|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 3 No. 36
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Sun Sep 12 2004 - 21:58:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A very light week for security patching, but don't relax too much. We
have been told that Microsoft will announce two new vulnerabilities on
Tuesday, September 14, one of which is rated "critical" and will affect
Windows and Office and several other MS products. How do we know? MS
gave advanced warning to their "premium" customers.
Some of the vendor white papers offered this week are very interesting
- - worth the effort to fill out their registration form.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
September 13, 2004 Vol. 3. Week 36
*************************************************************************
Summary of the vulnerabilities reported this week:
- -------------------------------------------------------------------------
Category # of Updates & Vulnerabilities
Third Party Windows Apps 8 (#1, #4)
Mac Os 2 (#2)
Linux 1 (#5)
Solaris 1
Unix 1
Cross Platform 6 (#6)
Web Application 12 (#3)
Network Device 1
Hardware 1
***************** Sponsored This Week by FaceTime *************************
Secure IM and P2P
IM and P2P create serious corporate and security risks for the
enterprise, and traditional security tools provide an inadequate
defense. Learn how to protect your network from security threats and
violations. Download a free white paper from Osterman Research,
"Managing IM and P2P Threats in the Enterprise."
http://www.facetime.com/secure
***************************************************************************
Table of Contents:
Part I -- Critical Vulnerabilities
from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) MODERATE: Nullsoft Winamp ActiveX Buffer Overflow
(2) UPDATE: Apple Mac OS X Security Update
Other Software
(3) HIGH: SiteCubed MailWorksPro Authentication Bypass
(4) MODERATE: Altnet Download Manager ActiveX Buffer Overflow
(5) LOW: mpg123 MPEG Player Buffer Overflow
(6) LOW: Trillian MSN Messenger Buffer Overflow
Part II -- Comprehensive List of Newly Discovered Vulnerabilities
from Qualys (www.qualys.com)
-- Third Party Windows Apps
04.36.1 - TYPSoft FTP Server Denial of Service
04.36.2 - IMail Server Multiple Denial of Service
04.36.3 - Nullsoft Winamp ActiveX Control Remote Buffer Overflow
04.36.4 - Ipswitch WhatsUp Gold Remote Buffer Overflow
04.36.5 - Ipswitch WhatsUp Gold prn.htm Denial of Service
04.36.6 - eZ/eZphotoshare Remote Denial of Service
04.36.7 - Trillian Client MSN Module Remote Buffer Overflow
04.36.8 - MailEnable Mail Exchange Record Denial of Service
-- Mac Os
04.36.9 - QuickTime Streaming Server Denial of Service
04.36.10 - Safari Cross-Domain Frame Loading Vulnerability
-- Linux
04.36.11 - mpg123 Remote Buffer Overflow
-- Solaris
04.36.12 - Solaris in.named Remote Denial of Service
-- Unix
04.36.13 - gnubiff Multiple Remote POP3 Protocol Vulnerabilities
-- Cross Platform
04.36.14 - Cosminexus Portal Framework Information Disclosure
04.36.15 - Call of Duty Remote Denial of Service
04.36.16 - Halo Game Server Remote Denial of Service
04.36.17 - OpenLDAP Ambiguous Password Attribute Weakness
04.36.18 - Opera Empty Embedded Object JavaScript Denial of Service
04.36.19 - Emdros Database Engine Denial of Service
-- Web Application
04.36.20 - Regulus Multiple Information Disclosure Vulnerabilities
04.36.21 - SiteCubed MailWorks Authentication Bypass
04.36.22 - PHPGroupWare Wiki Cross-Site Scripting
04.36.23 - phpMyBackupPro Input Validation Vulnerabilities
04.36.24 - Keene Digital Media Server Admin Authentication Bypass
04.36.25 - OpenCA HTML Injection Vulnerability
04.36.26 - Usermin HTML Email Script Code Command Execution
04.36.27 - Keene Digital Media Server Cross-Site Scripting
04.36.28 - PSnews No Parameter Cross-Site Scripting
04.36.29 - Site News Authentication Bypass Vulnerability
04.36.30 - Tutti Nova Multiple Unspecified Vulnerabilities
04.36.31 - BBS E-Market Professional Remote File Include Vulnerability
-- Network Device
04.36.32 - Dynalink RTA 230 ADSL Router Default Backdoor Account
-- Hardware
04.36.33 - Engenio Storage Controller Remote Denial of Service
************************** SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.
(1) Radware DefensePro secures networked applications against viruses,
malicious intrusions and Denial of Service at 3-Gbps
http://www.sans.org/info.php?id=579
(2) FREE white paper on Sarbanes-Oxley compliance from ScriptLogic:
Download today!
