Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 15



> 
> *****************************
> Widely Deployed Software
> *****************************
> 
> (1) CRITICAL: Microsoft Windows Multiple GDI Vulnerabilities 
> (MS07-017)
> Affected:
> Microsoft Windows 2000/XP/Vista
> Microsoft Windows Server 2003
> 
> Description: Microsoft has issued a security update (MS07-017) earlier
> than its monthly patching schedule for the 0-day flaw in the Windows'
> handling of animated cursor files. This flaw is being exploited in the
> wild. For more details about this 0-day, please refer to the previous
> issue of the @RISK newsletter.  In addition to the ANI issues, the
> MS07-017 patch also addresses several locally exploitable
> vulnerabilities and a remote denial of service vulnerability in the
> Windows GDI graphical subsystem. The remote DoS can be triggered by a
> specially-crafted Windows Metafile (WMF) image file, and exploited to
> cause a system hang or reboot.
> 
> Status: Microsoft confirmed, updates available. Please ensure that the
> patch is applied to all the affected systems.
> 
> Problems after installing MS07-017 patch:
> On Windows XP SP2, some 3rd party applications may not start. 
> Microsoft
> has provided mitigation steps here:
> http://support.microsoft.com/kb/925902 and
> http://support.microsoft.com/kb/935448/
> 
> Council Site Actions: All of the responding council sites are taking
> action. One site has already pushed the updates. The other sites are
> depolying on an expedited basis.  One site noted they sent out an
> organization-wide notice explaining the threat and asking users to
> verify that the patch installs.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx 
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=6&i=14#widely1 
> SecurityFocus BID
> http://www.securityfocus.com/bid/23194 
> 
> ****************************************************************
> 
> (3) CRITICAL: Kaspersky Multiple Products Multiple Vulnerabilities
> Affected:
> Kaspersky Internet Security, Anti-Virus and File Server version 6.0
> 
> Description: Several Kaspersky security products contain multiple
> vulnerabilities:
> 
> (1) Failure to properly handle specially-crafted ARJ archives can lead
> to a heap-based buffer overflow in the Kaspersky antivirus engine. A
> malicious ARJ archive could be delivered in a variety of 
> ways, including
> via email, web pages, or shared directories. Successfully exploiting
> this buffer overflow would allow an attacker to execute arbitrary code
> with the privileges of the antivirus engine.
> 
> (2) The "AxKlProd60.dll" and "AxKLSysInfo" ActiveX controls export a
> variety of methods for file manipulation. These functions do not
> validate that the calling process has the permission to execute these
> functions. A malicious web page that instantiates these controls could
> call the "DeleteFile" method to delete arbitrary files with the
> privileges of the current user; or call the "StartBatchUploading",
> "StartStrBatchUploading", or "StartUploading" to upload 
> arbitrary files
> to a remote server.
> 
> Status: Kaspersky confirmed, updates available. Users can mitigate the
> impact of issue #2 by disabling the affected controls via Microsoft's
> "kill bit" mechanism. The affected CLSIDs are
> "D9EC22E7-1A86-4F7C-8940-0303AE5D6756" and
> "BA61606B-258C-4021-AD27-E07A3F3B91DB".
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
> 
> References:
> Kaspersky Security Advisories
> http://www.kaspersky.com/technews?id=203038693 
> http://www.kaspersky.com/technews?id=203038694 
> Zero Day Initiative Advisories
> http://www.zerodayinitiative.com/advisories/ZDI-07-014.html 
> http://www.zerodayinitiative.com/advisories/ZDI-07-013.html 
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=504 
> Microsoft Knowledge Base Article (documents the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797 
> SecurityFocus BID
> http://www.securityfocus.com/bid/23325 
> 
> ****************************************************************
> 
> (4) HIGH: AOL Nullsoft Winamp Multiple Vulnerabilities
> Affected:
> AOL Nullsoft Winamp version 5.33 and prior
> 
> Description: AOL Nullsoft Winamp, a popular media player for Microsoft
> Windows, contains multiple vulnerabilities:
> 
> (1) Failure to properly process malformed Matlab Sound File files can
> trigger a memory corruption vulnerability. This flaw stems 
> from code in
> the "libsndfile.dll" library; it is possible that any 
> application using
> this library is vulnerable.
