Mailinglist Archive
| [Fwd: Weekly Vulnerability Summary - Jul 19 2004]
|
| From: | Joe Klemmer |
| Date: | Mon, 19 Jul 2004 10:02:38 -0400
|
-----Forwarded Message-----
From: SecurityTracker
To: SECURITYTRACKER-WEEKLY-ALL@PEACH.EASE.LSOFT.COM
Subject: Weekly Vulnerability Summary - Jul 19 2004
Date: Mon, 19 Jul 2004 04:10:05 -0400
SecurityTracker Monday Morning Vulnerability Summary - Jul 19 2004
http://www.securitytracker.com
Attend the Black Hat Briefings & Training USA, July 24-29, 2004 in
Las Vegas. World-renowned security experts reveal tomorrow's threats
today. Free of vendor sales pitches, the Briefings are designed to
be pragmatic regardless of your security environment. Featuring
30 hands-on training courses and 10 conference tracks.
http://www.blackhat.com
------------------------------------------------------------
If you run a web site and would like to publish SecurityTracker
vulnerability headlines on your web site for free, then join our
Affiliate Program: http://www.securitytracker.com/learn/affiliate.html
Subscriptions to this newsletter are available for free. Just visit
our web site to sign up:
http://www.securitytracker.com/signup/signup_now.html
As always, if you discover a bug, let us know by e-mail at:
bugs@securitytracker.com
------------------------------------------------------------------------
In This Week's SecurityTracker Vulnerability Summary
SecurityTracker Alerts: 32
Vendors: 4D, Inc. - adaimgsvr.sourceforge.net - Adobe
Systems Incorporated - Apache Software Foundation - Bannon
Group, LLC - Code-Crafters - GeeOS Team - HP (Compaq) - INweb
ApS - kernel.org - Microsoft - Modssl.org - moodle.org -
Mozilla.org - Novell - PHP Group - phpBB Group - Phpnuke.org
- PureFTPd.org - shorewall.net - Valve Software
Products: 4D WebSTAR - Ability Mail Server - Adobe Acrobat -
Apache - Board Power - BorderManager - Bugzilla - DCE -
Gattaca Server - Half-Life - ImgSvr - INweb Mail Server -
Linux Kernel - Microsoft HTML Help - Microsoft Internet
Explorer (IE) - Microsoft Internet Information Server (IIS)
Web Server - Microsoft POSIX Subsystem - Microsoft SMS -
Microsoft Task Scheduler - Mod_ssl - Moodle - Mozilla Browser
- Php - PHP-Nuke - phpBB - PureFTPd - Shorewall - Windows
Accessibility Utility Manager
Headlines:
1. PHP-Nuke Input Validation Hole in 'instory' in
Search Module Lets Remote Users Inject SQL Commands
2. phpBB Input Validation Holes in 'index.php' and
'lang_faq.php' Let Remote Users Conduct Cross-Site Scripting
Attacks
3. mod_ssl Format String Error in 'ssl_engine_ext' May
Let Remote Users Execute Arbitrary Code
4. Mozilla Certificate Management Bug Lets Remote
Users Cause Invalid Root CA Certificates to Be Silently
Imported
5. Microsoft Systems Management Server (SMS) Client
Can Be Crashed By Remote Users
6. Board Power Input Validation Hole in 'icq.cgi' Lets
Remote Users Conduct Cross-Site Scripting Attacks
7. Gattaca Server Multiple Input Validation Bugs Let
Remote Users Deny Service, Determine System Information, and
Conduct Cross-Site Scripting Attacks
8. Novell BorderManager 'IKE.NLM' VPN Module Can Be
Crashed By Remote Users
9. PureFTPd Logic Bug in accept_client() Lets Remote
Users Crash the FTP Daemon
10. Linux Kernel 'eql.c' Device Driver Error Lets
Local Users Crash the System
11. PHP strip_tags() Can Be Bypassed By Remote Users
With Tags Containing '\0'
12. PHP 'memory_limit' Abort Feature Error May Let
Remote Users Execute Arbitrary Code
13. Moodle Input Validation Bug in 'help.php' File
Parameter Lets Remote Users Conduct Cross-Site Scripting
Attacks
14. 4D WebSTAR Grants Access to Remote Users and
Elevated Privileges to Local Users
15. Microsoft Internet Explorer 'shell:' Protocol
Lets Remote Users Execute Arbitrary Scripting Code in the
Local Zone
16. Microsoft IIS 4.0 Buffer Overflow in Redirect
Function Lets Remote Users Execute Arbitrary Code
17. Microsoft HTML Help Input Validation Error Lets
Remote Users Execute Arbitrary Code
18. Microsoft Windows Task Scheduler Buffer Overflow
Lets Remote Users Execute Arbitrary Code
19. Microsoft Windows 2000/NT POSIX Subsystem Buffer
Overflow Lets Local Users Gain Elevated Privileges
20. Microsoft Utility Manager Permits Local
Applications to Run With Elevated Privileges
21. Shorewall Uses Unsafe Temporary Files That May
Allow a Local User to Gain Elevated Privileges
22. HP OpenVMS DCE Buffer Overflow May Let Remote
Users Execute Arbitrary Code
