Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - January 18, 2007

Novell Netmail IMAP APPEND Denial of Service Vulnerability

Bugtraq ID: 21729
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2006-6425

Remote: Yes
Local: No

Updated: Jan 18 2007 02:41AM
Credit: Discovery is credited to Dennis Rand of CIRT.DK.

Novell Netmail is prone to a remotely exploitable denial-of-service vulnerability. A malformed IMAP APPEND argument can trigger this issue.

A successful exploit could let an authenticated remote attacker crash the affected server.

http://www.securityfocus.com/bid/21729

Discussion is locked
You are posting a reply to: VULNERABILITIES - January 18, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - January 18, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Multiple Vendor AMD CPU Local FPU Information Disclosure Vul

In reply to: VULNERABILITIES - January 18, 2007

Multiple Vendor AMD CPU Local FPU Information Disclosure Vulnerability


Bugtraq ID: 17600
Class: Design Error
CVE: CVE-2006-1056

Remote: No
Local: Yes

Updated: Jan 18 2007 02:41AM
Credit: Jan Beulich is credited with the initial discovery of this issue.

This issue affects Linux and FreeBSD operating systems that use generations 7 and 8 AMD CPUs.

http://www.securityfocus.com/bid/17600

Collapse -
Linux Kernel Multiple Vulnerabilities

In reply to: VULNERABILITIES - January 18, 2007

Bugtraq ID: 21523
Class: Unknown
CVE: CVE-2006-5649
CVE-2006-5871

Remote: No
Local: Yes

Updated: Jan 18 2007 02:42AM
Credit: Reported by Fabio Massimo Di Nitto and Bill Allombert.

Kernel 2.6.8 and prior versions are reported affected.

http://www.securityfocus.com/bid/21523/info

Collapse -
Novell Netmail IMAP SUBSCRIBE Buffer Overflow Vulnerability

In reply to: VULNERABILITIES - January 18, 2007

Bugtraq ID: 21728
Class: Boundary Condition Error
CVE: CVE-2006-6761

Remote: Yes
Local: No

Updated: Jan 18 2007 02:42AM
Credit: Discovery is credited to Dennis Rand of CIRT.DK

A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program

http://www.securityfocus.com/bid/21728

Collapse -
Novell Netmail NMAP STOR Buffer Overflow Vulnerability

In reply to: VULNERABILITIES - January 18, 2007

Bugtraq ID: 21725
Class: Boundary Condition Error
CVE: CVE-2006-6424

Remote: Yes
Local: No

Updated: Jan 18 2007 02:42AM
Credit: Discovery is credited to Dennis Rand of CIRT.DK

http://www.securityfocus.com/bid/21725

Collapse -
Linux Kernel Multiple Local Vulnerabilities

In reply to: VULNERABILITIES - January 18, 2007

Bugtraq ID: 11956
Class: Unknown
CVE: CVE-2004-1335
CVE-2004-1333

Remote: No
Local: Yes

Updated: Jan 18 2007 02:40AM
Credit: Discovery of these vulnerabilities is credited to Georgi Guninski.

The Linux kernel is reported prone to multiple local vulnerabilities. The following individual issues are reported:

- An integer overflow is reported to exist in 'ip_options_get()' of the 'ip_options.c' kernel source file. This vulnerability is reported to exist only in the 2.6 kernel tree. Although unconfirmed, due to its nature this issue presumably may be further leveraged to execute arbitrary code with ring-0 privileges.

http://www.securityfocus.com/bid/11956/discuss

Collapse -
Microsoft Windows Vector Markup Language Buffer Overrun Vuln

In reply to: VULNERABILITIES - January 18, 2007

Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability

Bugtraq ID: 21930
Class: Boundary Condition Error
CVE: CVE-2007-0024

Remote: Yes
Local: No

Updated: Jan 18 2007 12:02AM
Credit: Jospeh Moti is credited with the discovery of this vulnerability.

http://www.securityfocus.com/bid/21930

Collapse -
HP-UX IPFilter Bug Lets Remote Users Deny Service

In reply to: VULNERABILITIES - January 18, 2007

SecurityTracker Alert ID: 1017527
SecurityTracker URL: http://securitytracker.com/id?1017527
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Jan 17 2007

Impact: Denial of service via network

Vendor Confirmed: Yes

Advisory: HP Security Bulletin

Version(s): HP-UX B.11.23 running IPFilter with PHNE_34474 installed.

Description: A vulnerability was reported in HP-UX. A remote user can cause denial of service conditions.

Solution: No solution was available at the time of this entry. HP is working on a patch.

HP has provided the following two workarounds [quoted]:

(1) removing PHNE_34474 on HP-UX B.11.23 systems where IPFilter is in use or
(2) disabling IPFilter.