> 
> (2) The "in_mod.dll" Winamp plugin contains memory corruption
> vulnerabilities in the processing of "S3M" and "IT" files.
> Specially-crafted S3M or IT files could trigger these vulnerabilities.
> 
> Successfully exploiting these vulnerabilities would allow an attacker
> to execute arbitrary code with the privileges of the current 
> user. Note
> that, depending on configuration, the vulnerable file types could be
> opened without prompting by Winamp. Full technical details and a
> proof-of-concept are publicly available for these vulnerabilities.
> 
> Status: AOL has not confirmed, no updates available.
> 
> References:
> Advisories from Piotr Bania
> http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt
> http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in
> _mod-adv.txt
> http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-i
> n_mod-adv.txt
> Product Home Page
> http://www.winamp.com
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/23351
> http://www.securityfocus.com/bid/23350
> 
> ****************************************************************
> 
> (6) HIGH: MIT Kerberos Multiple Vulnerabilities
> Affected:
> MIT Kerberos 5 versions 1.6 and prior
> Potentially any system using the MIT implementation of Kerberos.
> 
> Description: MIT Kerberos, the reference implementation of 
> the Kerberos
> authentication protocol, contains multiple vulnerabilities:
> 
> (1) Telnet servers that use Kerberos for authentication contain an
> authentication bypass vulnerability. By passing a username beginning
> with "-e", an attacker could bypass all authentication and login as
> arbitrary users.
> 
> (2) The Kerberos Administration Daemon, which runs on the Kerberos
> master server, contains a buffer overflow vulnerability. A
> specially-crafted Kerberos request could trigger this buffer overflow
> and execute arbitrary code with the privileges of the Kerberos
> Administration Daemon process (often SYSTEM/root).
> 
> (3) The Kerberos Administration Daemon contains a double free
> vulnerability. An authenticated attacker could trigger this
> vulnerability to execute arbitrary code with the privileges of the
> administrative process (often SYSTEM/root).
> 
> Note that, since the master server usually contains authentication
> information for the entire Kerberos domain, compromising this server
> generally leads to compromise of other systems in the same
> authentication domain.  The technical details are available for these
> vulnerabilities. MIT Kerberos is used by a wide variety of operating
> systems, including various UNIX and UNIX-like operating systems.
> Kerberos authentication may not be enabled by default on affected
> systems, lessening the impact of attacks.
> 
> Status: MIT confirmed, updates available.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
> 
> References:
> MIT Security Advisories
> http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt 
> http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-tel
> netd.txt 
> http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt 
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=500 
> Wikipedia Article on Kerberos
> http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
> MIT Kerberos Home Page
> http://web.mit.edu/Kerberos/ 
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/23285 
> http://www.securityfocus.com/bid/23281 
> http://www.securityfocus.com/bid/23282 
> 
> ****************************************************************
> 
> (9) MODERATE: SAP RFC Library Multiple Vulnerabilities
> Affected SAP RFC Library versions 6.40 and 7.00 and possibly others
> 
> Description: The SAP RFC library, users by most SAP applications to
> interface with the main SAP system, contains multiple vulnerabilities:
> 
> (1) The "RFC_START_GUI" and "SYSTEM_CREATE_INSTANCE" functions contain
> buffer overflow vulnerabilities. Successfully exploiting these buffer
> overflows would allow arbitrary code execution with the privileges of
> the affected process. No further technical details for these
> vulnerabilities are publicly available.
> 
> (2) The "RFC_START_PROGRAM" function fails to properly 
> validate certain
> requests. A specially-crafted request to this function could bypass
> execution restrictions or trigger a buffer overflow, allowing for
> arbitrary code execution with the privileges of the affected process.
