> **************************
> Widely Deployed Software
> **************************
>
> (1) HIGH: Perl Format String Vulnerability
> Affected:
> Perl versions 5.9.2 and 5.8.6 confirmed; potentially all Perl versions
> Webmin version 1.23 and prior
>
> Description: Perl is widely used as a scripting language for a variety
> of applications including web-based software. Perl contains a
> vulnerability that can be triggered by passing a format
> specifier of the
> form "%INT_MAXn". The vulnerability causes an integer
> variable in a Perl
> function to wrap around (change its parity) that can be exploited to
> execute arbitrary code. For instance, "%2147483647n" format specifier
> will trigger the flaw in Perl running on 32-bit Operating
> Systems. Note
> that the flaw can be exploited only via Perl-based applications that
> contain a format string vulnerability. The discoverers have reportedly
> found several applications that are vulnerable.
>
> One of the affected applications is Webmin, a web interface to perform
> administrative tasks like server and user configuration. Webmin's web
> server miniserv.pl, which runs on port 10000/tcp by default,
> contains a
> format string vulnerability. By passing a username containing a format
> specifier, an attacker can exploit the flaw to execute arbitrary code
> with possibly root privileges. Immunity, Inc. has made an exploit
> available to some of its customers.
>
> Status: Some Linux vendors have released patches. The discoverers have
> also released an unofficial patch for version 5.9.2 that is available
> at:
>
eter_intwrap_vulnerability.
>
> A workaround for the Webmin flaw is to block the traffic to port
> 10000/tcp at the network perimeter.
>
> Council Site Actions: Most of the council sites are
> responding to this
> item on some level and plan to install patches as they are made
> available. Several sites have notified their web developers.
> One site
> requested updates from the 3rd party providers that bundle Perl with
> applications in use at their site. Another site said that they have
> several Mandriva Linux systems running Webmin and plan to
> recommend that
> the affected system administrators apply the MDKSA-2005:223 update.
> These systems are used by a few dozen users. The remaining
> council sites
> commented they do not use Perl on and of their web servers.
>
> References:
> DyadSecurity Advisory
>
>
> Posting by giarc
>
> 0001.html
> Posting by Dave Aitel
>
> 0015.html
> Webmin miniserv.pl Documentation
>
> Webmin Homepage
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> (2) HIGH: Ipswitch IMail SMTP Format String Vulnerabilities
> Affected:
> Ipswitch Collaboration Suite version 2.0.1
> Ipswitch IMAIL version 8.20
>
> Description: Ipswitch IMail, a Windows-based mail server used by many
> small and medium ISPs, contains format string vulnerabilities in
> multiple SMTP commands: EXPN, MAIL, MAIL FROM and RCPT TO. An
> unauthenticated attacker can exploit these flaws to execute arbitrary
> code on the IMail server. Note that the IMail server is also a part of
> the Ipswitch Collaboration Suite used by many small and medium
> businesses.
>
> Status: Ipswitch has released version 8.22 for IMail and 2.0.2 for the
> Collaboration Suite.
>
> References:
> iDefense Advisory
>
lnerabilities&flashstatus=true
> Ipswitch Advisories
>
> nal/im822.asp
> Product Homepage
>
> SecurityFocus BID
>
>
> **************************************************************
> *********
>
> 05.49.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer CSS Import Cross-Domain
> Restriction Bypass
> Description: Microsoft Internet Explorer is prone to an issue that
> allows a violation of the cross-domain security model. The
> vulnerability arises as Internet Explorer does not properly parse CSS
> files and facilitates imports of files that are not valid CSS files.
> An attacker may exploit this issue to steal sensitive information,
> which may aid in other attacks. Microsoft Internet Explorer versions
> 6.0 SP2 and earlier are vulnerable.
> Ref:
> ______________________________________________________________________
>
>
> 05.49.13 CVE: CVE-2005-0490
> Platform: Unix
> Title: cURL / libcURL URL Parser Buffer Overflow
> Description: cURL is a utility for retrieving remote content from
> servers over a number of protocols. libcURL provides this
> functionality to applications, as a shared library. cURL and libcURL
> are prone to a buffer overflow vulnerability. The issues occur when
> the URL parser function handles an excessively long URL string and is
> caused by two separate errors. An attacker can exploit these issues to
> crash the affected library, effectively denying service.
> Ref:
> ______________________________________________________________________
> 05.49.32 CVE: CVE-2005-2970
> Platform: Cross Platform
> Title: Apache MPM Worker.C Denial of Service
> Description: Apache web-server is prone to a memory leak due to a flaw
> in the "worker.c" file, causing a denial of service vulnerability.
> Apache versions earlier than 2.0.55 are vulnerable.
> Ref:
> ______________________________________________________________________
>
