>
> *****************************
> Widely-Deployed Software
> *****************************
> *********************************************************************
>
> (3) MODERATE: OpenOffice.org and LibWPD Multiple Vulnerabilities
> Affected:
> OpenOffice.org versions 1.x and 2.x
>
> Description: OpenOffice.org, a popular open source office
> suite included
> with many Unix, Unix-like, and Linux systems, contains multiple
> vulnerabilities:
> (1) A specially-crafted Word Perfect document could trigger several
> integer overflows in the "LibWPD" library, used to parse Word Perfect
> files. Successfully exploiting these integer overflows could allow an
> attacker to execute arbitrary code with the privileges of the current
> user. Note that "LibWPD" is used internally by OpenOffice.org and by
> other open source word processors, such as AbiWord.
> (2) A specially crafted link in an OpenOffice.org document
> could execute
> arbitrary commands when the link in clicked by a user.
> (3) A specially crafted OpenOffice.org document could trigger a buffer
> overflow in the "Calc spreadsheet" portion of the application.
> Successfully exploiting this buffer overflow could allow the attacker
> to execute arbitrary code with the privileges of the current user.
> Note that since all of the affected code is open source, technical
> details are available via source code analysis. Depending on operating
> system and configuration, malicious files may be opened without
> prompting, after downloading.
>
> Status: OpenOffice.org confirmed, updates available.
>
> References:
> iDefense Security Advisory
> .
> php?id=490
> Red Hat Security Advisories
>
>
> OpenOffice.org Home Page
>
> SecurityFocus BIDs
>
>
>
> *********************************************************************
>
> (4) MODERATE: Asterisk Multiple Denial-of-Service Vulnerabilities
> Affected:
> Asterisk versions prior to 1.4.2 and 1.2.17
>
> Description: Asterisk, a popular open source Voice-over-IP
> (VoIP) system
> contains multiple denial-of-service vulnerabilities. A
> specially-crafted
> Session Initiation Protocol (SIP) request could trigger these
> vulnerabilities. Note that this could deny legitimate users access to
> the phone system. The technical details required to trigger
> the DoS have
> been publicly posted.
>
> Status: Asterisk confirmed, updates available.
>
> References:
> Digium Tracker Reference
>
> Asterisk Release Announcements
>
>
> Asterisk Home Page
>
> SecurityFocus BIDs
>
>
>
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 13, 2007
>
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5406 unique vulnerabilities. For
> this special
> SANS community listing, Qualys also includes vulnerabilities
> that cannot
> be scanned remotely.
>
> 07.13.1 CVE: Not Available
> Platform: Windows
> Title: Windows Vista Windows Mail Client Side File Execution
> Description: Windows Vista Windows Mail is exposed to a client side
> file execution issue because of a design error. Windows Mail on all
> versions of Windows Vista are affected. Please refer to the advisory
> for further details.
> Ref:
> ______________________________________________________________________
>
> 07.13.2 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Opera FTP PASV Port Scanning
> Description: Opera is prone to an issue that may allow attackers to
> reveal potentially sensitive information. This issue occurs because
> malicious FTP servers can cause the affected application to connect to
> arbitrary hosts when the browser is set to "PASV" mode. Opera Web
> Browser 9.10 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.10 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: F-Secure Anti-Virus Client Security Local Format
> String Vulnerability
> Description: F-Secure Anti-Virus Client Security is a commercially
> available application. It contains anti-virus and intrusion-detection
> features. The Secure BackWeb client application is exposed to a format
> string issue because it fails to properly sanitize user-supplied input
> before using it in the format specifier argument to a formatted
> printing function. F-Secure Anti-Virus Client Security 6.02 and 6.03
> are affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.17 CVE: Not Available
> Platform: Cross Platform
> Title: PHP S Data Type Serialization Format Heap Information Leak
> Description: PHP contains a new S: data type that has been added to
> "unserialize()" as a compatibility layer for the future PHP 6 release.
> The application is exposed to a heap information leak because of a
> missing boundary check in the unserialization of escaped strings. PHP5
> version 5.2.1 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.18 CVE: Not Available
> Platform: Cross Platform
> Title: Asterisk SIP Channel Driver Reponse Code Zero Remote Denial of
> Service
> Description: Asterisk is a private branch exchange (PBX) application
> available for Linux, BSD, and Mac OS X platforms. The application is
> exposed to a remote denial of service issue because it fails to
> properly handle certain SIP packets. Asterisk versions prior to 1.2.17
> and 1.4.2 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.21 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla FireFox FTP PASV Port Scanning
> Description: Mozilla Firefox is exposeed to a vulnerability that
> allows users to connect to unauthorized hosts. This issue occurs
> because malicious FTP servers can cause an affected application to
> connect to arbitrary hosts. Mozilla Firefox versions prior to 1.5.0.11
> and 2.0.0.3 are affected.
