>
> *************************
> Widely Deployed Software
> *************************
> - ----------------------------------------------------------------
>
> (2) MODERATE: Multiple MySQL Remote Code Execution and Information
> Disclosure Vulnerabilities
> Affected:
> MySQL version 4.1.x prior to 4.1.19
> MySQL version 5.0.x prior to 5.0.21
> MySQL version 5.1.x prior to 5.1.10
>
> Description: MySQL database server suffers from a buffer overflow and
> information disclosure vulnerabilities. The server contains a buffer
> overflow that can be triggered by specially crafted "COM_TABLE_DUMP"
> packets (used to dump database tables). An authenticated
> MySQL user can
> exploit this flaw to execute arbitrary code on the database server.
> Additionally, by sending specially-crafted "login" and
> "COM_TABLE_DUMP"
> requests to a MySQL process, an attacker could cause portions of the
> memory to be returned in the resulting error messages. This
> information
> can then be used in constructing exploit code.
> Proof-of-concept exploit
> for the "COM_TABLE_DUMP" flaw has been posted. Note that an
> unauthenticated attacker can exploit the vulnerabilities via any SQL
> injection flaws in a front-end web application.
>
> Status: Vendor confirmed, patches available. Upgrade to MySQL versions
> 4.1.19, 5.0.21 and 5.1.10 (when available). Use firewalls to
> block port
> 3306/tcp from the Internet.
>
> Council Site Actions: One site has already updated its non-RedHat
> systems and is waiting on patches for the RedHat platforms. Another
> site is treating this as a very low threat since only a small
> number of
> important machines are running the affected software; no account can
> access the daemon over the network, and the total number of
> accounts is
> very small. They will most likely update these systems within the next
> month.
>
> References:
> MySQL Advisory
>
>
>
> CERT Advisory
>
> Posting by Stefano
>
>
> SecurityFocus BID
>
> - ----------------------------------------------------------------
>
> (3) MODERATE: Multiple LibTIFF Buffer Vulnerabilities
> Affected:
> LibTIFF versions prior to 3.8.1
>
> Description: The libtiff library provides various functions
> to store and
> read the Tag Image File Format (TIFF), a popularly used image file
> format. This library is used on Linux by GNOME and KDE
> applications, the
> Mozilla and Mozilla Firefox web browsers, the xv image manipulation
> program, and other popular applications. The library contains multiple
> buffer overflows that were discovered by supplying "fuzzed"
> TIFF images.
> A malicious image in a webpage or an HTML email may exploit the flaws
> to potentially execute arbitrary code on a Linux/Unix client. The
> technical details required to leverage the flaws have been posted.
>
> Status: Upgrade to version 3.8.1. Linux vendors like RedHat have also
> released patched versions.
>
> Council Site Actions: Two of the reporting council sites are using the
> affected software. They plan to push out the patches during
> their next
> regularly scheduled system update cycle.
>
> References:
> Vendor Advisory
>
>
>
> TIFF Image Format
>
> SecurityFocus BIDs
>
>
>
>
> - ----------------------------------------------------------------
>
> (4) MODERATE: Mozilla Firefox "designMode" Denial of Service
> Affected:
> Firefox versions prior to 1.5.0.3
>
> Description: Mozilla Firefox contains a DoS vulnerability that arises
> from the failure to properly parse certain JavaScript constructs. A
> specially-crafted web page can inject malicious code into a user's
> browser session, and potentially execute the code with the privileges
> of the logged-on user (not confirmed). The vulnerability is triggered
> when certain deleted objects are re-referenced while the "designMode"
> property is set. The "designMode" property is used for
> features such as
> building rich text editor in a webpage. The proof-of-concept
> exploit is
> included in the Mozilla Bugzilla.
>
> Status: Upgrade to version 1.5.0.3. Ensure that the
> "autoupdate" feature
> is enabled in the "Tools->Options->Advanced" configuration section.
>
> Council Site Actions: Most of the council sites are using Firefox, but
> it is not supported by their central IT departments. However, most of
> the users have Auto Update turned on and expect the users to
> be updated
> in due time.
>
> References:
> Mozilla Advisory
>
>
> SecurityFocus BID
>
>
> **************************************************************
> ***********
>
> (5) MODERATE: X11 XRender Extension Buffer Overflow
> Affected:
> All versions of X11R6 and X11R7 when using the XRender extension
>
> Description: X11, the package deployed on most Linux and BSD
> installations, contains a buffer overflow vulnerability in its XRender
> extension (installed and enabled by default on most systems). The
> XRender extension is used to perform complex graphical compositing and
> manipulation. This flaw allows authenticated users to execute
> code with
> the privileges of the X server user, typically root. Note that it may
> be possible to execute this vulnerability remotely using remote X
> display primitives, but this would still require user authentication.