The HP advisory is available at:

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00837319

Underlying OS: UNIX (HP/UX)

http://www.securitytracker.com/alerts/2007/Jan/1017527.html

Collapse -
Sun Java JRE GIF Image Processing Buffer Overflow Vulnerabil

In reply to: VULNERABILITIES - January 18, 2007

Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

Secunia Advisory: SA23757
Release Date: 2007-01-17
Last Update: 2007-01-18

Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Sun Java JDK 1.5.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x



CVE reference: CVE-2007-0243 (Secunia mirror)
CVE-2007-0234 (Secunia mirror)

Description:
A vulnerability has been reported in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error when processing GIF images and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF image with an image width of 0.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in the following versions:
* JDK and JRE 5.0 Update 9 and prior.
* SDK and JRE 1.4.2_12 and prior.
* SDK and JRE 1.3.1_18 and prior.

http://secunia.com/advisories/23757/

Collapse -
WebGUI User Name Script Insertion Vulnerability

In reply to: VULNERABILITIES - January 18, 2007

TITLE:
WebGUI User Name Script Insertion Vulnerability

SECUNIA ADVISORY ID:
SA23754

VERIFY ADVISORY:
http://secunia.com/advisories/23754/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
WebGUI 7.x
http://secunia.com/product/13252/

DESCRIPTION:
A vulnerability has been reported in WebGUI, which can be exploited
by malicious people to conduct script insertion attacks.

Input passed as the user name during registration is not properly
sanitised before being used. This can be exploited to insert
arbitrary HTML and script code, which is then executed in a user's
browser session in context of an affected site when the malicious
content is displayed.

The vulnerability is reported in versions prior to 7.3.5 (beta).

SOLUTION:
A patch is available for version 7.0 or later.
http://www.plainblack.com/uploads/LF/80/LF80YmRk89KeOTBEK1FrcA/xss-patch.txt

The vulnerability is fixed in 7.3.5 (beta).

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability

Collapse -
uniForum "wbsearch.aspx" SQL Injection Vulnerability

In reply to: VULNERABILITIES - January 18, 2007

TITLE:
uniForum "wbsearch.aspx" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA23827

VERIFY ADVISORY:
http://secunia.com/advisories/23827/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
uniForum 4.x
http://secunia.com/product/8960/

DESCRIPTION:
ajann has reported a vulnerability in uniForum, which can be
exploited by malicious people to conduct SQL injection attacks.

Input passed to the form field "by User" in wbsearch.aspx is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation reportedly allows changing administrator
passwords.

The vulnerability is reported in version 4. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
ajann

ORIGINAL ADVISORY:
http://www.milw0rm.com/exploits/3106

Collapse -
SISCO OSI Stack Denial of Service Vulnerability

In reply to: VULNERABILITIES - January 18, 2007

TITLE:
SISCO OSI Stack Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA23819

VERIFY ADVISORY:
http://secunia.com/advisories/23819/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
SISCO MMS-EASE 7.x
http://secunia.com/product/12072/
SISCO ICCP Toolkit for MMS-EASE 4.x
http://secunia.com/product/12073/
SISCO AX-S4 MMS 5.x
http://secunia.com/product/12071/
SISCO AX-S4 ICCP 3.x
http://secunia.com/product/12070/
SISCO AX-S4 ICCP 4.x
http://secunia.com/product/13281/

DESCRIPTION:
A vulnerability has been reported in various SISCO products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

The vulnerability is due to an unspecified error, which can be
exploited to terminate a process using the SISCO OSI stack by sending
malicious packets to the system.

SOLUTION:
Customers should contact the vendor directly for patches.

PROVIDED AND/OR DISCOVERED BY:
US-CERT credits Matthew D. Franz.

ORIGINAL ADVISORY:
http://www.kb.cert.org/vuls/id/468798

Collapse -
Fedora update for squirrelmail

In reply to: VULNERABILITIES - January 18, 2007

TITLE:
Fedora update for squirrelmail

SECUNIA ADVISORY ID:
SA23811

VERIFY ADVISORY:
http://secunia.com/advisories/23811/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting and script insertion attacks.

For more information:
SA23195

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2438
http://fedoranews.org/cms/node/2439

OTHER REFERENCES:
SA23195:
http://secunia.com/advisories/23195/

Collapse -
HP Jetdirect Unspecified Denial of Service Vulnerability

In reply to: VULNERABILITIES - January 18, 2007

TITLE:
HP Jetdirect Unspecified Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA23802

VERIFY ADVISORY:
http://secunia.com/advisories/23802/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
HP JetDirect 150 Series
http://secunia.com/product/1210/
HP JetDirect 170 Series
http://secunia.com/product/1211/
HP JetDirect 175 Series
http://secunia.com/product/1212/
HP JetDirect 300 Series
http://secunia.com/product/1213/
HP JetDirect 310 Series
http://secunia.com/product/1214/
HP JetDirect 500 Series
http://secunia.com/product/1215/
HP JetDirect 600n
http://secunia.com/product/1208/
HP JetDirect 610n
http://secunia.com/product/1209/
HP JetDirect 635n
http://secunia.com/product/6139/

DESCRIPTION:
A vulnerability has been reported in HP Jetdirect, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the
ftp service of Jetdirect. No further information is available.