http://www.sans.org/info.php?id=580
(3) Top 10 reasons why network firewalls and IDS/IPS solutions do not
secure Web applications. Download Free Whitepaper.
http://www.sans.org/info.php?id=581
*************************************************************************
Featured Training program of the Week: SANS Cyber Defense Initiative CDI
is in two parts: CDI South in New Orleans November 1-4
(http://www.sans.org/cdisouth04) and CDI East in Washington, DC,
December 7-14 (http://www.sans.org/cdieast04)
New Orleans offers a whole new type of program that many people have
asked us to provide: 18 one and two day courses on issues shaping the
future of information security, from the newest hacker tools to changes
in legal issues surrounding security. Perfect for people who have taken
SANS courses and want updates and for people who just don't have time
to attend a full class. On the other hand, Washington offers 13 full
length immersion courses an a few short courses.
**************************************************************************
*************************************************************************
PART I Critical Vulnerabilities
Part I is compiled by the security team at TippingPoint
(www.tippingpoint.com) as a by-product of that company's continuous
effort to ensure that its intrusion prevention products effectively
block exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/
**************************
Widely Deployed Software
**************************
(1) MODERATE: Nullsoft Winamp ActiveX Buffer Overflow
Affected: Winamp, all versions
Description: The Winamp media player reportedly contains a buffer
overflow in its ActiveX control that can be triggered by passing a
specially crafted parameter to the control's "AppendFileToPlayList"
function. A malicious webpage or an email may possibly exploit this flaw
to execute arbitrary code on a client system. Proof-of-concept code has
been publicly posted.
Status: Vendor not confirmed, no patches available. A workaround would
be to set the "kill" bit for the Winamp ActiveX control.
Council Site Actions: The affected software is in use at three of the
reporting council sites. Two sites have notified their system support
staff of the problem. No other action is planned at this time since a
patch is not available. The third site is aware of users who have
installed the software, but since their central support staff does not
support the software, no action is planned.
References:
Exploit Code
http://www.securityfocus.com/bid/11107/exploit/
Setting the Kill Bit for ActiveX Controls
http://support.microsoft.com/default.aspx?kbid=240797
Winamp Homepage
http://www.winamp.com
SecurityFocus BID
http://www.securityfocus.com/bid/11107
***************************************************************************
(2) UPDATE: Apple Mac OS X Security Update
Affected:
Mac OS X version 10.2.8, 10.3.4, 10.3.5
Description: Apple has released a security update for multiple Mac OS X
client and server versions. The update fixes a number of vulnerabilities
in various software components including Kerberos, Apache and Lukemftpd
that may be exploited by remote attackers to execute arbitrary code. The
update also fixes vulnerabilities in the CoreFoundation component that
may be exploited locally to escalate privileges. The technical details
for many of the flaws have been posted previously on the security
mailing lists.
Council Site Actions: Three of the reporting council sites are using the
affected software. One site plans to deploy the patch/update after they
have resolved issues discovered during their patch regression testing.
They sited issues with hanging on initial reboot and Safari. The second
site notified their Mac support staff and the third site said that the
majority of their systems have already been patched through the Software
Update Facility.
