus.com/archive/77/487545

20. [SJ-JOB] Security System Administrator, Denver
http://www.securityfocus.com/archive/77/487547

21. [SJ-JOB] Sr. Security Analyst, Coral Gables
http://www.securityfocus.com/archive/77/487530

22. [SJ-JOB] Security Architect, Washington
http://www.securityfocus.com/archive/77/487532

23. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/487544

24. [SJ-JOB] Security Researcher, Montpellier (France)
http://www.securityfocus.com/archive/77/487527

25. [SJ-JOB] Information Assurance Engineer, McLean
http://www.securityfocus.com/archive/77/487528

26. [SJ-JOB] Sr. Security Analyst, Wilmington
http://www.securityfocus.com/archive/77/487529

27. [SJ-JOB] Security System Administrator, McLean
http://www.securityfocus.com/archive/77/487533

28. [SJ-JOB] Sales Engineer, Houston
http://www.securityfocus.com/archive/77/487524

29. [SJ-JOB] Software Engineer, Remote
http://www.securityfocus.com/archive/77/487525

30. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/487526

31. [SJ-JOB] Incident Handler, Arlington & Reston
http://www.securityfocus.com/archive/77/487543

32. [SJ-JOB] Application Security Architect, Roseland, NJ
http://www.securityfocus.com/archive/77/487520

33. [SJ-JOB] Training / Awareness Specialist, Washington
http://www.securityfocus.com/archive/77/487521

34. [SJ-JOB] Senior Software Engineer, St.Louis
http://www.securityfocus.com/archive/77/487522

35. [SJ-JOB] Sales Engineer, Washington, DC
http://www.securityfocus.com/archive/77/487523

36. [SJ-JOB] Account Manager, Cambridgeshire
http://www.securityfocus.com/archive/77/487517

37. [SJ-JOB] Disaster Recovery Coordinator, Saint Charles
http://www.securityfocus.com/archive/77/487519

38. [SJ-JOB] Application Security Engineer, Amsterdam
http://www.securityfocus.com/archive/77/487515

39. [SJ-JOB] Training / Awareness Specialist, Amsterdam
http://www.securityfocus.com/archive/77/487516

40. [SJ-JOB] Security Architect, Leatherhead
http://www.securityfocus.com/archive/77/487518

41. [SJ-JOB] Security Engineer, Amsterdam
http://www.securityfocus.com/archive/77/487514

V.   INCIDENTS LIST SUMMARY
---------------------------
1. Possible Mail server compromise ?
http://www.securityfocus.com/archive/75/487488

VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Suspecious JPEG Files
http://www.securityfocus.com/archive/82/487494

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #379
http://www.securityfocus.com/archive/88/487457

VIII. SUN FOCUS LIST SUMMARY
----------------------------

IX. LINUX FOCUS LIST SUMMARY
----------------------------

XI.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical
event for ICT security experts. Featuring hands-on training courses and
Briefings presentations with lots of new content.  Network with 400+ delegates
from 30 nations and review products by leading vendors in a relaxed setting.
Black Hat Europe is supported by most leading European infosec associations.  
www.blackhat.com
[ terug ]