> 
> Additionally, information disclosure and denial-of-service
> vulnerabilities have been discovered in the SAP RFC library.
> 
> Status: SAP confirmed, updates available.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
> 
> References:
> CYBSEC Security Advisoris (PDF)
> http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_ST
> ART_GUI_RFC_Function_Buffer_Overflow.pdf 
> http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM
> _CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf 
> http://cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_
> PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf
> Vendor Home Page
> http://www.sap.com
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/23304
> http://www.securityfocus.com/bid/23307
> 
> 
> ****************
> Other Software
> ****************************************************************
> 
> (11) HIGH: Firebug Mozilla Firefox  Extension Remote Code Execution
> Affected:
> FireBug versions prior to 1.03
> 
> Description: FireBug is a popular Mozilla Firefox extension providing
> in-depth JavaScript debugging support. Failure to properly handle
> certain JavaScript constructs can lead to arbitrary JavaScript being
> executed without sandbox restrictions. Since there are no sandbox
> restrictions, the malicious scripts can execute arbitrary 
> code with the
> privileges of the current user. Note that FireBug is not installed by
> default. Working exploit code and full technical details are publicly
> available for this vulnerability.
> 
> Status: Vendor acknowledged, updates available.
> 
> Council Site Actions:  Only one of the responding council 
> sites is using
> the affected software, although it is not officially supported.  The
> users who are running it have automatic updates turned on, 
> including for
> extensions.
> 
> References:
> GNUCITIZEN Blog Post (includes proofs-of-concept)
> http://www.gnucitizen.org/blog/firebug-goes-evil
> FireBug Home Page
> https://addons.mozilla.org/en-US/firefox/addon/1843
> SecurityFocus BID
> http://www.securityfocus.com/bid/23315  
> 
> **************************************************************
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 15, 2007
> 
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5412 unique vulnerabilities. For this
> special SANS community listing, Qualys also includes vulnerabilities
> that cannot be scanned remotely.
> 
> 
> 07.15.2 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Unspecified Remote Code Execution
> Description: Microsoft Windows is expsoed to an unspecified remote
> code execution issue. Please refer to the advisory for further
> details.
> Ref: http://research.eeye.com/html/advisories/upcoming/20070327.html
> ____________________________________________________________________
> 
> 07.15.3 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Explorer BMP Image Denial of Service
> Description: Windows explorer is exposed to a denial of service issue
> which occurs when .bmp images are opened in Explorer while the
> "details" pane is open and also when viewing the file in "Thumbnails"
> view. Windows XP SP1 is affected.
> Ref: http://www.securityfocus.com/bid/23321
> ____________________________________________________________________
> 
> 07.15.4 CVE: CVE-2007-1532
> Platform: Windows
> Title: Microsoft Windows Vista Neighbor Discovery Spoofing
> Description: Microsoft Windows Vista is exposed to a discovery
> spoofing issue. The issue exists when the operating system receives
> unsolicited Neighbor Advertisements (NAs). An attacker can exploit
> this issue by responding to queries and sending spoofed Neighbor
> Advertisements or blindly sending Neighbor Advertisements.
> Ref: http://www.securityfocus.com/bid/23293
> ____________________________________________________________________
> 
> 07.15.5 CVE: CVE-2007-1533
> Platform: Windows
> Title: Microsoft Windows Vista Teredo UDP Nonce Spoofing Weakness
> Description: Windows Vista Teredo is a protocol transition mechanism
> which accommodates IPv6 tunneling over IPv4 Network Address
> Translation (NAT) devices. The application is exposed to a nonce
> spoofing weakness.
> Ref: http://www.securityfocus.com/bid/23301
> ____________________________________________________________________
> 
> 07.15.6 CVE: CVE-2007-1535
> Platform: Windows
> Title: Microsoft Windows Vista Teredo Protocol Insecure Connection
> Weakness
> Description: Microsoft Windows Vista is expsoed to a weakness due to
> insecure Teredo protocol connections. Teredo is a protocol transition
> mechanism which accommodates IPv6 tunneling over IPv4 Network Address
> Translation (NAT) devices. The documentation states that Teredo
> protocol is disabled by default and requires user action in order to
> activate. Microsoft Windows Vista is exposed to a weakness which may
> result in a false sense of security.
