>
> *****************************
> Widely-Deployed Software
> *****************************
>
> (1) CRITICAL: Microsoft Windows DNS RPC Interface Buffer
> Overflow (MS07-029)
> Affected:
> Microsoft Windows 2000 Server
> Microsoft Windows 2003 Server
>
> Description: The Microsoft DNS server exports a Remote Procedure Call
> (RPC) interface for remote administration of the server. Certain
> function calls do not properly handle malformed DNS zone names. A
> specially-crafted call to these functions containing a malformed zone
> name could trigger a buffer overflow, allowing an attacker to execute
> arbitrary code with the privileges of the vulnerable process (usually
> SYSTEM). Note that public exploit code has been posted. This issue was
> originally disclosed prior to Microsoft's official announcement as a
> zero-day vulnerability. A previous @RISK entry discussed this
> vulnerability at the time of its disclosure.
>
> Status: Microsoft confirmed, updates available. Users are advised to
> disable the RPC management interface on the DNS server if it is not
> needed.
>
> Council Site Actions: All of the reporting council sites are
> responding
> to this issue. Most plan to distribute the patch during their next
> regularly scheduled maintenance cycle.
>
> References:
> Microsoft Security Bulletin
>
> Previous @RISK Entry
>
> SecurityFocus BID
>
>
> *********************************************************************
>
> (2) CRITICAL: Microsoft Internet Explorer Multiple
> Vulnerabilities (MS07-027)
> Affected:
> Microsoft Windows 2000/XP
> Microsoft Windows Server 2003
> Microsoft Windows Vista
>
> Description: Microsoft Internet Explorer contains multiple
> vulnerabilities in its handling of COM objects, web pages containing
> scripts, and HTML documents. A specially-crafted web page
> could exploit
> any of these vulnerabilities to execute arbitrary code with the
> privileges of the current user or to overwrite arbitrary
> files with the
> permission of the current user. Technical details for some of these
> vulnerabilities are publicly available, as are working exploits.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All of the reporting council sites are
> responding
> to this issue. Most sites plan to distribute the patch during
> their next
> regularly scheduled maintenance cycle.
>
> References:
> Microsoft Security Bulletin
>
> Zero Day Initiative Advisory
>
> Secunia Security Advisory
>
> Arbitrary File Modification Proof of Concept by Andres Tarasco Acuna
>
> SecurityFocus BIDs
>
>
>
>
>
> *****************************************************************
>
> (3) CRITICAL: Microsoft Exchange Multiple Vulnerabilities (MS07-026)
> Affected:
> Microsoft Exchange 2000
> Microsoft Exchange Server 2003
> Microsoft Exchange Server 2007
>
> Description: Microsoft Exchange contains multiple vulnerabilities:
> (1) Exchange fails to properly handle certain specially-crafted
> MIME-encoded data. MIME encoding is often used to attach
> files to email
> messages. A specially-crafted email message could trigger this
> vulnerability and execute arbitrary code with the privileges of the
> server process. Note that the email need only transit the vulnerable
> server to trigger this vulnerability.
>
> (2) Several denial-of-service conditions exist in Exchange's handling
> of iCal messages and IMAP commands. An email message containing a
> specially-crafted iCal file (used to store calendaring and scheduling
> information) could cause the server to crash and stop
> processing further
> messages. Additionally, a flaw in the handling of IMAP commands could
> allow an attacker to crash the mail service. Note that an
> attacker need
> only send an email or connect to the IMAP server to exploit these
> vulnerabilities.
>
> Note that crashing the mail service may cause other Internet services,
> such as web and FTP servers, to also crash. Some technical details and
> proofs-of-concept are available for these vulnerabilities.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All of the reporting council sites are
> responding
> to this issue. Most sites plan to distribute the patch during
> their next
> regularly scheduled maintenance cycle.
