>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: SAP Products Multiple Vulnerabilities
> Affected:
> SAP Message Server
> SAP DB
> SAP Internet Graphics Server
>
> Description: Multiple SAP products, including SAP Message Server, SAP
> DB, and SAP Internet Graphics server, contain multiple
> vulnerabilities.
> The SAP Message Server contains a buffer overflow vulnerability in its
> handling of HTTP URIs, and the SAP DB "wahttp.exe" server contains
> multiple buffer overflows. Successfully exploiting these buffer
> overflows would allow an attacker to execute arbitrary code with the
> privileges of the vulnerable process. Additionally, the SAP Internet
> Graphics Server contains a cross-site-scripting vulnerability.
> Successfully exploiting this vulnerability would allow an attacker to
> execute arbitrary JavaScript in another user's browser. Full technical
> details and proofs-of-concept are publicly available for these
> vulnerabilities.
>
> Status: SAP confirmed, updates available.
>
> Council Site Actions: Only one of the reporting council
> sites is using
> the affected software and they plan to patch during their
> next regularly
> scheduled system maintenance cycle.
>
> References:
> NGSSoftware Insight Security Research Advisories
>
>
>
> Proof-of-Concept
>
> Vendor Home Page
>
> SecurityFocus BIDs
>
>
>
> **************************************************************
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
>
> Week 28, 2007
>
>
>
> 07.28.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft .Net Framework Null Byte Injection
> Description: Microsoft .NET Framework is exposed to a NULL byte
> injection issue because it fails to adequately sanitize user-supplied
> data. The application fails to filter out "%00" NULL byte characters
> from attacker-supplied URI requests. Microsoft .NET Framework versions
> 1.0, 1.1 and 2.0 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.28.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer Zone Denial of Service
> Description: Microsoft Internet Explorer is exposed to a denial of
> service issue because the application fails to handle exceptional
> conditions. The issue occurs when handling domain names with different
> parameter values than those specified in the Intranet Zone and
> Restricted Zones. The differing parameter values can be specified
> using malicious meta character data in a specially crafted HTML
> document. Internet Explorer versions 6 and 7 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.28.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: MDaemon Server DomainPOP Messages Denial of Service
> Description: MDaemon Server is a windows-based email server. The
> application is exposed to a remote denial of service issue because it
> fails to handle exceptional conditions. MDaemon Server versions prior
> to version 9.61 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.28.13 CVE: Not Available
> Platform: Linux
> Title: SquirrelMail G/PGP Encryption Plug-in Unspecified Remote
> Command Execution
> Description: The G/PGP encryption plug-in for SquirrelMail provides
> encryption, decryption, and digital signature within the SquirrelMail
> Web mail system. Squirrelmail version 1.4.10a and G/PGP Plugin version
> 2.0 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.28.14 CVE: CVE-2007-3508
> Platform: Linux
> Title: GNU GLibC LD.SO Mask Dynamic Loader Integer Overflow
> Description: GNU glibc is the C Library used by the Linux kernel and
> other operating platforms. The library is exposed to an integer
> overflow issue because it fails to properly ensure that integer math
> operations do not result in overflow. GNU glibc versions 2.5 and
> earlier are affected.
> Ref:
> ______________________________________________________________________
>
> 07.28.25 CVE: Not Available
> Platform: Cross Platform
> Title: Yahoo! Messenger 8.1 Unspecified Remote Buffer Overflow
> Description: Yahoo! Messenger is a freely available chat client
> distributed and maintained by Yahoo!. The application is exposed to an
> unspecified buffer overflow issue because it fails to perform
> sufficient bounds checking of user-supplied input before copying it to
> an insufficiently sized memory buffer. Yahoo! Messenger version 8.1 is
> affected.
> Ref:
> ______________________________________________________________________
>
> 07.28.32 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla FireFox OnKeyDown Event File Upload
> Description: Mozilla FireFox is exposed to an information disclosure
> issue due to a design error. All versions of FireFox are affected.
> Ref:
> ______________________________________________________________________
>
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner
>
