> *****************************
> Widely-Deployed Software
> *****************************
>
> (1) HIGH: SAP-DB/MySQL MaxDB WebDBM Remote Buffer Overflow
> Affected:
> SAP-DB/MySQL MaxDB versions 7.6.00.33 and prior
>
> Description: SAP-DB/MaxDB is a popular open source enterprise database
> server. The WebDBM component, used to manage the database via a web
> interface, contains a remotely-exploitable buffer overflow. By sending
> a specially-crafted request to the WebDBM ("wahttp") process
> containing
> an overlong database name, an unauthenticated attacker could exploit
> this buffer overflow and execute arbitrary code with the privileges of
> the database server process. Note that attackers would need to have
> access to the WebDBM web interface to exploit this vulnerability.
>
> Status: SAP and MySQL confirmed, updates available. A workaround is to
> block the access to the TCP port used by WebDBM (typically 9999/tcp or
> 85/tcp).
>
> Council Site Actions: Only two council sites are investigating this
> issue. One site has sent the information to their SAP
> engineers and the
> other site is still in the process of investigating their risk level.
>
> References:
> Symantec Security Advisory
>
> MaxDB Home Page
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> (2) MODERATE: Microsoft Internet Explorer "DirectAnimation"
> Remote Integer Overflow
> Affected:
> Microsoft Windows 2000 SP4
> Microsoft Windows XP SP2
> Microsoft Windows 2003 SP1
> Other versions of Windows may also be vulnerable.
>
> Description: Microsoft Internet Explorer contains a remotely
> exploitable
> integer overflow when interacting with the
> "DirectAnimation.PathControl"
> ActiveX component. By passing a specially-crafted argument to the
> "Spline" method of this ActiveX control, an attacker could
> trigger this
> integer overflow and create a denial-of-service condition. It is
> believed that remote code execution may be possible, but this has not
> been confirmed. Note that technical details for this
> vulnerability have
> been publicly posted, and that re-usable exploit code to leverage this
> flaw is publicly available. Flaws similar to this one have been widely
> exploited in the past.
>
> Status: Microsoft has not confirmed, no updates available. Note that
> users may be able to mitigate the impact of this vulnerability by
> disabling this component via Microsoft's "kill bit" mechanism
> for CLSID
> "D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}".
>
> Council Site Actions: All of the reporting council sites are
> waiting for
> additional information and a patch from the vendor. One site
> is in the
> process of checking whether their configuration has the kill bit set.
>
> References:
> XSec Security Advisory
>
> Microsoft Knowledge Base Article (outlines the "kill bit" mechanism)
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> (3) LOW: Lyris ListManager Privilege Escalation
> Affected:
> Lyris ListManager version 8.95 and prior
>
> Description: Lyris ListManager, a popular application for
> managing email
> lists and discussion groups, contains remotely-exploitable
> privilege-escalation vulnerability. By sending a specially-crafted
> request to the management interface, an attacker with administrative
> privileges for one mailing list may add arbitrary users as
> administrators to other mailing lists. Note that technical details and
> a simple proof-of-concept for this vulnerability have been publicly
> posted.
>
> Status: Lyris has not confirmed, no updates available. Web hosting
> providers that offer this software and have multiple domains hosted on
> a single machine should upgrade immediately.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the council sites. They reported that no action was necessary.
>
> References:
> Posting by Design Properly
>
> Lyris Home Page
>
> SecurityFocus BID
>
>
> ****************************************************************
> ****************************************************************
>
> (6) LOW: Fuji Xerox Printing Systems Multiple Vulnerabilities
> Affected:
> Fuji Xerox Printing Systems print engine embedded in multiple printers
>
> Description: The Fuji Xerox Printing Systems print engine contains
> multiple remotely-exploitable vulnerabilities. The first vulnerability
> is due to the engine's failure to properly validate FTP PORT commands.
> Attackers who could access the engine's FTP printing interface could
> cause the engine to make arbitrary connections to other systems,
> allowing the attacker to mask the true source of attacks. The second
> vulnerability is due to the engine's failure to validate
> permissions on
> the web administration interface. Attackers with access to this
> interface could reset the engine's administrative password.
>
> Status: FXPS confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the council sites. They reported that no action was necessary.
>
> References:
> Indiana University Security Advisory
>
> Fuji Xerox Printing Systems Home Page
>
> SecurityFocus BID
>
>
>
> ******************************************************************
>
> 06.35.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer COM Object Instantiation Daxctle.OCX Heap
> Buffer Overflow
> Description: Microsoft Internet Explorer is vulnerable to a heap
> buffer overflow issue due to the way it tries to instantiate certain
> COM objects ActiveX controls. In particular when the first parameter
> of the "DirectAnimation.PathControl" COM object is set to 0xffffffff,
> an invalid memory write occurs. See the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 06.35.3 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: VMWare ActiveX Control Buffer Overflow
> Description: An ActiveX control distributed with VMWare is prone to a
> buffer overflow vulnerability. An attacker can trigger this issue by
> supplying large amounts of data to the "Initialize" method of the
> class with the "F76E4799-379B-4362-BCC4-68B753D10744" class ID. VMWare
> version 5.5.1 is vulnerable to this issue.
> Ref:
> ______________________________________________________________________
>
> 06.35.12 CVE: Not Available
> Platform: Cross Platform
> Title: Sendmail Long Header Denial of Service
> Description: Sendmail is vulnerable to a denial of service issue when
> the application tries to handle excessively long header lines.
> Sendmail versions 8.13.7 and earlier are vulnerable.
> Ref:
> ______________________________________________________________________
>
> ______________________________________________________________________
>
> 06.35.17 CVE: Not Available
> Platform: Cross Platform
> Title: Multiple X.Org Products SetUID Local Privilege Escalation
> Vulnerability
> Description: Multiple X.org products are prone to a local privilege
> escalation vulnerability. This issue occurs when the system calls the
> "setuid()" function. The application presumes that setuid does not
> fail but a setuid call can fail if the ulimit for the user is reached.
> This can result in the application staying with uid 0 privileges.
> Ref:
> ______________________________________________________________________
>
> 06.35.21 CVE: Not Available
> Platform: Cross Platform
> Title: Lyris ListManager Unauthorized Administrative User Addition
> Description: Lyris ListManager is a mailing list manager application.
> It is vulnerable to an user addition issue due to a hidden "add
> administrator" form field that can be maliciously edited. Lyris
> ListManager version 8.95 is vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.35.22 CVE: CVE-2006-4389
> Platform: Cross Platform
> Title: MySQL Multiupdate and Subselects Denial of Service
> Description: MySQL is prone to multiple local denial of service
> vulnerabilities that occur when a query with multiupdate or subselects
> are issued. Versions prior to 4.1.13 are reported to be vulnerable.
> Ref:
> ______________________________________________________________________