> The technical details required to leverage the flaw are publicly
> available.
>
> Note that although this is a privilege escalation vulnerability (not
> typically included in the @RISK); owing to the widespread distribution
> of the X11 package an exception has been made in this case.
>
> Status: X.Org has published patches. Various Linux vendors are working
> on releasing their own patches. A workaround is to disable to
> "XRender"
> extension by adding the following lines to xorg.conf file:
>
> Section "Extensions"
> Option "RENDER" "disable"
> EndSection
>
> References:
> X.Org Security Advisory
>
>
> x-CAN-2006-1526.patch
>
> .0-mitri.diff
>
> .0-mitri.diff
> Technical Details
>
> SecurityFocus BID
>
>
> *********************************************************************
>
> 06.18.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft May Advance Notification Multiple Vulnerabilities
> Description: Microsoft has released advance notification that they
> will be releasing three security bulletins for Windows on May 9, 2006.
> The highest severity rating for these issues is Critical.
>
> - - One bulletin for Microsoft Exchange. The highest severity
> rating for
> this issue is Critical.
> - - Two bulletins for Microsoft Windows. The highest severity
> rating for
> these issues is Critical.
> Ref:
> ______________________________________________________________________
>
> 06.18.2 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Unspecified OBJECT Tag Memory Corruption
> Description: Microsoft Internet Explorer is prone to an unspecified
> memory corruption issue which can be exploited via a malicious web
> page to potentially execute arbitrary code in the context of the
> current user. Please see the attached advisory for details.
> Ref:
> ______________________________________________________________________
>
>
> 06.18.13 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: UltraVNC Weak Challenge-Response Authentication
> Description: UltraVNC is susceptible to a weak challenge-response
> authentication vulnerability. This issue is due to the use of insecure
> encryption during the authentication process of UltraVNC when
> configured to utilize the Microsoft Logon authentication mechanism.
> UltraVNC version 1.0.1 is vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.18.19 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel SMBFS CHRoot Security Restriction Bypass
> Description: The Linux Kernel is prone to a security restriction
> bypass vulnerability affecting the chroot implementation. A local
> attacker who is bounded by the chroot can bypass the filesystem
> security restriction through use of directory traversal strings such
> as "../". Please see the referenced advisory for details.
> Ref:
> ______________________________________________________________________
>
> 06.18.20 CVE: CVE-2006-1863
> Platform: Linux
> Title: Linux Kernel CIFS CHRoot Security Restriction Bypass
> Description: The Linux Kernel is prone to a security restriction
> bypass vulnerability affecting the chroot implementation. This issue
> is due to a failure in the kernel to properly sanitize user-supplied
> data. The problem affects chroot inside of a smb-mounted filesystem
> (cifs). A local attacker who is bounded by the chroot can exploit this
> issue to bypass the chroot restriction and gain unauthorized access to
> the filesystem. An attacker can bypass the filesystem security
> restriction through use of directory traversal strings.
> Ref:
> ______________________________________________________________________
>
> 06.18.21 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel SCTP-netfilter Remote Denial of Service
> Description: The Linux kernel netfilter module is susceptible to a
> remote denial of service vulnerability. This issue is triggered when
> excessive kernel memory is consumed in an infinite loop. This problem
> stems from a memory leak in the kernel's "SCTP-netfilter" code. Kernel
> versions prior to 2.6.16.13 are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.18.22 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel SELinux_PTrace Local Denial of Service
> Description: The Linux kernel is vulnerable to a local denial of
> service issue due to a design error when SELinux is enabled and ptrace
> is utilized. The Linux kernel versions 2.6.16.13 and earlier are
> vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.18.23 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel RNDIS_Query_Response Remote Buffer Overflow
> Description: The Linux kernel contains support for running as a USB
> slave which enables Linux to run in embedded USB peripheral devices.
> It is prone to a remote buffer-overflow issue due to a failure of the
> kernel to properly bounds check user-supplied data in the
> "rndis_query_response()" function. Linux kernel versions in the
> version 2.6 series prior to 2.6.16 are affected.