> Ref: http://www.securityfocus.com/bid/23267
> ____________________________________________________________________
> 
> 07.15.7 CVE: CVE-2007-1212
> Platform: Windows
> Title: Microsoft Windows Graphics Rendering Engine EMF File Privilege
> Escalation
> Description: Microsoft Windows graphics device interface (GDI)
> provides an intermediate layer for applications to communicate to the
> video interface and printer. GDI interacts with device drivers on
> behalf of applications. The application is exposed to a local
> privilege escalation issue when rendering malformed EMF image files.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
> ____________________________________________________________________
> 
> 07.15.8 CVE: CVE-2007-1528
> Platform: Windows
> Title: Microsoft Vista Spoof On Bridge HELLO Packet Security
> Restriction Bypass
> Description: The Microsoft Vista operating system is exposed to a
> security restriction bypass issue because it fails to properly
> sanitize user-supplied packet level data. The LLTD protocol operates
> over wired (802.3 Ethernet) and wireless (802.11) media. LLTD enables
> device discovery via the data-link layer and determines the topology
> of a network.
> Ref: http://www.securityfocus.com/bid/23280
> ____________________________________________________________________
> 
> 07.15.9 CVE: CVE-2006-5586
> Platform: Windows
> Title: Microsoft Windows GDI Invalid Window Size Local Privilege
> Escalation
> Description: The Microsoft Windows graphics device interface (GDI)
> enables applications to use graphics and formatted text on both the
> video display and the printer. The application is exposed to a local
> privilege escalation issue because of the way Microsoft Windows
> renders layered application window sizes.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
> ____________________________________________________________________
> 
> 07.15.10 CVE: CVE-2007-1530
> Platform: Windows
> Title: Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial
> of Service
> Description: The Link Layer Topology Discovery (LLTD) is a protocol,
> designed by Microsoft for discovering the topology of the local area
> network. Microsoft Windows Vista is exposed to a remote denial of
> service issue because the application fails to handle exceptional
> conditions.
> Ref: http://www.securityfocus.com/bid/23271
> ____________________________________________________________________
> 
> 07.15.11 CVE: CVE-2007-1213
> Platform: Windows
> Title: Microsoft Windows Graphics Device Interface Font Rasterizer
> Local Privilege Escalation
> Description: Microsoft Windows GDI Font Rasterizer generates TrueType
> character bitmaps for monitors and printers. The application is
> exposed to a local privilege escalation issue when an uninitialized
> function pointer is called during font rasterization.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
> ____________________________________________________________________
> 
> 07.15.12 CVE: CVE-2007-1527
> Platform: Windows
> Title: Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction
> Bypass
> Description: The Microsoft Vista operating system is exposed to a
> security restriction bypass issue because it fails to properly
> sanitize user-supplied packet level data. The LLTD protocol operates
> over wired (802.3 Ethernet) and wireless (802.11) media. LLTD enables
> device discovery via the data-link layer and determines the topology
> of a network.
> Ref: http://www.securityfocus.com/bid/23279
> ____________________________________________________________________
> 
> 07.15.13 CVE: CVE-2007-1531
> Platform: Windows
> Title: Microsoft Windows Vista ARP table Entries Denial of Service
> Description: Microsoft Windows Vista is exposed to a denial of service
> issue when the operating system receives certain gratuitous ARP
> requests. These requests are used to overwrite the ARP table entries
> and propagating address change.
