Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 16



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> A Microsoft Zero-Day caused a lot of frenetic activity this week, but
> the big "oh darn" moment this week was learning that the wireless
> infrastructure people had deployed in thousands of large organizations
> has hard coded user names and passwords and default community strings
> - -- which make their networks remotely exploitable.
> 
> Separately, with Rohit Dhamankar's help, we have launched a very cool
> new "Software Security @RISK" Newsletter that analyzes major current
> vulnerabilities from @RISK and shows the exact programming errors that
> caused the vulnerabilities. The newsletter will be distributed to all
> programmers who register for the secure coding exam 
> (www.sans-ssi.org),
> as a continuous learning tool for them. In the mean time, 
> we'll send the
> current issues to any programmer or tester or auditor who knows enough
> about secure coding in Java or C to review the current test blueprint
> in one of those languages and help us rate the secure coding rules in
> the blueprint on importance and frequency of use. Email 
> spa@xxxxxxxx and
> tell us which language (Java or C) you are capable of reviewing.
> 
> 
> *****************************
> Widely Deployed Software
> *****************************
> 
> (1) CRITICAL: Microsoft DNS Server RPC Interface Buffer 
> Overflow (0-day)
> Affected:
> DNS server running on:
> Windows 2000 Server SP4
> Windows 2003 Server SP1/SP2
> 
> Description: Microsoft DNS server supports an RPC interface 
> that can be
> accessed via high TCP ports (> 1023). The interface can also 
> be accessed
> via "\\dnsserver" named pipe on ports 139/tcp and 445/tcp. This
> interface contains a buffer overflow that can be triggered by 
> a function
> call with a specially crafted zone name. The overflow can be exploited
> to execute arbitrary code on the DNS server with SYSTEM privileges.
> Compromise of a DNS server may lead to further compromises in an
> enterprise by re-directing people to malicious domains. 
> Exploit code for
> this vulnerability has been publicly posted, and the flaw is being
> exploited in the wild. Note that the DNS service running on port 53 is
> not affected by the buffer overflow.
> 
> Status: Microsoft has issued certain workarounds that can be employed
> before a patch is released. The suggested workarounds are:
> 
> (a) Block requests to the DNS server on TCP ports > 1023, 139 and 445
> from the Internet.
> 
> (b) Disable the remote management over RPC feature for the 
> affected DNS
> servers. The steps are outlined in the Microsoft advisory.
> 
> References:
> Microsoft Advisory
> http://www.microsoft.com/technet/security/advisory/935964.mspx 
> SANS Handler's Diary Discussions
> http://isc.sans.org/diary.html?storyid=2637 
> http://isc.sans.org/diary.html?storyid=2627 
> Exploit Code
> http://archives.neohapsis.com/archives/bugtraq/2007-04/0245.html 
> http://metasploit.com/svn/framework3/trunk/modules/exploits/wi
> ndows/dcerpc/msdns_zonename.rb 
> SecurityFocus BID
> http://www.securityfocus.com/bid/23470
> 
> *********************************************************************
> 
> (2) CRITICAL: Cisco Wireless LAN Controller and Wireless 
> Control System Vulnerabilities
> Affected:
> Wireless LAN Controllers
> - --Cisco 4400/2100 Series Wireless LAN Controllers
> - --Cisco Wireless LAN Controller Module
> Wireless Integrated Switches and Routers
> - --Cisco Catalyst 6500 Series Wireless Services Module (WiSM)
> - --Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers
> 
> Cisco Wireless Control System versions prior to 4.0.96.0
> 
> Description: Cisco Wireless LAN Controller and Wireless Control System
> are the building blocks of an enterprise-scale wireless network
> supporting business critical applications. The Wireless LAN Controller
> uses "private" community string for SNMP read-write operations. An
> attacker can exploit the default SNMP read-write community string to
> take control of the device.
> 
> Similarly, the Cisco Wireless Control System (WCS) has a hardcode
> username and password for its FTP server (used for data backup
> purposes). An attacker can use these default credentials to 
> potentially
> compromise the server running the Cisco WCS application.