References:
Apple Security Update
http://docs.info.apple.com/article.html?artnum=61798
Previous RISK Newsletter Postings
http://www.sans.org/newsletters/risk/vol3_26.php (Item #1)
http://www.sans.org/newsletters/risk/vol3_33.php (Item #5)
http://www.sans.org/newsletters/risk/vol3_21.php (Item #4)
http://www.sans.org/newsletters/risk/vol3_22.php (Item #1)
SecurityFocus BIDs
http://www.securityfocus.com/bid/10355
http://www.securityfocus.com/bid/10967
http://www.securityfocus.com/bid/11135
http://www.securityfocus.com/bid/11136
http://www.securityfocus.com/bid/11140
*******************
Other Software
*******************
(3) HIGH: SiteCubed MailWorksPro Authentication Bypass
Affected: MailWorksPro all versions
Description: MailWorksPro software is designed to handle large email
lists, and provides a web-based front end for its management. The
software contains a vulnerability that may be exploited to obtain an
unauthorized administrative access. The access can be obtained by simply
setting the "uid" and "auth" cookie variables in the login request.
Since the software is used for managing large mailing lists, it may be
a likely target for attack by spammers.
Status: Vendor confirmed, patch available. A workaround is to block
access to the MailWorksPro webserver from the Internet.
Council Site Actions: The affected software is not in production or
widespread use at any of the council sites. They reported that no action
was necessary.
References:
Posting by headpimp
http://www.securityfocus.com/archive/1/373960/2004-08-30/2004-09-05/0
Product Homepage
http://www.mailworkspro.com/
Vendor Homepage
http://www.sitecubed.com/
SecurityFocus BID
http://www.securityfocus.com/bid/11095
***************************************************************************
(4) MODERATE: Altnet Download Manager ActiveX Buffer Overflow
Affected: Altnet Download Manager versions 4.0.0.2 and 4.0.0.4
Description: Altnet Download Manager is designed to facilitate and
accelerate user downloads. The software is bundled with the widely
deployed peer-to-peer network applications like KaZaa and Grokster.
This download manager contains a stack-based buffer overflow in its
ActiveX control's "IsValidFile" function, which be triggered by a
specially crafted 'bstrFilepath' parameter. A malicious webpage or an
HTML email may exploit this vulnerability to execute arbitrary code on
a client system. The technical details have been publicly posted.
Status: Vendor confirmed, a new version can be downloaded from the
vendor's homepage at http://www.altnet.com.
Council Site Actions: The affected software is not in production or
supported use at any of the council sites; although several sites
reported a small user base. Because the software is not supported by
their IT departments, no action is planned.
References:
SecurityTracker Advisory
http://www.securitytracker.com/alerts/2004/Sep/1011155.html
Product Homepage
http://www.altnet.com/help/downloader.asp
SecurityFocus BID
http://www.securityfocus.com/bid/11101
***************************************************************************
(5) LOW: mpg123 MPEG Player Buffer Overflow
Affected: mpg123 version 0.59 r and 0.59s
Description: mpg123 is an mpeg audio player for Unix/Linux systems and
ships with a number of Linux flavors. The player can be configured as
the default helper application (for mp3 files) for the web browsers.
This player contains a buffer overflow in the "do_layer2()" function of
its mpeg decoder. The flaw can be exploited by a malicious mp3 file to
execute arbitrary code on a client system. The technical details
regarding the flaw have been posted.
Status: Vendor not confirmed, an unofficial patch is included in the
discoverer's posting.
Council Site Actions: The affected software is not in production or
supported use at any of the council sites. Although several sites
reported having a small user base; they do not plan any action.
References:
Posting by Davide Del Vecchio
http://www.securityfocus.com/archive/1/374433/2004-09-06/2004-09-12/0
Vendor Homepage
http://www.mpg123.de/
SecurityFocus BID
http://www.securityfocus.com/bid/11121
***************************************************************************
(6) LOW: Trillian MSN Messenger Buffer Overflow
Affected: Trillian version 0.74i
Description: Trillian is a widely used instant messenger client that can
interoperate with multiple messenger programs such as Yahoo!, MSN, ICQ
etc. The client contains a buffer overflow in its MSN module that can
be triggered by an overlong server response (over 4096 bytes). The flaw
can be exploited to execute arbitrary code on the client system.
However, to exploit this flaw, an attacker has to conduct a
man-in-the-middle attack, after a client establishes a connection with
the MSN server. The exploit code has been publicly posted.