23. Microsoft Internet Explorer Same Name Javascript
Bug Lets Remote Users Execute Arbitrary Javascript in the
Domain of an Arbitrary Site
24. Bugzilla Has Several Bugs, Permitting Privilege
Escalation, SQL Injection, and Cross-Site Scripting Attacks
25. INweb Mail Lets Remote Users Deny Service By
Multiple Connections in Rapid Succession
26. Microsoft Internet Explorer Access Control Flaw
in popup.show() Lets Remote Users Execute Mouse-Click Actions
27. Half-Life Game Server and Client Can Be Crashed
With Specially Crafted Packet Spliting Data
28. Ada ImgSvr Discloses Files to Remote Users and
May Execute Arbitrary Code
29. Adobe Acrobat Reader Buffer Overflow in Parsing
Filenames Lets Remote Users Execute Arbitrary Code
30. Apache Can Be Crashed By PHP Code Invoking Nested
Remote Sockets
31. Microsoft Internet Explorer Can Be Crashed By
Remote Users With Large Text Files
32. Ability Mail Server Lets Remote Users Deny
Service and Conduct Cross-Site Scripting Attacks
------------------------------------------------------------------------
Your SecurityTracker Vulnerability Alerts
1. PHP-Nuke
Vendor: Phpnuke.org
Several vulnerabilities were reported in PHP-Nuke. A remote
user can inject SQL commands. A remote user can also conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2004/Jul/1010722.html
2. phpBB
Vendor: phpBB Group
Some vulnerabilities were reported in phpBB. A remote user can
determine the installation path. A remote user can also conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2004/Jul/1010721.html
3. Mod_ssl
Vendor: Modssl.org
A format string vulnerability was reported in mod_ssl. In
certain cases where Apache mod_proxy is also used, a remote user
may be able to cause arbitrary code to be executed on the target
user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010717.html
4. Mozilla Browser
Vendor: Mozilla.org
A denial of service vulnerability was reported in Mozilla in
the importing of certificates. A remote user can cause an invalid
root certificate to be silently imported, causing denial of service
conditions for SSL-based connections.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010714.html
5. Microsoft SMS
Vendor: Microsoft
A vulnerability was reported in the Microsoft Systems
Management Server (SMS) client software. A remote user can cause
denial of service conditions
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010713.html
6. Board Power
Vendor: Bannon Group, LLC
An input validation vulnerability was reported in Board Power.
A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2004/Jul/1010708.html
7. Gattaca Server
Vendor: GeeOS Team
Several vulnerabilities were reported in Gattaca Server 2003.
A remote user can cause the server to crash. A remote user can
also determine the installation path and the web root directory. A
remote user can conduct cross-site scripting attacks.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010703.html
8. BorderManager
Vendor: Novell
A denial of service vulnerability was reported in Novell
BorderManager in the processing of VPN packets. A remote user can
cause the target VPN service to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010702.html
9. PureFTPd
Vendor: PureFTPd.org
A denial of service vulnerability was reported in PureFTPd. A
remote user can cause the FTP service to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010701.html
10. Linux Kernel
Vendor: kernel.org
A denial of service vulnerability was reported in the Linux
kernel in the equalizer load-balancer for serial network
interfaces. A local user can cause the system to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2004/Jul/1010700.html
11. Php
Vendor: PHP Group
A vulnerability was reported in PHP in the strip_tags()
function. A remote user may be able to bypass the function to
inject arbitrary tags when certain web browsers are used.
Impact: Modification of user information
Alert: http://securitytracker.com/alerts/2004/Jul/1010699.html
12. Php
Vendor: PHP Group
A vulnerability was reported in PHP when compliled and running
with 'memory_limit' enabled. A remote user may be able to execute
arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010698.html
13. Moodle
Vendor: moodle.org
An input validation vulnerability was reported in Moodle in
'help.php', affecting the 'file' parameter. A remote user can
conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2004/Jul/1010697.html
14. 4D WebSTAR
Vendor: 4D, Inc.