>
> References:
> Microsoft Security Bulletin
>
> iDefense Security Advisory
>
> Determina Security Advisory (includes proof-of-concept)
>
> Wikipedia Article on MIME
>
> SecurityFocus BIDs
>
>
>
>
> *****************************************************************
>
> (4) CRITICAL: Computer Associates eTrust AntiVirus Server
> Buffer Overflow
> Affected:
> Computer Associates eTrust Antivirus Server version 8
>
> Description: Computer Associates eTrust AntiVirus Server, a popular
> antivirus solution, contains a buffer overflow in its handling of user
> login credentials. The "inoweb" component, which listens on TCP port
> 12168 fails to properly handle an overlong username or password. An
> attacker who sent a long value for either parameter could trigger a
> buffer overflow and execute arbitrary code with the privileges of the
> vulnerable process (often SYSTEM).
>
> Status: Computer Associates confirmed, updates available. Users are
> advised to block TCP port 12168 at the network perimeter, if possible.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> Zero Day Initiative Advisory
>
> Computer Associates Security Notice
>
> ecnotice050807.asp
> iDefense Security Advisory
> .
> php?id=530
> SecurityFocus BID
>
>
> *****************************************************************
>
> (5) HIGH: Microsoft CAPICOM ActiveX Control Remote Code Execution
> Vulnerability (MS07-028)
> Affected:
> Microsoft CAPICOM ActiveX Control
> Microsoft BizTalk Server 2004
>
> Description: The Microsoft CAPICOM ActiveX control provides access to
> the cryptography system included with Microsoft Windows. This control
> fails to properly handle certain malformed inputs to exported methods.
> A web page that instantiates this control could call these vulnerable
> methods. Successfully exploiting this vulnerability would allow an
> attacker to execute arbitrary code with the privileges of the current
> user.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: Two of the reporting council sites are using the
> affected software and plan to deploy the patch during their next
> regularly scheduled maintenance cycle.
>
> References:
> Microsoft Security Bulletin
>
> MSDN Article on CAPICOM
>
> SecurityFocus BID
>
>
> *****************************************************************
>
> (6) HIGH: Microsoft Office Remote Code Execution
> Vulnerability (MS07-025)
> Affected:
> Microsoft Office 2000/XP/2003/2007
> Microsoft Office 2004 for Mac
>
> Description: Microsoft Office contains a flaw in the way it handles
> drawing objects embedded in Office documents. These objects
> are used to
> provide graphics and other imaging data in documents. An
> Office document
> containing a specially-crafted drawing object could trigger a memory
> corruption vulnerability. Successfully exploiting this vulnerability
> would allow an attacker to execute arbitrary code with the privileges
> of the current user. Note that recent versions of Office do not open
> documents without prompting.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All of the reporting council sites are
> responding
> to this issue. Most plan to distribute the patch during their next
> regularly scheduled maintenance cycle.
>
> References:
> Microsoft Security Bulletin
>
> SecurityFocus BID
>
>
> *****************************************************************
>
> (7) HIGH: Microsoft Word Multiple Vulnerabilities (MS07-024)
> Affected:
> Microsoft Word 2000/2002/2003
> Microsoft Works Suite 2004/2005/2006
> Microsoft Word Viewer 2003
> Microsoft Office 2004 for Mac
>
> Description: Microsoft Word contains multiple vulnerabilities
> in the way
> it handles Word and Rich Text Format (RTF) documents. A Word document
> containing a specially-crafted array or document stream element, or an
> RTF document containing a specially-crafted property could trigger one
> of these vulnerabilities. Successfully exploiting one of these
> vulnerabilities would allow an attacker to execute arbitrary code with
> the privileges of the current user. Note that at least one of these
> vulnerabilities is believed to have exploits available in the wild.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All of the reporting council sites are
> responding
> to this issue. Most sites plan to distribute the patch during
> their next
> regularly scheduled maintenance cycle.
>
> References:
> Microsoft Security Bulletin
>
> iDefense Security Advisory
>
> SecurityFocus BIDs
>
>
>
>
> *****************************************************************
>
> (8) HIGH: Microsoft Excel Multiple Vulnerabilities (MS07-023)
> Affected:
> Microsoft Excel 2000/2002/2003/2007
> Microsoft Excel Viewer 2003
> Microsoft Office 2004 for Mac
>
> Description: Microsoft Excel contains multiple vulnerabilities in the
> way it handles Excel spreadsheet files. An Excel spreadsheet
> containing
> a specially-crafted BIFF, filter, or font record could trigger one of
> these vulnerabilities. Successfully exploiting one of these
> vulnerabilities would allow an attacker to execute arbitrary code with
> the privileges of the current user. Note that some technical
> details for
> these vulnerabilities are publicly available.