Status: Vendor has been contacted, no patches available yet.
Council Site Actions: The affected software is not in production or
supported use at any of the council sites; although several sites
reported having a small user base. One did scan their network for the
backdoor on port 5555 to identify any impacted clients. Several other
sites notified their system support staff.
References:
Posting by Komrade (Contains Exploit Code)
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0211.html
Trillian Homepage
http://www.trillian.cc/
SecurityFocus BID
Not yet available.
***************************************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 36, 2004
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 3707 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
Summary of Updates and Vulnerabilities:
- ----------------------------------------
04.36.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: TYPSoft FTP Server Denial of Service
Description: TYPSoft FTP Server is an FTP server implemented for the
Windows platform. It is reported to be vulnerable to a remote denial
of service issue. This issue exists due to improper sanitization of
input. The vulnerability can be exploited by sending two successive
"RETR" commands in a row without downloading a file and then sending a
"QUIT" command. TYPSoft FTP versions 1.11 and prior are reported to be
vulnerable.
Ref: http://www.securityfocus.com/archive/1/373536
______________________________________________________________________
04.36.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: IMail Server Multiple Denial of Service
Description: Ipswitch IMail Server is an email server. IMail is
vulnerable to multiple denial of service vulnerabilities that will
crash the server. IMail version 8.13 fixes these issues.
Ref: http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES
______________________________________________________________________
04.36.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nullsoft Winamp ActiveX Control Remote Buffer Overflow
Description: The Winamp media player's ActiveX control is reportedly
vulnerable to a remote buffer overflow condition. This issue can be
exploited when a user visits a malicious web site that invokes this
control. All current versions of Winamp are reported to be
vulnerable.
Ref: http://www.securityfocus.com/bid/11107/
______________________________________________________________________
04.36.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ipswitch WhatsUp Gold Remote Buffer Overflow
Description: Ipswitch WhatsUp Gold is a network monitoring and
management application. It is reported to be vulnerable to a remote
buffer overflow issue. The issue exists due to improper sanitization
of notification instance names that are provided to the web interface.
Ipswitch WhatsUp Gold versions 7.04, 7.03, 7.0, 8.03 hotfix 1, 8.03,
8.01 and 8.0 are reported to be vulnerable.
Ref: http://www.ipswitch.com/support/WhatsUp/patch-upgrades.html
______________________________________________________________________
04.36.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ipswitch WhatsUp Gold prn.htm Denial of Service
Description: Ipswitch WhatsUp Gold is a network monitoring and
management application. It is reported to be vulnerable to denial of
service issue. The issue exists due to improper sanitization of HTTP
GET requests for the "prn.htm" page. Ipswitch WhatsUp Gold versions
7.0, 7.03, 7.04, 8.0, 8.01, 8.03 and 8.03 hotfix 1 are reported to be
vulnerable.
Ref: http://www.ipswitch.com/support/WhatsUp/patch-upgrades.html
______________________________________________________________________
04.36.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: eZ/eZphotoshare Remote Denial of Service
Description: eZphotoshare allows sharing of digital photos across a
network. It is reportedly vulnerable to a remote denial of service
condition when over 80 network connections are made simultaneously to
the server. This vulnerability is reported to affect eZ version 3.4.0
and eZphotoshare version 1.2.1.
Ref: http://www.securityfocus.com/bid/11129/
______________________________________________________________________
04.36.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Trillian Client MSN Module Remote Buffer Overflow
Description: Trillian is an instant messaging client that supports a
number of protocols. It is reportedly vulnerable to a remote buffer
overflow condition. This requires an attacker to execute a
man-in-the-middle attack posing as the MSN server to the client.
Trillian version 0.74i is reported to be vulnerable to this issue.
Ref: http://unsecure.altervista.org/security/trillian.htm
______________________________________________________________________
04.36.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: MailEnable Mail Exchange Record Denial of Service
Description: The MailEnable mail server is reportedly vulnerable to a
remote denial of service condition while processing certain mail
exchange records. This is due to faulty exception handling when a
large number of mail exchange records are passed to the server. All
current versions are reported to be vulnerable.