Several vulnerabilities were reported in 4D WebSTAR. A remote
user can gain root privileges. A remote user can view certain
directories and files on the target system. A local user can gain
root privileges.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2004/Jul/1010696.html
15. Microsoft Internet Explorer (IE)
Vendor: Microsoft
A cross-zone scripting vulnerability was reported in Microsoft
Internet Explorer (IE). A remote user can execute arbitrary code
on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010693.html
16. Microsoft Internet Information Server (IIS) Web Server
Vendor: Microsoft
A buffer overflow vulnerability was reported in Microsoft
Internet Information Server (IIS) 4.0. A remote user can execute
arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010692.html
17. Microsoft HTML Help
Vendor: Microsoft
A vulnerability was reported in the Microsoft HTML Help. A
remote user may be able to execute arbitrary code on the target
user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010690.html
18. Microsoft Task Scheduler
Vendor: Microsoft
A vulnerability was reported in the Microsoft Windows Task
Scheduler. A reomte user can execute arbitrary code on the target
system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010688.html
19. Microsoft POSIX Subsystem
Vendor: Microsoft
A vulnerability was reported in the Portable Operating System
Interface for UNIX (POSIX) subsystem in Microsoft Windows 2000 and
NT 4.0. A local user can gain elevated privileges on the target
system.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2004/Jul/1010687.html
20. Windows Accessibility Utility Manager
Vendor: Microsoft
A vulnerability was reported in the Microsoft Windows 2000
Utility Manager. A local user can gain elevated privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2004/Jul/1010686.html
21. Shorewall
Vendor: shorewall.net
A vulnerability was reported in Shorewall in the processing of
temporary files and directories. A local user may be able to gain
elevated privileges.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2004/Jul/1010685.html
22. DCE
Vendor: HP (Compaq)
A buffer overflow vulnerability was reported in DCE for HP
OpenVMS. A remote user may be able to cause denial of service
conditions or execute arbitrary code.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010684.html
23. Microsoft Internet Explorer (IE)
Vendor: Microsoft
A cross-domain scripting vulnerability was reported in
Microsoft Internet Explorer (IE). A remote user can cause
arbitrary scripting code to run in the security domain of an
arbitrary site.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2004/Jul/1010683.html
24. Bugzilla
Vendor: Mozilla.org
Several vulnerabilities were reported in Bugzilla. A remote
authenticated privileged user can inject SQL commands or assign
membership to other groups. A remote user may be able to see the
names of "hidden" products. A remote user can conduct cross-site
scripting attacks and may be able to view the database password in
certain cases.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2004/Jul/1010681.html
25. INweb Mail Server
Vendor: INweb ApS
A vulnerability was reported in the INweb Mail Server. A
remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010680.html
26. Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer in
popup.show(). A remote user can take arbitrary mouse-based actions
on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010679.html
27. Half-Life
Vendor: Valve Software
Luigi Auriemma reported a vulnerability in Sierra's Half-Life
engine. A remote user can cause the game to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010678.html
28. ImgSvr
Vendor: adaimgsvr.sourceforge.net
Several vulnerabilities were reported in the Ada ImgSvr. A
remote user can view files on the target system. A remote user may
be able to execute arbitrary code on the target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2004/Jul/1010677.html
29. Adobe Acrobat
Vendor: Adobe Systems Incorporated
iDEFENSE reported a buffer overflow vulnerability in Adobe
Acrobat Reader. A remote user can execute arbitrary code on the
target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010676.html
30. Apache
Vendor: Apache Software Foundation
Paul Brereton reported a denial of service vulnerability in the
Apache web server when running with PHP. A local user can cause
denial of service conditions on the web server.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010674.html
31. Microsoft Internet Explorer (IE)
Vendor: Microsoft
Paul Kurczaba reported a denial of service vulnerability in
Microsoft Internet Explorer (IE). A remote user can create HTML
that, when loaded by the target user, will cause the target user's
browser to
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010673.html
32. Ability Mail Server
Vendor: Code-Crafters
Some vulnerabilities were reported in the Ability Mail Server.
A remote user can conduct cross-site scripting attacks. A remote
user can also cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jul/1010672.html
------------------------------------------------------------------------
To join, delete, or otherwise change your subscription, visit:
http://www.securitytracker.com/help/accounts.html
To contact us, send e-mail to help@securitytracker.com
(mailto:help@securitytracker.com)
If you need to refer to this weekly vulnerability summary when you
mail us, please provide us with following SecurityTracker message ID:
Keep Track of the Latest Vulnerabilities with SecurityTracker!
http://www.securitytracker.com
copyright 2004, SecurityGlobal.net LLC
See disclaimer notice at:
http://www.securitytracker.com/learn/disclaimer.html
------------------------------------------------------------------------
--
Joe Klemmer
Unix System/Network Administrator & Ad Hoc Programmer