>
> Council Site Actions: All of the reporting council sites are
> responding
> to this issue. Most sites plan to distribute the patch during
> their next
> regularly scheduled maintenance cycle.
>
> References:
> Microsoft Security Bulletin
>
> Zero Day Initiative Advisory
>
> iDefense Security Advisory
>
> SecurityFocus BIDs
>
>
>
>
> *****************************************************************
>
> (9) HIGH: McAfee Security Center ActiveX Control Buffer Overflow
> Affected:
> McAfee Security Center version 6 prior to 6.0.0.25
> McAfee Security Center version 7 prior to 7.2.147
>
> Description: McAfee Security Center, used to centrally administer of
> McAfee security products, contains a buffer overflow in an included
> ActiveX component. A specially-crafted web page that instantiates this
> control could exploit this buffer overflow and execute arbitrary code
> with the privileges of the current user. Note that some technical
> details and a working exploit for this vulnerability are publicly
> available.
>
> Status: McAfee confirmed, updates available. Note that users can
> mitigate the impact of this vulnerability by disabling the affected
> control via Microsoft's "kill bit" mechanism, using CLSID
> "9BE8D7B2-329C-442A-A4AC-ABA9D7572602".
>
> Council Site Actions: Only one of the responding council
> sites is using
> the affected software. They plan to deploy the patch during their next
> regularly scheduled maintenance cycle.
>
> References:
> iDefense Security Advisory
>
> Proof of Concept Exploit
>
> Microsoft Knowledge Base Article (details the "kill bit" mechanism)
>
> SecurityFocus BID
>
>
> *****************************************************************
>
> (10) HIGH: Trend Micro Server Protect Multiple Vulnerabilties
> Affected:
> Trend Micro Server Protect version 5.58 and possibly prior
>
> Description: Trend Micro Server Protect, a popular enterprise
> antivirus
> product, contains multiple vulnerabilities in its handling of Remote
> Procedure Call (RPC) requests. The server exports two vulnerable
> interfaces, one running on TCP port 5168 and the other on
> port 3628. An
> attacker who sent a specially-crafted RPC request to one of these
> interfaces could trigger a buffer overflow. Successfully exploiting
> these vulnerabilities would allow an attacker to execute
> arbitrary code
> with the privileges of the vulnerable process. Note that technical
> details for these vulnerabilities are publicly available. A working
> exploit for one of these vulnerabilities is known to be available to
> members of Immunity's partners program.
>
> Status: Trend Micro confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> Zero Day Initiative Advisories
>
>
> Trend Micro Home Page
>
> SecurityFocus BIDs
>
>
>
> *****************************************************************
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 20, 2007
>
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5452 unique vulnerabilities. For
> this special
> SANS community listing, Qualys also includes vulnerabilities
> that cannot
> be scanned remotely.
>
> 07.20.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Terminal Services Remote Security Restriction
> Bypass
> Description: Microsoft Windows Terminal Services is exposed to a
> remote security restriction bypass issue due to a failure of the
> server software to properly enforce encryption requirements. Terminal
> Services installed on Windows 2003 Server are affected.
> Ref:
> ______________________________________________________________________
>
> 07.20.2 CVE: CVE-2007-0215
> Platform: Microsoft Office
> Title: Microsoft Excel BIFF Record Remote Code Execution
> Description: Microsoft Excel is a spreadsheet application that is part
> of the Microsoft Office suite. Excel is exposed to a remote code
> execution issue because it fails to adequately handle user-supplied
> data. This issue occurs when the application handles a specially
> crafted BIFF file with a malformed Named Graph record.