> Ref: http://www.securityfocus.com/bid/23266
> ____________________________________________________________________
> 
> 07.15.14 CVE: CVE-2007-1215
> Platform: Windows
> Title: Microsoft Windows Graphics Rendering Engine GDI Local Privilege
> Escalation
> Description: Microsoft Windows Graphics Device Interface (GDI)
> provides an intermediate layer for applications to communicate to the
> video interface and printer. GDI interacts with device drivers on
> behalf of applications. The application is exposed to a privilege
> escalation issue due to the mishandling of certain unspecified color
> related parameters prior to copying them to an unchecked 
> memory buffer in
> the GDI.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
> ____________________________________________________________________
> 
> 07.15.15 CVE: CVE-2007-1211
> Platform: Windows
> Title: Microsoft Windows GDI WMF Remote Denial of Service
> Description: Microsoft Windows is prone to a remote denial of service
> issue because the application fails to perform proper bounds checking
> on sensitive message buffers when handling malicious WMF files.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
> ____________________________________________________________________
> 
> 07.15.16 CVE: CVE-2007-1529
> Platform: Windows
> Title: Microsoft Windows Vista LLTD Responder Discovery Packet
> Spoofing
> Description: The Link Layer Topology Discovery (LLTD) protocol is a
> protocol designed by Microsoft for discovering the topology of the
> local area network. The application is exposed to an issue that
> permits an attacker to spoof arbitrary hosts through a network based
> race condition.
> Ref: http://www.securityfocus.com/bid/23263
> ____________________________________________________________________
> 
> 07.15.17 CVE: CVE-2007-1112
> Platform: Third Party Windows Apps
> Title: Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File
> Exfiltration
> Description: Kaspersky AntiVirus is an antivirus application for
> desktop and small business computers. The application is exposed to an
> arbitrary file exfiltration issue because it contains a file upload
> ActiveX control that can be misused by a malicious site. Kaspersky
> Anti-Virus 6.0 and Kaspersky Internet Security 6.0 are affected.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=504
> ____________________________________________________________________
> 
> 07.15.18 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Kaspersky Internet Security Suite Klif.SYS Driver Local Heap
> Overflow
> Description: Kaspersky Internet Security Suite is an application that
> provides antivirus, antispyware, firewall, antispam, and Web
> protection tools for Microsoft Windows. The application is 
> exposed to a 
> local heap overflow issue because it fails to perform sufficient
> boundary checks on user-supplied data before copying it into an
> insufficiently sized buffer. Kaspersky Internet Security Suite version
> 6.0.1.411 for Microsoft Windows is affected.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=505
> ____________________________________________________________________
> 
> 07.15.19 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: ACDSee 9.0 Photo Manager Multiple BMP Denial of Service
> Vulnerabilities
> Description: ACDSee 9.0 Photo Manager is an application that allows
> users to view images. The application is exposed to multiple denial of
> service issues due to a failure of the application to properly handle
> malformed BMP image files. ACDSee version 9.0 is affected.
> Ref: http://www.securityfocus.com/bid/23317
> ____________________________________________________________________
> 
> 07.15.20 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: IrfanView Multiple BMP Denial of Service Vulnerabilities
> Description: IrfanView is an application that allows users to view
> images. The application is available for Microsoft Windows. It is
> expsoed to multiple denial of service issues due to a failure of the
> application to properly handle malformed BMP image files. IrfanView
> version 3.99 is affected.
> Ref: http://www.securityfocus.com/bid/23318
> ____________________________________________________________________
> 
> 
> 07.15.26 CVE: CVE-2007-0956
> Platform: Linux
> Title: MIT Kerberos 5 Telnet Daemon Authentication Bypass
> Description: MIT Kerberos 5 is a suite of applications and libraries
> designed to implement the Kerberos network authentication protocol.
> The application is exposed to an authentication bypass issue because
> the application fails to handle specially crafted user names beginning
> with "-e". Kerberos 5 versions 1.6 and earlier are affected.
