ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 4 No. 44



> 
> **************************************************************
> ***********
>          @RISK: The Consensus Security Vulnerability Alert
> November 3, 2005                                          
> Vol. 4. Week 44
> **************************************************************
> ***********
> 
> **************************
> Widely Deployed Software
> **************************
> 
> (1) HIGH: PHP Remote Code Execution Vulnerability
> Affected:
> PHP4 version 4.4.0 and prior
> PHP5 version 5.0.5 and prior
> 
> Description:  PHP is a package installed on a large number of web
> servers and used by multiple content management and bulletin board
> software packages. If "register_globals" directive is on, an attacker
> with permissions to upload files to the web server can overwrite PHP
> "GLOBALS" array. This can lead to execution of arbitrary PHP code. The
> discoverers have reported that PHP code based on Pear-PHP and 
> vBulletin
> is vulnerable.
> 
> Status: PHP has released version 4.4.1 for PHP4. The new version also
> fixes a cross site scripting vulnerability. A workaround is to disable
> the "register_globals" option.
> 
> References:
> Postings by Stefan Essar
> http://www.hardened-php.net/advisory_202005.79.html
> http://www.hardened-php.net/globals-problem
> http://www.hardened-php.net/advisory_192005.78.htm l 
> http://www.hardened-php.net/advisory_182005.77.html 
> Vendor Homepage
> http://www.php.net/ 
> SecurityFocus BID
> http://www.securityfocus.com/bid/15250 
> http://www.securityfocus.com/bid/15249 
> http://www.securityfocus.com/bid/15248 
>  
> ********************************************************************
> 
> (2) HIGH: phpBB Remote Code Execution
> Affected:
> phpBB version 2.0.17 and prior
> 
> Description: phpBB is a widely-used bulletin board software package.
> Reports indicate that phpBB security checks that unregister the global
> variables can be easily bypassed in multiple ways. Additionally, the
> software contains several improperly initialized variables. 
> These flaws
> could allow an attacker to execute arbitrary PHP code. Note that the
> Santy worm targeted similar vulnerabilities in this software 
> last year.
> The posted advisory includes complete technical details.
> 
> Status: phpBB  2.0.18 has been released.
> 
> References:
> Posting by Stefan Essar
> http://www.hardened-php.net/advisory_172005.75.html
> Vendor Announcement
> http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
> SecurityFocus BID
> http://www.securityfocus.com/bid/15246
> 
> **************************************************************
> **********
> 
> (3) MODERATE: Cisco IOS System Timers Heap Overflow
> Affected:
> Cisco devices running IOS
> 
> Description: A researcher recently described a heap-based 
> overflow flaw
> in IOS IPv6 processing that could be exploited to execute 
> arbitrary code
> on a vulnerable Cisco device. Specifically, the arbitrary 
> code execution
> was reported to be plausible when the operating system timers executed
> the instructions in the overwritten heap memory. The Cisco patch
> enhances the general IOS security by minimizing the probability of
> arbitrary code execution via OS timers. Hence, this patch should be
> applied to all IOS devices.
> 
> Status: Cisco has made patches available for 12.0 as well as 12.2 IOS
> trains. Note that no new vulnerability in Cisco IOS has been 
> announced.
> Cisco has already issued patches for the IPv6 processing flaw.
> 
> References:
> Cisco Security Advisory
> http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml
> Previous @RISK Newsletter Postings
> http://www.sans.org/newsletters/risk/display.php?v=4&i=30#exploit2  
> SecurityFocus BID
> http://www.securityfocus.com/bid/15275 
> 
> 
> ****************************************************************
> 
> ______________________________________________________________________
> 
> 05.44.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Java Applet Denial of Service
> Description: Microsoft Internet Explorer is affected by a denial of
> service vulnerability. This issue arises because the application fails
> to handle exceptional conditions in a proper manner. This issue only
> presents itself when the J2SE Java runtime environment is installed.
> An attacker may exploit this issue by enticing a user to visit a
> malicious site, resulting in a denial of service condition in the
> application.
> Ref: 
> http://security-protocols.com/modules.php?name=News&file=artic
> le&sid=3027 
> ______________________________________________________________________
> 
> 05.44.2 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Malformed HTML Parsing Denial of Service
> Description: Microsoft Internet Explorer is vulnerable to a denial of
> service issue when it fails to properly handle malformed HTML content.
> Ref: http://www.securityfocus.com/bid/15268 
> ______________________________________________________________________
> 
> ______________________________________________________________________
> 
> 05.44.19 CVE: Not Available
> Platform: Cross Platform
> Title: PHP parse_str register_globals Activation Weakness
> Description: PHP is a general-purpose scripting language for web
> development and can be embedded into HTML. PHP is susceptible to a
> weakness in the "parse_str" function that allows attackers to
> re-enable the "register_globals" directive. PHP version 4.4.1 is
> released to fix this issue.
> Ref: http://www.php.net/release_4_4_1.php 
> ______________________________________________________________________
> 
> 05.44.20 CVE: Not Available
> Platform: Cross Platform
> Title: PHP File Upload GLOBAL Variable Overwrite
> Description: PHP is susceptible to a vulnerability that allows
> attackers to overwrite the GLOBAL variable. By exploiting this issue,
> remote attackers may be able to overwrite the GLOBAL variable. This
> may allow attackers to further exploit latent vulnerabilities in PHP
> scripts. PHP versions earlier than 4.4.1 are vulnerable.
> Ref: http://www.php.net/release_4_4_1.php 
> ______________________________________________________________________
> 
> 
> 05.44.23 CVE: Not Available
> Platform: Web Application
> Title: PHPBB Multiple Unspecified Vulnerabilities
> Description: PHPBB is a bulletin board system. It is prone to multiple
> unspecified vulnerabilities due to insufficient sanitization of
> user-supplied data, however the causes and impacts of other issues
> were not specified. PHPBB versions 2.0.17 and ealier are vulnerable.
> Ref: http://www.securityfocus.com/bid/15246/discuss 
> ______________________________________________________________________
> 
 
> 05.44.25 CVE: Not Available
> Platform: Web Application
> Title: phpBB Global Variable Deregistration Bypass Vulnerabilities
> Description: phpBB is a bulletin board system written in PHP. It is
> reported to be vulnerable to SQL injection, HTML injection and
> cross-site scripting issues due to improper deregistration of global
> variables. phpBB version 2.0.17 and earlier are reported to be
> vulnerable.
> Ref: http://www.securityfocus.com/bid/15243 
> ______________________________________________________________________
> 




 




Copyright © Lexa Software, 1996-2009.