> Ref:
> ______________________________________________________________________
>
> 07.20.3 CVE: CVE-2007-1747
> Platform: Microsoft Office
> Title: Microsoft Office Malformed Drawing Object Remote Code Execution
> Description: Microsoft Office is exposed to a remote code execution
> issue. The issue occurs when an affected application processes a
> malicious file containing a malformed Office drawing object. This
> causes process memory to become corrupted, allowing an attacker to
> manipulate the application's normal flow of execution to run arbitrary
> machine code.
> Ref:
> ______________________________________________________________________
>
> 07.20.4 CVE: CVE-2007-1202
> Platform: Microsoft Office
> Title: Microsoft Word RTF Parsing Remote Code Execution
> Description: Microsoft Word is exposed to a remote code execution
> issue because the application fails to perform sufficient validation
> when parsing certain rich-text properties contained within a Word
> file.
> Ref:
> ______________________________________________________________________
>
> 07.20.5 CVE: CVE-2007-1203
> Platform: Microsoft Office
> Title: Microsoft Excel Set Font Remote Code Execution
> Description: Microsoft Excel is a spreadsheet application that is part
> of the Microsoft Office suite. Excel is exposed to a remote
> code execution issue because it fails to adequately handle
> user-supplied data. Please refer to the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 07.20.6 CVE: CVE-2007-1214
> Platform: Microsoft Office
> Title: Microsoft Excel Filter Records Remote Code Execution
> Description: Microsoft Excel is a spreadsheet application that is part
> of the Microsoft Office suite. Excel is exposed to a remote code
> execution issue because it fails to adequately handle user-supplied
> data. This issue occurs when the application handles an Excel
> file with
> a specially-crafted filter record.
> Ref:
> .
> php?id=527
> ______________________________________________________________________
>
> 07.20.7 CVE: CVE-2007-0035
> Platform: Microsoft Office
> Title: Microsoft Word Array Remote Code Execution
> Description: Microsoft Word is exposed to a remote code execution
> issue because the application fails to perform sufficient validation
> when processing the contents of Word files. It fails to handle
> malformed data within an array. Please refer to the advisory for
> further details.
> Ref:
> ______________________________________________________________________
>
> 07.20.8 CVE: CVE-2007-0039
> Platform: Other Microsoft Products
> Title: Microsoft Exchange iCal Request Remote Denial of Service
> Description: Microsoft Exchange is exposed to a remote
> denial of service issue because it fails to properly handle unexpected
> iCal message content. iCal (Internet Calendar) is a standard message
> format used to exchange calendar information via email and other
> means. Please refer to the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 07.20.9 CVE: CVE-2007-0213
> Platform: Other Microsoft Products
> Title: Microsoft Exchange Base64 MIME Message Remote Code Execution
> Description: Microsoft Exchange is exposed to a remote code execution
> issue because the application fails to properly decode specially
> crafted email messages. The issue is triggered when Microsoft Exchange
> attempts to decode specially crafted base64- and MIME-encoded email
> message attachments. During the decoding process, attacker-supplied
> machine code may be executed.
> Ref:
> ______________________________________________________________________
>
> 07.20.10 CVE: CVE-2007-0221
> Platform: Other Microsoft Products
> Title: Microsoft Exchange IMAP Command Processing Remote Denial of
> Service
> Description: Microsoft Exchange is exposed to a remote
> denial of service issue. This issue stems from the inability of the
> software to properly handle a certain invalid IMAP command.
> Ref:
> .
> php?id=526
> ______________________________________________________________________
>
> 07.20.14 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: McAfee Viruscan McSubMgr.DLL ActiveX Control Remote Buffer
> Overflow
> Description: McAfee VirusScan is an enterprise antivirus application
> that offers protection against the latest computer virus threats. The
> "McSubMgr.DLL" ActiveX control shipped with McAfee VirusScan is
> exposed to a buffer overflow issue. McAfee VirusScan version 10.0.21
> uses the vulnerable ActiveX control.
> Ref:
> ______________________________________________________________________
>
>
> 07.20.17 CVE: CVE-2006-3456
> Platform: Third Party Windows Apps
> Title: Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote
> Code Execution
> Description: Symantec Norton Antivirus ActiveX control is exposed to a
> remote code execution issue. It has been identified on the Symantec
> Norton antivirus ActiveX control "navopts.dll".