The vulnerability is reported in HP Jetdirect running firmware
versions from x.20.nn up to and including x.24.nn. Versions x.25.nn
or greater are reportedly not affected.

SOLUTION:
Upgrade to the latest firmware version.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj07429

J4169A 610n:
Upgrade the firmware to version L.25.nn or greater.

J6057A 615n:
Upgrade the firmware to version R.25.nn or greater.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00838612

Collapse -
Fedora update for squid

In reply to: VULNERABILITIES - January 18, 2007

TITLE:
Fedora update for squid

SECUNIA ADVISORY ID:
SA23810

VERIFY ADVISORY:
http://secunia.com/advisories/23810/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA23767

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2442

OTHER REFERENCES:
SA23767:
http://secunia.com/advisories/23767/

Collapse -
Apple Mac OS X Service Location Protocol Daemon Local Buffer

In reply to: VULNERABILITIES - January 18, 2007

Apple Mac OS X Service Location Protocol Daemon Local Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-0239
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-01-18

A vulnerability has been identified in Apple Mac OS X, which could be exploited by attackers to cause a denial of service or potentially execute arbitrary commands. This issue is due to a buffer overflow error in the service location protocol daemon (slpd) when handling registration requests with an overly long "attr-list" field, which could be exploited by attackers to crash or potentially compromise a vulnerable system.

Affected Products

Apple Mac OS X version 10.4.8 and prior

Solution

Disable Personal File Sharing.

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0239
http://projects.info-pull.com/moab/MOAB-17-01-2007.html

Credits

Vulnerability reported by KF

Collapse -
Microsoft Help Workshop CNT Contents Files Buffer Overflow

In reply to: VULNERABILITIES - January 18, 2007

Microsoft Help Workshop is standard component of Microsoft Visual Studio 6.0 and 2003 (.NET) for building and managing help projects and could be also downloaded alone from the Microsoft download center.

There is a stack based memory corruption in Microsoft Help Workshop while processing .CNT Help Contents files.

Credit:
The information has been provided by porkythepig.

Vulnerable Systems:
* Microsoft Help Workshop v4.03.0002
* Microsoft Visual Studio 6.0 SP6
* Microsoft Visual Studio 2003 (.Net)

Read more: http://www.securiteam.com/windowsntfocus/5JP0C2AKAQ.html

Collapse -
SUSE update for IBMJava2

In reply to: VULNERABILITIES - January 18, 2007

TITLE:
SUSE update for IBMJava2

SECUNIA ADVISORY ID:
SA23803

VERIFY ADVISORY:
http://secunia.com/advisories/23803/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Privilege escalation, System access

WHERE:
From remote

OPERATING SYSTEM:
SUSE Linux Enterprise Server 9
http://secunia.com/product/4118/
SuSE Linux Enterprise Server 8
http://secunia.com/product/1171/
SuSE Linux Openexchange Server 4.x
http://secunia.com/product/2001/
SuSE Linux Standard Server 8
http://secunia.com/product/2526/
SUSE Linux Enterprise Server 10
http://secunia.com/product/12192/
UnitedLinux 1.0
http://secunia.com/product/2003/

DESCRIPTION:
SUSE has issued an update for IBMJava2. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and compromise a user's system.

For more information:
SA22204
SA23398
SA23445

SOLUTION:
Apply updated packages.

Updated packages are available using YaST Online Update or the SUSE
FTP site.

ORIGINAL ADVISORY:
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0010.html

OTHER REFERENCES:
SA22204:
http://secunia.com/advisories/22204/

SA23398:
http://secunia.com/advisories/23398/

SA23445:
http://secunia.com/advisories/23445/

Collapse -
myWebland myBloggie "PHP_SELF" Variable Handling Cross Site

In reply to: VULNERABILITIES - January 18, 2007

Advisory ID : FrSIRT/ADV-2007-0243
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-18
Technical Description

Two vulnerabilities have been identified in myWebland myBloggie, which could be exploited by attackers to execute arbitrary scripting code. These issues are due to input validation errors in the "index.php" and "login.php" scripts when handling the "PHP_SELF" variable, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected Products

myBloggie version 2.1.5 and prior

Solution

The issue affecting "index.php" has been fixed in myBloggie version 2.1.6 :
http://mywebland.com/download.php?id=19

References

http://www.frsirt.com/english/advisories/2007/0243

Credits

Vulnerabilities reported by CorryL

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.