> Ref:
>
> ______________________________________________________________________
>
> 07.13.22 CVE: Not Available
> Platform: Cross Platform
> Title: Squid Proxy TRACE Request Remote Denial of Service
> Description: Squid is an open source proxy server available for a
> number of platforms. The application is exposed to a remote denial of
> service issue because it fails to handle certain FTP requests. Squid
> version 2.6 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.25 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Hash_Update_File Freed Resource Access Code Execution
> Description: The PHP "hash_update_file()" function is used to stream
> data from an arbitrary file as active hash data. The application is
> exposed to a locally exploitable arbitrary code execution issue due to
> a design error. PHP 5 versions 5.0 through 5.2.1 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.26 CVE: CVE-2007-0238
> Platform: Cross Platform
> Title: OpenOffice StarCalc Parser Unspecified Buffer Overflow
> Description: OpenOffice is expossed to a remote stack-based buffer
> overflow issue because the application fails to bounds check
> user-supplied data before copying it into an insufficiently sized
> buffer. This issue occurs in the StarCalc parser when parsing
> specially crafted documents. Please refer to the advisory for further
> details.
> Ref:
> ______________________________________________________________________
>
> 07.13.27 CVE: Not Available
> Platform: Cross Platform
> Title: Real Networks Helix Server DESCRIBE Request Remote Heap
> Overflow
> Description: Real Networks Helix Server is a multi format server. The
> application is exposed to a heap overflow issue because it fails to
> perform sufficient boundary checks on user-supplied data before
> copying it to an insufficiently sized memory buffer.
> Real Networks Helix Server version 11.1.2 is affected.
> Ref:
>
> ary/003783.html
> ______________________________________________________________________
>
> 07.13.28 CVE: CVE-2007-0239
> Platform: Cross Platform
> Title: OpenOffice Meta Character Remote Shell Command Execution
> Description: OpenOffice is a suite of open source software. The
> application is exposed to an issue which allows the execution
> of arbitrary
> shell commands because the application fails to adequately escape
> shell command meta characters. Please refer to the advisory for
> further details.
> Ref:
> ______________________________________________________________________
>
> 07.13.29 CVE: Not Available
> Platform: Cross Platform
> Title: PHP GD Extension Freed Resource Access Code Execution
> Description: PHP GD extension is a library that facilitates the
> creation of dynamic images. It supports various formats such as GIF,
> JPEG and PNG. The application is exposed to a local arbitrary code
> execution issue which results from a design error. PHP 4.x versions
> 4.4.6 and earlier as well as 5.x versions 5.2.1 and earlier are
> affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.31 CVE: Not Available
> Platform: Cross Platform
> Title: Asterisk SIP Invite Message Remote Denial of Service
> Description: Asterisk is a private branch exchange (PBX) application.
> Asterisk is exposed to a remote denial of service issue while handling
> a single, malformed "SIP INVITE" request containing two headers. When
> the first header is valid and the second header is not valid, the
> vulnerability is triggered. Asterisk versions 1.4.1, 1.2.16,
> 1.2.15 and
> 1.2.14 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.35 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Mb_Parse_Str Function Register_Globals Activation Weakness
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP is exposed to a weakness that allows attackers to enable the
> "register_globals" directive because the application fails to properly
> handle a memory limit exception. PHP versions 4 to 4.4.6 and 5 to
> 5.2.1 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.36 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Header Function Space Trimming Buffer Overflow
> Description: PHP is exposed to a buffer overflow issue because the
> application fails to perform boundary checks before copying
> user-supplied data to insufficiently sized memory buffers. PHP version
> 5.2.0 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.39 CVE: CVE-2007-0002
> Platform: Cross Platform
> Title: libwpd Library Multiple Buffer Overflow Vulnerabilities
> Description: The libwpd library, which is written in C++, is used for
> encoding and decoding Word Perfect documents. The library is commonly
> used in word processing software such as Open Office and Abiword. The
> library is exposed to multiple buffer overflow vulnerabilities because
> it fails to perform adequate bounds checks on user-supplied
> input. The
> libwpd library version 0.8.7 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.81 CVE: Not Available
> Platform: Network Device
> Title: Zyxel Router Zynos SMB Data Handling Denial of Service
> Description: ZynOS is an operating system for Zyxel Routers. Zyxel
> routers running the ZynOS operating system are exposed to a remote
> denial of service issue because the software fails to handle specially
> crafted SMB data sent using the SMB Mailslot protocol. Zyxel routers
> running ZynOS version 3.40 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.13.83 CVE: Not Available
> Platform: Network Device
> Title: Cisco 7940/7960 Phone SIP Invite Remote Denial of Service
> Description: Cisco 7940/7960 phones are VOIP enabled telephony
> products. Cisco 7940/7960 phones are prone to a remote denial of
> service issue while handling a single, malformed "SIP INVITE" message
> containing attacker-supplied data in the "sipURI" field of the Remote
> Party ID of the message. Cisco 7940/7960 phones running firmware
> P0S3-07-4-00 are affected.
> Ref:
> ______________________________________________________________________
>
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
>
> Subscriptions: @RISK is distributed free of charge to people
> responsible
> for managing and securing information systems and networks. You may
> forward this newsletter to others with such responsibility inside or
> outside your organization.
>
>