> Ref:
> ______________________________________________________________________
>
> 07.20.18 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: McAfee Security Center McSubMgr.DLL ActiveX Control Remote
> Buffer Overflow
> Description: McAfee Security Center is an application to control and
> monitor McAfee Security products such as AntiVirus, Firewall and
> AntiSpam products. The "McSubMgr.DLL" ActiveX control shipped with
> McAfee Security Center is exposed to a buffer overflow issue
> because the
> "McSubMgr.McSubMgr" Object with a CLSID of
> "9BE8D7B2-329C-442A-A4AC-ABA9D7572602" fails to properly sanitize
> user-supplied input to the "IsOldAppInstalled()" method in the
> "MCSUBMGR.DLL" ActiveX component. McAfee Subscription Manager versions
> prior to 6.0.0.25 and prior to 7.2.147 are affected.
> Ref:
> .
> php?id=528
> ______________________________________________________________________
>
> 07.20.20 CVE: CVE-2007-2221
> Platform: Third Party Windows Apps
> Title: Microsoft Windows Media Server MDSAuth.DLL ActiveX Control
> Remote Code Execution
> Description: The Microsoft Windows Media Server ActiveX control is
> prone to a remote code execution issue that has been identified on the
> Microsoft Windows Media Server ActiveX "mdsauth.dll" control.
> Ref:
> ______________________________________________________________________
>
> 07.20.22 CVE: CVE-2007-0945
> Platform: Third Party Windows Apps
> Title: Microsoft Internet Explorer Property Method Remote Code
> Execution
> Description: Microsoft Internet Explorer is exposed to remote
> code execution issue. The problem occurs when viewing a page
> containing a malformed "property" method call. An attacker can trigger
> this issue by tricking an unsuspecting user into viewing a malicious
> page. Please refer to the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 07.20.23 CVE: CVE-2007-0946
> Platform: Third Party Windows Apps
> Title: Microsoft Internet Explorer HTML Objects Script Errors Variant
> Remote Code Execution
> Description: Microsoft Internet Explorer is exposed to a remote code
> execution issue. An attacker can exploit this issue by enticing a user
> into visiting a malicious Web page. Microsoft states that this
> vulnerability is a variant of the issue discussed in BID 23772
> (Microsoft Internet Explorer HTML Objects Script Errors Remote Code
> Execution Vulnerability). Please refer to the advisory for further
> details.
> Ref:
> ______________________________________________________________________
>
> 07.20.24 CVE: CVE-2007-0944
> Platform: Third Party Windows Apps
> Title: Microsoft Internet Explorer Object Handling Remote Code
> Execution
> Description: Microsoft Internet Explorer is exposed to a remote code
> execution issue. An attacker can exploit this issue by enticing a user
> into visiting a malicious Web page. Please refer to the advisory for
> further details.
> Ref:
> ______________________________________________________________________
>
> 07.20.25 CVE: CVE-2007-0947
> Platform: Third Party Windows Apps
> Title: Microsoft Internet Explorer HTML Objects Script Errors Remote
> Code Execution
> Description: Microsoft Internet Explorer is exposed to a remote code
> execution issue. An attacker can exploit this issue by enticing a user
> into visiting a malicious Web page. Internet Explorer 7 running on
> Windows XP SP2, Windows Server 2003 SP1 and SP2, and Windows Vista are
> affected.
> Ref:
> ______________________________________________________________________
>
> 07.20.26 CVE: CVE-2007-0940
> Platform: Third Party Windows Apps
> Title: Microsoft CAPICOM ActiveX Control Remote Code Execution
> Description: The Microsoft CAPICOM ActiveX control allows programmers
> to incorporate digital signing and encryption functionality into their
> applications. The application is exposed to a remote code execution
> issue because it fails to validate an unspecified parameter in the
> CAPICOM Certificates Class.