> 
> Status: Cisco confirmed, updates available.
> 
> References:
> Cisco Security Advisories
> http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml 
> http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml 
> Product Homepage
> http://www.cisco.com/en/US/products/ps6302/Products_Sub_Catego
> ry_Home.html 
> http://www.cisco.com/en/US/products/ps6305/index.html 
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/23460 
> http://www.securityfocus.com/bid/23461 
> 
> **************************************************************
> ***************
> 
> (3) HIGH: Microsoft Content Management Server Multiple 
> Vulnerabilities (MS07-018)
> Affected:
> Microsoft Content Management Server 2001/2002
> 
> Description: Microsoft Content Management Server (MSCMS), 
> used to create
> and maintain web sites, contains multiple vulnerabilities:
> 
> (1) A specially-crafted HTTP GET request could trigger memory 
> corruption
> vulnerability in MSCMS. Successfully exploiting this 
> vulnerability could
> allow an attacker to execute arbitrary code with the privileges of the
> MSCMS server process.
> 
> (2) A cross-site scripting vulnerability exists in the way 
> MSCMS handles
> HTML redirection requests. An attacker could leverage this 
> vulnerability
> to execute arbitrary scripts on other users' systems with the same
> privileges as other scripts downloaded from the Internet. Further
> technical details for this vulnerability are unavailable.
> 
> Status: Microsoft confirmed, updates available.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS07-018.mspx 
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/22860 
> http://www.securityfocus.com/bid/22861 
> 
> **************************************************************
> ***********
> 
> (4) HIGH: Microsoft Agent Memory Corruption (MS07-020)
> Affected:
> Microsoft Windows 2000/XP
> Microsoft Windows Server 2003
> Note: Users of Internet Explorer 7 are reportedly not vulnerable.
> 
> Description: Microsoft Agent is a Microsoft technology used to provide
> animated characters for user interaction. Microsoft Agent contains a
> memory corruption vulnerability. A specially-crafted URL could trigger
> this memory corruption vulnerability, and allow an attacker to execute
> arbitrary code with the privileges of the current user. A 
> malicious web
> page that embedded such a URL could exploit this 
> vulnerability when the
> user views the page. Clicking on the link itself is not necessary.
> 
> Status: Microsoft confirmed, updates available.
> 
> Council Site Actions: All reporting council sites are 
> responding to this
> issue. They plan to deploy the patches during their next regularly
> scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-020.mspx 
> Secunia Security Advisory
> http://archives.neohapsis.com/archives/bugtraq/2007-04/0157.html 
> Microsoft Agent Home Page
> http://www.microsoft.com/msagent/ 
> SecurityFocus BID
> http://www.securityfocus.com/bid/23337 
> 
> **************************************************************
> ***********
> 
> (5) HIGH: Kaspersky AntiVirus Multiple Vulnerabilities
> Affected:
> Kaspersky AntiVirus version 6.0
> Kaspersky Internet Security 6.0
> Kaspersky File Server version 6.0
> 
> Description: Kaspersky AntiVirus product contains the following
> vulnerabilities:
> 
> (a) The ActiveX controls AXKLPROD60Lib.KAV60Info and
> AXKLSYSINFOLib.SysInfo installed by the anti-virus product can be
> exploited to download/delete arbitrary files to/from a user's system,
> when the user visits a malicious webpage.
> 
> (b) The anti-virus engine contains a heap-based buffer 
> overflow that can
> be triggered by specially crafted ARJ archives. The flaw can be
> exploited to execute arbitrary code on a system running a vulnerable
> version of the anti-virus engine. Note that no user interaction is
> required to exploit this flaw. The e-mail gateways are most severely
> affected by this vulnerability.
> 
> Status: Kaspersky confirmed, updates available.