Ref: http://www.mailenable.com/hotfix/
______________________________________________________________________
04.36.9 CVE: CAN-2004-0825
Platform: Mac Os
Title: QuickTime Streaming Server Denial of Service
Description: Apple QuickTime streaming server allows for transmission
of multimedia content to remote clients. It is reported to be
vulnerable to a denial of service issue. The vulnerability can be
exploited by using a specific sequence of operations. Apple has
released patches to address the issue.
Ref: http://www.securityfocus.com/advisories/7148
______________________________________________________________________
04.36.10 CVE: CAN-2004-0720
Platform: Mac Os
Title: Safari Cross-Domain Frame Loading Vulnerability
Description: Apple Safari is vulnerable to a cross-domain frame
loading vulnerability. A web site that uses multiple frames can have
some of its frames replaced with content from a malicious site if the
malicious site is visited first.
Ref: http://www.securityfocus.com/advisories/7148
______________________________________________________________________
04.36.11 CVE: CAN-2004-0805
Platform: Linux
Title: mpg123 Remote Buffer Overflow
Description: mpg123 is an audio file player. It is reported to be
vulnerable to a buffer overflow issue. The issue exists due to
improper sanitization of MPEG 2 and 3 headers. mpg123 versions 0.59s
and 0.59r are reported to be vulnerable.
Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0058.html
______________________________________________________________________
04.36.12 CVE: Not Available
Platform: Solaris
Title: Solaris in.named Remote Denial of Service
Description: The Solaris operating system ships with a customized
implementation of the BIND DNS server. Insufficient sanitization of
specially crafted dynamic updates crashes the service. Only Solaris 8
is affected. Solaris 7 and 9 are not vulnerable.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57614-1
______________________________________________________________________
04.36.13 CVE: Not Available
Platform: Unix
Title: gnubiff Multiple Remote POP3 Protocol Vulnerabilities
Description: gnubiff is an email notification application. It is
reportedly vulnerable to multiple security issues in the POP3 protocol
functionality. These include a buffer overflow and denial of service
conditions. Versions prior to 2.0 are reported to be vulnerable.
Ref: http://gnubiff.sourceforge.net/changelog.php
______________________________________________________________________
04.36.14 CVE: Not Available
Platform: Cross Platform
Title: Cosminexus Portal Framework Information Disclosure
Description: Cosminexus Portal Framework is a framework for creating
enterprise web portal systems. An information disclosure issue
presents itself when a Java portlet utilizes the "<ut:cache>" tag
library. It may be possible for contents of cache objects to be
replaced by the contents of other cache objects allowing sensitive
information to be sent to a different user than intended. Hitachi has
released various patches for Windows, AIX, HP-UX and Solaris.
Ref: http://www.hitachi-support.com/security_e/vuls_e/HS04-006_e/index-e.html
______________________________________________________________________
04.36.15 CVE: Not Available
Platform: Cross Platform
Title: Call of Duty Remote Denial of Service
Description: Call of Duty is a game with network gaming capabilities.
It is reported to be vulnerable to a denial of service issue. The
vulnerability can be exploited by sending a query or response larger
than 1024 bytes to the target. Activision Call of Duty version 1.4 is
reported to be vulnerable.
Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0055.html
______________________________________________________________________
04.36.16 CVE: Not Available
Platform: Cross Platform
Title: Halo Game Server Remote Denial of Service
Description: Halo Combat Evolved is a computer game that allows
network play. The game server is reportedly vulnerable to a remote
denial of service condition when handling certain specially crafted
input from a game client. This will crash the game server denying
service to legitimate clients. Versions 1.04 and prior are reported to
be vulnerable.
Ref: http://aluigi.altervista.org/adv/haloboom-adv.txt
______________________________________________________________________
04.36.17 CVE: CAN-2004-0823
Platform: Cross Platform
Title: OpenLDAP Ambiguous Password Attribute Weakness
Description: OpenLDAP is an open source implementation of the LDAP
protocol. It is reported to be vulnerable to an ambiguous password
attribute weakness. Under certain conditions, an attacker could
authenticate to the application using the password hash instead of the
password itself. This can be obtained by sniffing the network traffic
or from the database. Currently OpenLDAP 2.1.19 and prior are reported
to be vulnerable.