> Ref:
> ______________________________________________________________________
>
> 07.20.29 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Trend Micro ServerProtect SpntSvc.EXE Remote Stack-Based Buffer
> Overflow
> Description: Trend Micro ServerProtect is an antivirus application
> designed specifically for servers. ServerProtect is exposed
> to a remote
> stack-based buffer overflow issue because it fails to properly bounds
> check user-supplied input before copying it to an insufficiently sized
> memory buffer. Trend Micro ServerProtect version 5.58 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.20.30 CVE: CVE-2007-2508
> Platform: Third Party Windows Apps
> Title: Trend Micro ServerProtect EarthAgent.EXE Remote Stack-Based
> Buffer Overflow
> Description: Trend Micro ServerProtect is an antivirus application
> designed specifically for servers. ServerProtect is exposed to a
> remote stack-based buffer overflow issue because it fails to properly
> bounds check user-supplied input before copying it to an
> insufficiently sized memory buffer. This issue occurs in the
> "EarthAgent.exe" daemon listening on TCP port 3628. Trend Micro
> ServerProtect version 5.58 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.20.45 CVE: Not Available
> Platform: Novell
> Title: Novell Netmail NMDMC Stack-Based Buffer Overflow
> Description: Novell Netmail is a commercially available email and
> calendar system. The application is exposed to a buffer overflow issue
> because it fails to perform adequate boundary checks on user-supplied
> data before copying it to an insufficiently sized buffer.
> Ref:
> ______________________________________________________________________
>
> 07.20.46 CVE: Not Available
> Platform: Novell
> Title: Novell GroupWise Mobile Server Multiple Vulnerabilities
> Description: Nokia Intellisync Mobile Suite is a set of server
> applications that provide mobility solutions for corporations.
> Wireless email, PIM synchronization and device management are some of
> the services offered by Intellisync. Novell GroupWise Mobile Server
> uses Intellisync technology to provide similar services. The
> application is exposed to multiple issues. Novell GroupWise Mobile
> Server 1.0 and other versions bundled with Nokia Intellisync Mobile
> Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.20.48 CVE: CVE-2007-2522, CVE-2007-2523
> Platform: Cross Platform
> Title: CA Multiple Products Console Server and InoCore.dll Remote Code
> Execution Vulnerabilities
> Description: Multiple products from CA are exposed to
> vulnerabilities that
> will allow remote attackers to execute arbitrary code on an affected
> application. These issues affect CA Anti-Virus for the
> Enterprise version 8 and CA Threat Manager version 8.
> Ref:
>
> ecnotice050807.asp
> ______________________________________________________________________
>
> 07.20.53 CVE: CVE-2007-1669, CVE-2007-1670, CVE-2007-1671,
> CVE-2007-1672, CVE-2007-1673
> Platform: Cross Platform
> Title: Multiple Vendors Zoo Compression Algorithm Remote Denial of
> Service
> Description: Zoo is a compression format developed by Rahul Dhesi
> based on the LZW compression algorithm. Multiple applications are
> exposed to a remote denial of service issue that arises when
> applications implementing the Zoo algorithm process certain malformed
> archives. Zoo utility version 2.10 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.20.54 CVE: CVE-2007-1864, CVE-2007-2509, CVE-2007-2510
> Platform: Cross Platform
> Title: PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow
> Vulnerabilities
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The application is exposed to multiple remote buffer overflow issues
> because it fails to perform boundary checks before copying
> user-supplied data to insufficiently sized memory buffers.
> Ref:
> ______________________________________________________________________
>
> 07.20.55 CVE: Not Available
> Platform: Cross Platform
> Title: PHP FTP_Putcmd Function HTTP Response Splitting
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The application is exposed to an HTTP response splitting issue which
> occurs in the "ftp_putcmd()" function. PHP 5 versions prior
> to 5.2.2 and
> PHP 4 versions prior to 4.4.7 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.20.113 CVE: Not Available
> Platform: Network Device
> Title: Cisco IOS FTP Server Multiple Vulnerabilities
> Description: FTP Server is a file transfer protocol feature in Cisco
> IOS. The application is exposed to a denial of service issue which
> triggers an IOS reload during unspecified file transfers. It is also
> exposed to an authentication bypass issue which occurs because of
> improper authorization checking. This issue is being tracked by Cisco
> bug ID CSCse29244. Only IOS devices which have the FTP Server feature
> enabled are affected.
> Ref:
> ______________________________________________________________________
>
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
>