> Ref: http://www.kb.cert.org/vuls/id/220816
> ____________________________________________________________________
> 
> 07.15.27 CVE: CVE-2007-1216
> Platform: Linux
> Title: MIT Kerberos Administration Daemon Kadmind Double Free Memory
> Corruption Vulnerabilities
> Description: MIT Kerberos 5 is a suite of applications and libraries
> designed to implement the Kerberos network authentication 
> protocol. The
> application is exposed to a double free memory corruption issue. If
> certain error conditions occur, a previously freed buffer by the krb5
> GSS-API mechanism may be freed again by an application.
> Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt
> ____________________________________________________________________
> 
> 07.15.28 CVE: CVE-2007-0957
> Platform: Linux
> Title: Kerberos 5 kadmind Server Stack Based Buffer Overflow
> Description: Kerberos is a network authentication protocol. kadmind
> (Kerberos Administration Daemon) is the administration server for
> Kerberos networks. The application is exposed to a stack-based buffer
> overflow issue because it fails to adequately bounds check
> user-supplied data before copying it to an insufficiently sized
> buffer. Kerberos versions 1.6 and earlier are affected.
> Ref: http://rhn.redhat.com/errata/RHSA-2007-0095.html
> ____________________________________________________________________
> 
> 07.15.29 CVE: CVE-2007-1351, CVE-2007-1352
> Platform: Linux
> Title: X.Org libXfont Multiple Integer Overflow Vulnerabilities
> Description: libXfont is the X.Org Xfont library. Some parts are based
> on the FreeType code base. The application is exposed to 
> multiple local
> integer overflow issues because of a failure to adequately 
> bounds check
> user-supplied data. libXfont version 1.2.2 is affected.
> Ref: http://rhn.redhat.com/errata/RHSA-2007-0125.html
> ____________________________________________________________________
> 
> 07.15.31 CVE: Not Available
> Platform: Solaris
> Title: Sun Solaris TCP/IP Kernel Memory Corruption Denial of Service
> Description: Sun Solaris running on computers using CMT (Chip
> Multi-Threading) processors are exposed to an issue which can 
> result in
> a kernel panic. The issue presents itself when handling large volumes
> of TCP/IP traffic consisting of rapidly opened and closed TCP
> connections. Sun Solaris 10.0 _x86 and Sun Solaris 10.0 are affected.
> Ref:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-10255
> 
> 07.15.36 CVE: Not Available
> Platform: Cross Platform
> Title: FireBug Cross Zone Scripting
> Description: FireBug is a javascript debugger plug in for Mozilla
> Firefox. The application is exposed to a cross zone scripting issue
> because the application fails to execute code in the proper security
> context. FireBug version 1.01 and 1.02 are affected.
> Ref: http://www.securityfocus.com/bid/23315
> ____________________________________________________________________
> 
> 07.15.37 CVE: Not Available
> Platform: Cross Platform
> Title: SAP RFC Library Trusted_System_Security Function Information
> Disclosure
> Description: SAP RFC Libary provides an interface for SAP Systems. The
> application is exposed to an information disclosure issue which
> affects the "trusted_system_security()" function. SAP RFC Library 7.00
> and SAP RFC Library 6.40 are affected.
> Ref: http://www.securityfocus.com/archive/1/464669
> ____________________________________________________________________
> 
> 07.15.38 CVE: Not Available
> Platform: Cross Platform
> Title: SAP RFC Library System_Create_Instance Function Buffer Overflow
> Description: SAP RFC Library provides an interface for SAP Systems.
> The application is exposed to a buffer overflow issue because it fails
> to adequately bounds check user-supplied input before copying it to an
> insufficiently sized buffer. This issue affects the
> "system_create_instance()" function. Please refer to the advisory for
> further details.
> Ref: http://www.securityfocus.com/archive/1/464683
> ____________________________________________________________________
> 
> 07.15.39 CVE: Not Available
> Platform: Cross Platform
> Title: SAP RFC_Set_Reg_Server_Property RFC Function Denial of Service
> Description: The SAP RFC Library is a component used to call any RFC
> Function in an SAP System from an external application. The 
> RFC Library
> is expsoed to a remote denial of service issue which resides in the
> "RFC_SET_REG_SERVER_PROPERTY()" function.