Ref: http://www.securityfocus.com/advisories/7148
______________________________________________________________________
04.36.18 CVE: Not Available
Platform: Cross Platform
Title: Opera Empty Embedded Object JavaScript Denial of Service
Description: Opera is a web browser. Creating an embedded "CCCC"
object with an empty "src" tag, and then referencing the "text"
attribute of the object may cause Opera to crash. Opera versions 7.23
and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/373854
______________________________________________________________________
04.36.19 CVE: Not Available
Platform: Cross Platform
Title: Emdros Database Engine Denial of Service
Description: Emdros is a text database engine for analyzed or
annotated text. Failure to correctly free allocated memory in the
"mql" process while handling "CREATE OBJECT TYPE" and "UPDATE OBJECT
TYPE" statements subsequently leads to a denial of service condition.
Emdros versions 1.1.20 and earlier are affected.
Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=981660&group_id=37219&atid=419458
______________________________________________________________________
04.36.20 CVE: Not Available
Platform: Web Application
Title: Regulus Multiple Information Disclosure Vulnerabilities
Description: SAFE TEAM Regulus is web based accounting software used
by Internet Service Providers to monitor Remote Authentication Dial-In
User Service (RADIUS). A remote attacker can retrieve password hashes
from the application. All current versions of SAFE TEAM Regulus are
affected.
Ref: http://www.aosp.net/regulus.htm
______________________________________________________________________
04.36.21 CVE: Not Available
Platform: Web Application
Title: SiteCubed MailWorks Authentication Bypass
Description: SiteCubed MailWorks Professional is mailing list
management software. By sending cookie data containing "auth=1;
uId=1", an attacker can bypass the authentication checks and become
the user with an ID of 1 giving him administrative access to the web
application. All current versions of SiteCubed MailWorks are
affected.
Ref: http://www.securityfocus.com/archive/1/374118
______________________________________________________________________
04.36.22 CVE: Not Available
Platform: Web Application
Title: PHPGroupWare Wiki Cross-Site Scripting
Description: PHPGroupWare is a web based groupware system. Due to
insufficient sanitization of user supplied data of the
"transforms.php" script, PHPGroupWare is vulnerable to a cross-site
scripting attack. PHPGroupWare versions 0.9.16.003 and earlier are
known to be vulnerable.
Ref: http://downloads.phpgroupware.org/changelog
______________________________________________________________________
04.36.23 CVE: Not Available
Platform: Web Application
Title: phpMyBackupPro Input Validation Vulnerabilities
Description: phpMyBackupPro is a web-based MySQL backup application.
It is reported to be vulnerable to multiple unspecified input
validation issues. These issues exist due to insufficient sanitization
of some configuration entries and MySQL username and password values.
phpMyBackupPro versions 0.6.2 and prior are reported to be
vulnerable.
Ref: http://www2.fht-esslingen.de/~dirait00/
______________________________________________________________________
04.36.24 CVE: Not Available
Platform: Web Application
Title: Keene Digital Media Server Admin Authentication Bypass
Description: Keene Digital Media Server is a web-based file sharing
application. It is reportedly vulnerable to an authentication bypass
issue that allows unauthenticated remote users to access
administrative web pages. Keene Digital Media Server version 1.0.2 was
reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/11112/
______________________________________________________________________
04.36.25 CVE: CAN-2004-0787
Platform: Web Application
Title: OpenCA HTML Injection Vulnerability
Description: OpenCA is an open source Certificate Authority suite. It
is reportedly vulnerable to an HTML injection issue. The issue exists
due to an insufficient user-input validation in the OpenCA PKI
software. All current versions of the suite are reported to be
vulnerable.
Ref: http://www.securityfocus.com/archive/1/374329
______________________________________________________________________
04.36.26 CVE: Not Available
Platform: Web Application
Title: Usermin HTML Email Script Code Command Execution
Description: Usermin is a web-based user interface designed to allow
users to access email and configure various user settings. Usermin is
vulnerable to a script code execution vulnerability when rendering
HTML email messages. This is due to insufficient sanitization of the
email message. Usermin versions 1.080 and earlier are known to be
vulnerable.