> 
> References:
> Kaspersky Advisories
> http://www.kaspersky.com/technews?id=203038693
> http://www.kaspersky.com/technews?id=203038694
> Zero Day Initiative Advisories
> http://www.zerodayinitiative.com/advisories/ZDI-07-014.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/23325
> http://www.securityfocus.com/bid/23345
> http://www.securityfocus.com/bid/23346
> 
> **************************************************************
> ***********
> 
> (6) MODERATE: Microsoft Windows Universal Plug and Play 
> Memory Corruption (MS07-019)
> Affected:
> Microsoft Windows XP
> 
> Description: Universal Plug and Play (UPnP) is a collection of open
> technologies, including HTTP and XML, used to advertise and discover
> network services and configuration. The implementation in Microsoft
> Windows XP contains a memory corruption vulnerability. By sending a
> specially-crafted HTTP request to a vulnerable system, an 
> attacker could
> trigger this vulnerability. Successfully exploiting this vulnerability
> could lead to arbitrary code execution with the privileges of
> "LocalSystem".  Note that the vulnerable service is not enabled by
> default. Under most network configurations, the attacker would need to
> be in the same sub network as the victim. A working exploit 
> is known to
> exist, and is available to members of Immunity's partner program.
> 
> Status: Microsoft confirmed, updates available. Users are advised to
> block UDP port 1900 and TCP port 2869 at the network perimeter.
> 
> Council Site Actions:  All reporting council sites are responding to
> this issue. They plan to deploy the patches during their next 
> regularly
> scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-019.mspx 
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=509 
> Wikipedia Entry on Universal Plug and Play
> http://en.wikipedia.org/wiki/UPnP 
> SecurityFocus BID
> http://www.securityfocus.com/bid/23371 
> 
> **************************************************************
> 
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> 
> 
> 07.16.1 CVE: CVE-2007-1748
> Platform: Windows
> Title: Microsoft Windows Domain Name Server Service Remote Procedure
> Call Interface
> Description: Microsoft Windows Domain Name Server (DNS) service is an
> Internet directory service that translates domain names into IP
> addresses. The application is exposed to an unspecified issue in its
> Remote Procedure Call (RPC) interface which is typically bound to TCP
> ports between 1024 and 5000. Windows Server 2000 Service Pack 4, and
> Windows Server 2003 Service Packs 1 and 2 are affected.
> Ref: http://www.kb.cert.org/vuls/id/555920
> ______________________________________________________________________
> 
> 
> 07.16.3 CVE: CVE-2007-1209
> Platform: Windows
> Title: Microsoft Windows CSRSS CSRFinalizeContext Local Privilege
> Escalation
> Description: Microsoft Windows CSRSS (client/server run-time
> subsystem) is the user mode portion of the Win32 subsystem. CSRSS is a
> required service for Windows and is always running. CSRSS is exposed
> to a local privilege escalation issue because it fails to adequately
> marshal system resources when handling connections during process
> startups and stops. Microsoft Windows Vista is affected.
> Ref: http://www.kb.cert.org/vuls/id/219848
> ______________________________________________________________________
> 
> 07.16.4 CVE: CVE-2007-1206
> Platform: Windows
> Title: Microsoft Windows IVT Kernel Local Privilege Escalation
> Description: Microsoft Windows is exposed to a local privilege
> escalation issue because the Windows kernel allows incorrect
> permissions to be used when mapping memory segments. Please refer to
> the advisory for further details.
> Ref: http://www.kb.cert.org/vuls/id/337953
> ______________________________________________________________________
> 
> 07.16.5 CVE: CVE-2007-1204
> Platform: Windows
> Title: Microsoft Windows UPnP Remote Code Execution
> Description: UPnP is a set of network protocols to extend
> plug-and-play functionality to intelligent network devices in homes
> and businesses. This allows intelligent network devices to
> automatically connect to each other without requiring user
> configuration. Microsoft Windows is exposed to a remote code execution
> vulnerability because it fails to handle certain HTTP requests.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=509
> ______________________________________________________________________
> 
> 07.16.6 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Help File Unspecified Heap Overflow
> Description: The "winhlp32.exe" executable is the Microsoft Windows
> Help File viewer. The application is exposed to a heap overflow issue
> because it fails to perform boundary checks before copying
> user-supplied data into insufficiently sized memory buffers.