> Ref: http://www.securityfocus.com/archive/1/464685
> ____________________________________________________________________
> 
> 07.15.45 CVE: Not Available
> Platform: Cross Platform
> Title: IrfanView Cursor And Icon ANI Format Handling Remote Buffer
> Overflow
> Description: IrfanView is exposed to a buffer overflow issue due to
> insufficient format validation, that occurs when handling malformed
> ANI cursor or icon files. IrfanView version 3.99 is affected. Please
> refer to the advisory for further details.
> Ref: http://www.securityfocus.com/bid/23262
> ____________________________________________________________________
> 
> 07.15.49 CVE: Not Available
> Platform: Cross Platform
> Title: PHP 5 PHP_Stream_Filter_Create() Function Buffer Overflow
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP is exposed to a buffer overflow issue because the application
> fails to perform boundary checks before copying user-supplied data to
> insufficiently sized memory buffers. PHP versions prior to 5.2.1 are
> affected.
> Ref: http://www.php-security.org/MOPB/MOPB-42-2007.html
> ____________________________________________________________________
> 
> 07.15.50 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Memory Manager Sign Comparison Multiple Buffer Overflow
> Vulnerabilities
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP is exposed to multiple buffer overflow issues because the
> application fails to perform boundary checks before copying
> user-supplied data to insufficiently sized memory buffers. PHP version
> 5.2.0 is affected.
> Ref: http://www.php-security.org/MOPB/MOPB-44-2007.html
> ____________________________________________________________________
> 
> 07.15.52 CVE: Not Available
> Platform: Cross Platform
> Title: Symantec Norton Personal Firewall 2006 SPBBCDrv Driver Local
> Denial of Service
> Description: Norton Personal Firewall 2006 is exposed to a local
> denial of service issue. This issue occurs when attackers supply
> specially crafted values through the "NtCreateMutant" or "NtOpenEvent"
> arguments of the "SSDT" function of the "SPBBCDrv.sys" driver. Norton
> Personal Firewall 2006 versions 9.1.1.7 and 9.1.0.33 are affected.
> Ref: http://www.securityfocus.com/archive/1/464456
> ____________________________________________________________________
> 
> 07.15.54 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Msg_Receive() Memory Allocation Integer Overflow
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP is exposed to an integer overflow issue because it fails to ensure
> that integer values aren't overrun. PHP versions prior to 4.4.5 and
> 5.2.1 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-43-2007.html
> ____________________________________________________________________
> 
> 07.15.55 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Str_Replace() Integer Overflow
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP is exposed to an integer overflow issue because it fails to ensure
> that integer values aren't overrun. PHP versions prior to 4.4.5 and
> 5.2.1 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-39-2007.html
> ____________________________________________________________________
> 
> 07.15.56 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Imap_Mail_Compose() Function Buffer Overflow
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP is exposed to a buffer overflow issue because the application
> fails to perform boundary checks before copying user-supplied data to
> insufficiently sized memory buffers. PHP versions prior to 4.4.5 and
> 5.2.1 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-40-2007.html
> ____________________________________________________________________
> 
> 07.15.57 CVE: Not Available
> Platform: Cross Platform
> Title: PHP sqlite_udf_decode_binary() Function Buffer Overflow
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP is exposed to a buffer overflow issue because the application
> fails to perform boundary checks before copying user-supplied data to
> insufficiently sized memory buffers. PHP versions prior to 4.4.5 and
> 5.2.1 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-41-2007.html
> ____________________________________________________________________
> 
> 07.15.58 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Printf() Function 64bit Casting Multiple Format String
> Vulnerabilities
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The application is exposed to multiple format string issues due to a
> design error when casting 64 bit variables to 32 bits. PHP versions
> prior to 4.4.5 and 5.2.1 running on 64 bit computers are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-38-2007.html
> ____________________________________________________________________

> ____________________________________________________________________
> 
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
> 



 




Copyright © Lexa Software, 1996-2009.