Ref: http://www.securityfocus.com/archive/1/374439
______________________________________________________________________
04.36.27 CVE: Not Available
Platform: Web Application
Title: Keene Digital Media Server Cross-Site Scripting
Description: Keene Digital Media Server is a web application used to
facilitate the sharing of media files. Keene Digital Media Server is
vulnerable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied data in multiple fields. Keene Digital
Media Server 1.0.2 is known to be vulnerable.
Ref: http://www.securityfocus.com/bid/11111
______________________________________________________________________
04.36.28 CVE: Not Available
Platform: Web Application
Title: PSnews No Parameter Cross-Site Scripting
Description: PSnews is a web-based content management system. It is
reported vulnerable to a cross-site scripting issue. The issue exists
due to insufficient user supplied data sanitization in the "no"
parameter of the "show_all" and "add_kom" functions. PSnews version
1.1 is known to be vulnerable.
Ref: http://www.securityfocus.com/archive/1/374773
______________________________________________________________________
04.36.29 CVE: Not Available
Platform: Web Application
Title: Site News Authentication Bypass Vulnerability
Description: UtilMind Solutions Site News is a PERL CGI script that
allows news items to be added to third party web sites. It is reported
to be vulnerable to an authentication bypass issue. The issue exists
due to improper sanitization of user-supplied input to the
"sitenews.cgi" script. UtilMind Solutions Site News version 1.1 is
reported to be vulnerable.
Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0057.html
______________________________________________________________________
04.36.30 CVE: Not Available
Platform: Web Application
Title: Tutti Nova Multiple Unspecified Vulnerabilities
Description: Tutti Nova is a web-news management application. Tutti
Nova is vulnerable to multiple security issues that are unspecified
for the moment. Tutti Nova version 1.0 is known to fix these issues.
Ref: http://secunia.com/advisories/12467/
______________________________________________________________________
04.36.31 CVE: Not Available
Platform: Web Application
Title: BBS E-Market Professional Remote File Include Vulnerability
Description: BBS E-Market Professional is a web-based e-commerce
application implemented in PHP. It is reported to be vulnerable to a
remote file include issue. The issue exists due to improper
sanitization of user-supplied input to the "pageurl" parameter of the
"index.php" script.
Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0078.html
______________________________________________________________________
04.36.32 CVE: Not Available
Platform: Network Device
Title: Dynalink RTA 230 ADSL Router Default Backdoor Account
Description: The Dynalink RTA 230 ADSL router is a broadband router.
It is reported to be vulnerable to a default backdoor account issue
with the "userNotUsed" username and "userNotU" password.
Ref: http://archives.neohapsis.com/archives/bugtraq/2004-09/0033.html
______________________________________________________________________
04.36.33 CVE: Not Available
Platform: Hardware
Title: Engenio Storage Controller Remote Denial of Service
Description: Engenio provides various SATA and fiber channel OEM disk
storage systems. Insufficient sanitization of specially crafted TCP
packets exposes a denial of service condition in the storage
controllers. Affected hardware includes Storagetek D280 and IBM
DS4100. Other devices using a similar controller may be affected.
Ref: http://www.securityfocus.com/archive/1/374246
______________________________________________________________________
(c) 2004. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.
==end==
Subscriptions: RISK is distributed free of charge to people
responsible for managing and securing information systems and networks.
You may forward this newsletter to others with such responsibility
inside or outside your organization.
To subscribe, at no cost, go to https://portal.sans.org where you may
also request subscriptions to any of SANS other free newsletters.
To change your subscription, address, or other information, visit
http://portal.sans.org
Copyright 2004. All rights reserved. No posting or reuse allowed,
other that listed above, without prior written permission.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFBRPwV+LUG5KFpTkYRAtYZAKCWFe6FQtKGoWfL7PFZRG2sY0lVAQCeIIbu
0wky65M1owrWMY4g3tguxyw=
=NixD
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]