> Ref: http://www.securityfocus.com/bid/23382
> ______________________________________________________________________
> 
> 
> 07.16.9 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer
> Overflow
> Description: Microsoft Word is exposed to a buffer overflow issue
> because the application fails to properly bounds check user-supplied
> data before copying it to an insufficiently sized memory buffer.
> Ref: http://www.securityfocus.com/bid/23380
> ______________________________________________________________________
> 
> 07.16.10 CVE: CVE-2007-1205
> Platform: Other Microsoft Products
> Title: Microsoft Agent URI Processing Remote Code Execution
> Description: Microsoft Agent is a set of software services for
> developers to enhance the user interface of web-based applications.
> The application is exposed to a remote code execution issue when the
> Microsoft Agent component processes URIs.
> Ref: http://www.kb.cert.org/vuls/id/728057
> ______________________________________________________________________
> 
> 07.16.11 CVE: CVE-2007-0938
> Platform: Other Microsoft Products
> Title: Microsoft Content Management Server Remote Code Execution
> Description: Microsoft Content Management Server (MCMS) is an
> application that allows users to create, publish and manage web
> content remotely. It operates in conjunction with Internet Information
> Server and SQL Server. The application is exposed to an arbitrary code
> execution issue because the software fails to properly 
> validate user-supplied input.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-018.mspx
> ______________________________________________________________________
> 
> 07.16.15 CVE: CVE-2006-6696
> Platform: Third Party Windows Apps
> Title: Microsoft Windows CSRSS MSGBox Remote Code Execution
> Description: Microsoft Windows CSRSS (client/server run-time
> subsystem) MsgBox is the user mode portion of the Win32 subsystem.
> CSRSS is a required service for Windows and is always running. MsgBox
> is exposed to a remote code execution issue because it fails to
> adequately handle certain error messages.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx
> ______________________________________________________________________
> 
> 
> 07.16.18 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Microsoft Windows Explorer ANI File Denial of Service
> Description: Windows Explorer is exposed to a denial of service issue.
> The problem occurs when the application is used to open a folder
> containing a malicious ANI file. Windows Explorer on Microsoft Windows
> XP SP2 is affected.
> Ref: http://www.securityfocus.com/bid/23373
> ______________________________________________________________________
> 
> 07.16.20 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Winamp IN_Mod.DLL Plug-in Remote Code Execution
> Description: Winamp is a multimedia player. The Winamp IN_MOD.DLL
> plug-in is exposed to a remote code execution issue because it fails
> to adequately handle malformed files. Winamp version 5.33 is affected.
> Ref: http://www.securityfocus.com/archive/1/464890
> ______________________________________________________________________
> 
> 07.16.21 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Winamp LibSNDFile.DLL Component Remote Code Execution
> Description: Winamp is a multimedia player. Winamp is exposed to a
> remote code execution issue resulting from an off by zero memory
> corruption error. Winamp version 5.33 is affected.
> Ref: http://www.securityfocus.com/archive/1/464889
> ______________________________________________________________________
> 
> 07.16.22 CVE: CVE-2007-1112
> Platform: Third Party Windows Apps
> Title: Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File
> Exfiltration
> Description: Kaspersky AntiVirus is an antivirus application for
> desktop and small business computers. The application is exposed to an
> arbitrary file exfiltration issue because it contains a file upload
> ActiveX control that can be misused by a malicious site. Kaspersky
> Anti-Virus 6.0 and Kaspersky Internet Security 6.0 are affected.
> Ref: http://www.kaspersky.com/technews?id=203038694
> ______________________________________________________________________
> 
> 07.16.23 CVE: CVE-2007-0445
> Platform: Third Party Windows Apps
> Title: Kaspersky Antivirus Engine ARJ Archive Remote Heap Overflow
> Description: The Kaspersky Antivirus Engine is the core antivirus
> software used in Kaspersky computer security tools for Microsoft
> Windows. The application is exposed to remote heap overflow issue
> because the application fails to perform sufficient boundary checks on
> user-supplied data before copying it into an insufficiently sized
> buffer. Kaspersky Anti-Virus version 6.0 is affected.
> Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-013.html
> ______________________________________________________________________
> 
> 07.16.26 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Fib_Semantics.C Out Of Bounds Access
> Description: The Linux kernel is exposed to an out of bounds access
> issue. This issue occurs because the semantics for IPv4 Forwarding
> Information Base fail to adequately bounds check user-supplied data
> before accessing an array. The Linux versions prior to 2.6.21-rc6 are
> affected.
> Ref:
> http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6
> ______________________________________________________________________
> 
> 07.16.27 CVE: Not Available
> Platform: Linux
> Title: Opera Web Browser Running Adobe Flash Player Unspecified
> Description: Opera Web Browser is exposed to an unspecified
> vulnerability when running Adobe Flash Player. Opera Web Browser
> versions prior to 9.20 are affected. Adobe Flash Player versions prior
> to 9.0.28.0 are affected. Please refer to the advisory for further
> details.
> Ref: http://www.opera.com/support/search/view/858/
> ______________________________________________________________________
> 
> 07.16.28 CVE: CVE-2006-7179
> Platform: Linux
> Title: MADWifi Channel Switch Announcement Information Elements
> Denial of Service
> Description: MADWifi (Multiband Atheros Driver for WiFi) is a device
> driver for Wireless LAN chipsets. The application is exposed 
> to a denial
> of service issue because it fails to properly handle certain network
> packets. MADWifi versions prior to 0.9.3 are affected.
> Ref: http://madwifi.org/ticket/963
> ______________________________________________________________________
> 
> 07.16.29 CVE: CVE-2006-7180
> Platform: Linux
> Title: MADWifi IEEE80211_Output.C Unencrypted Data Packet Multiple
> Vulnerabilities
> Description: MADWiFi (Multiband Atheros Driver for WiFi) is a Linux
> kernel device driver application for wireless LAN chipsets. The
> application is exposed to multiple issues because the
> "ieee80211_output.c" source file sends unencrypted packets prior to
> successful WPA authentication. MADWifi versions prior to 0.9.3 are
> affected.
> Ref: http://madwifi.org/wiki/Releases/0.9.3
> ______________________________________________________________________
> 
> 07.16.30 CVE: CVE-2006-7178
> Platform: Linux
> Title: MADWifi Auth Frame IBSS Remote Denial of Service
> Description: MADWifi (Multiband Atheros Driver for WiFi) is a Linux
> kernel device driver for Wireless LAN chipsets. The application is
> exposed to a remote denial of service issue because the application
> fails to properly handle certain AUTH frames from an IBSS 
> node. MADWifi
> versions prior to 0.9.3 are affected.
> Ref: http://madwifi.org/ticket/880
> ______________________________________________________________________
> 
> 07.16.31 CVE: CVE-2006-7177
> Platform: Linux
> Title: MADWifi Ad-Hoc Mode Denial of Service
> Description: MADWifi (Multiband Atheros Driver for WiFi) is a device
> driver for Wireless LAN chipsets. The application is exposed to a
> denial of service issue when running in "Ad-Hoc" mode because the
> application/service fails to properly handle certain network
> packets/traffic. MADWifi versions prior to 0.9.3 are affected.
> Ref: http://madwifi.org/ticket/880
> ______________________________________________________________________
> 
> 07.16.32 CVE: Not Available
> Platform: Linux
> Title: Quagga BGPD UPDATE Message Remote Denial of Service
> Description: Quagga is a suite of routing applications written for
> the FreeBSD, Linux, Solaris and NetBSD operating systems. The
> application is exposed to a remote denial of service issue because it
> fails to handle a malformed multi protocol message. Quagga versions
> 0.99.6, 0.98.6 and prior (0.99 branch and 0.98 branch) are affected.