> Ref:
> ______________________________________________________________________
>
> 06.18.24 CVE: Not Available
> Platform: Linux
> Title: Linux-VServer Local Insecure Guest Context Capabilities
> Description: The Linux-VServer project implements virtual servers for
> the Linux operating system. It is susceptible to a vulnerability
> regarding insecure guest context capabilities. The kernel fails to
> properly enforce security restrictions in guest hosts. This issue
> allows unprivileged users in guest hosts to perform various operations
> that should be restricted to superusers.
> Ref:
> ______________________________________________________________________
>
> 06.18.25 CVE: CVE-2006-1526
> Platform: Unix
> Title: X.Org XRender Extension Buffer Overflow
> Description: The X.Org X Windows System is a Windows server. It is
> prone to a buffer overflow vulnerability in the render extension.
> Visit the referenced advisory for details.
> Ref:
> ______________________________________________________________________
>
> 06.18.27 CVE: Not Available
> Platform: Cross Platform
> Title: LibTiff Multiple Denial of Service Vulnerabilities
> Description: LibTIFF is a library designed to facilitate the reading
> and manipulation of Tag Image File Format (TIFF) files. LibTIFF is
> affected by multiple denial of service issues. Please read the
> attached advisory for details.
> Ref:
> ______________________________________________________________________
>
> 06.18.28 CVE: CVE-2006-2025
> Platform: Cross Platform
> Title: LibTiff TIFFFetchData Integer Overflow
> Description: LibTIFF is a library designed to facilitate the reading
> and manipulation of Tag Image File Format (TIFF) files. Applications
> utilizing the LibTIFF library are prone to an integer overflow
> vulnerability. This issue occurs in the "TIFFFetchData()" function of
> "tif_dirread.c".
> Ref:
> ______________________________________________________________________
>
> 06.18.29 CVE: CVE-2006-2026
> Platform: Cross Platform
> Title: LibTIFF Double Free Memory Corruption Vulnerability
> Description: LibTIFF is a library designed to read and manipulate Tag
> Image File Format (TIFF) files. It is vulnerable to a memory
> corruption issue due to the cleanup functions of "tif_jpeg.c",
> "tif_pixarlog.c", "tif_fax3.c", and "tif_zip.c". LibTIFF version 3.8.1
> or later resolves the issue.
> Ref:
> ______________________________________________________________________
>
> 06.18.33 CVE: CVE-2006-1989
> Platform: Cross Platform
> Title: Clam AntiVirus FreshClam Remote Buffer Overflow
> Description: ClamAV is an antivirus application. It is vulnerable to a
> remote buffer overflow issue due to insufficient handling of large
> amount of bytes in the HTTP response header while attempting to
> retrieve updated signatures. ClamAV versions 0.88 and 0.88.1 are
> vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.18.34 CVE: Not Available
> Platform: Cross Platform
> Title: MySQL Remote Information Disclosure and Buffer Overflow
> Vulnerabilities
> Description: MySQL is an open source relational database project. It
> is vulnerable to multiple remote issues such as buffer overflow and
> information disclosure. See the reference for futher details. MySQL
> versions 5.1.9 and earlier are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.18.35 CVE: Not Available
> Platform: Cross Platform
> Title: rsync Receive_XATTR Integer Overflow Vulnerability
> Description: The rsync utility is used to synchronize files and
> directory structures across a network. Insufficient sanitization of
> the "name_len" and "datum_len" values exposes the application to an
> integer overflow issue. rsync versions prior to 2.6.8 are affected.
> Ref:
> ______________________________________________________________________
>
> 06.18.38 CVE: Not Available
> Platform: Cross Platform
> Title: Quagga Information Disclosure and Route Injection
> Vulnerabilities
> Description: Quagga is a routing package that has support for multiple
> dynamic routing protocols. It is susceptible to remote information
> disclosure and route injection vulnerabilities. These issues are due
> to flaws in the application that fail to properly ensure that required
> authentication and protocol configuration options are enforced. Quagga
> versions 0.98.5 and 0.99.3 are vulnerable to these issues.
> Ref:
> ______________________________________________________________________
>
> 06.18.39 CVE: Not Available
> Platform: Cross Platform
> Title: LibTiff TIFFToRGB Denial of Service
> Description: LibTIFF is a library designed to facilitate the reading
> and manipulation of Tag Image File Format (TIFF) files. It is affected
> by a denial of service issue due to the "TIFFToRGB" function's
> improper handling of certain parameters. LibTIFF versions 3.8 and
> earlier are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.18.42 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Multiple Unspecified Vulnerabilities
> Description: PHP is a general purpose scripting language. It is
> affected by multiple unspecified vulnerabilities. Please see the
> attached advisory for details.
> Ref:
> ______________________________________________________________________