> Ref: http://www.securityfocus.com/bid/23417
> ______________________________________________________________________
> 
> 07.16.34 CVE: CVE-2007-1841
> Platform: Linux
> Title: IPSec-Tools Remote Denial of Service
> Description: IPSec-Tools is a port of KAME's IPsec utilities to the
> Linux-2.6 IPsec implementation. The application is exposed to a remote
> denial of service issue because the application fails to properly
> handle certain network packets. IPSec-Tools versions prior to 0.6.7
> are affected.
> Ref:
> http://sourceforge.net/mailarchive/message.php?msg_name=200704
> 06123739.GA1546%40zen.inc
> ______________________________________________________________________
> 
> 07.16.35 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel DCCP Proto.C Buffer Overflow
> Description: The Linux kernel is exposed to a buffer overflow issue
> because it fails to adequately bounds check user-supplied data before
> copying it to an insufficiently sized buffer. This issue affects the
> "do_dccp_getsockopt()" function in the "netdccpproto.c" source file.
> The Linux kernel versions prior to 2.6.20.5 are affected.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.5
> ______________________________________________________________________
> 
> 07.16.36 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial of Service
> Description: The Linux kernel is exposed to a denial of service issue.
> This issue presents itself when malformed AppleTalk frames are
> processed. Linux kernel versions prior 2.6.20.5 are affected.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.5
> ______________________________________________________________________
> 
> 
> 07.16.40 CVE: Not Available
> Platform: Solaris
> Title: Sun Solaris IP Implementation Remote Denial of Service
> Description: Sun Solaris is exposed to a remote denial of service
> issue because the application fails to handle exceptional conditions.
> Solaris 8 and Solaris 9 are affected.
> Ref:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-10286
> 6-1&searchclause=
> ______________________________________________________________________
> 
> 07.16.52 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection
> Description: PHP has a "filter_var()" function that is designed to
> sanitize user-supplied input for various purposes. The application is
> exposed to an email newline injection issue because it fails to
> properly sanitize user-supplied input. PHP 5.2.1 and PHP 5.2 are
> affected.
> Ref: http://www.php-security.org/MOPB/PMOPB-45-2007.html
> ______________________________________________________________________
> 
> 07.16.53 CVE: CVE-2007-1001
> Platform: Cross Platform
> Title: PHP GD Extension WBMP File Integer Overflow Vulnerabilities
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP's GD extension is exposed to two integer overflow issues because
> it fails to ensure that integer values aren't overrun. PHP versions
> 5.2.1 and earlier are affected.
> Ref: http://www.securityfocus.com/archive/1/464957
> ______________________________________________________________________
> 
> 07.16.54 CVE: Not Available
> Platform: Cross Platform
> Title: Firebug Rep.JS Script Code Injection
> Description: Firebug is a Firefox extension that is used for
> debugging, editing and monitoring CSS, JavaScript and HTML. Firebug is
> exposed to a script code injection issue. The issue exists because the
> "rep.js" script fails to adequately escape user-supplied data. Firebug
> versions prior to 1.04 are affected.
> Ref: http://www.securityfocus.com/archive/1/464875
> ______________________________________________________________________
> 
> 07.16.114 CVE: Not Available
> Platform: Network Device
> Title: Cisco Wireless Lan Controller Multiple Remote Vulnerabilities
> Description: The Cisco Wireless LAN Controller (WLC) manages Cisco
> Aironet access points using the Lightweight Access Point Protocol
> (LWAPP). The application is exposed to multiple remote issues. Please
> refer to the advisory for further details.
> Ref:
> http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.sht
> ml#workarounds
> ______________________________________________________________________
> 
> 07.16.115 CVE: Not Available
> Platform: Network Device
> Title: Cisco Wireless Control System Multiple Vulnerabilities
> Description: Cisco Wireless Control System (WCS) is used with Cisco 
> wireless appliances to provide system configuration, location
> tracking, security monitoring and wireless LAN management. Cisco
> Wireless Control System versions prior to 4.0.96.0 are affected.
> Please refer to the advisory for further details.
> Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml
> ______________________________________________________________________
> 
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
> 



 




Copyright © Lexa Software, 1996-2009.