Internet Security Issue 910010
This Internet security issue reports numerous flaws including First4Internet XCP DRM software
used to playback Sony copy-protected music CDs, which can be exploited
by malicious, local users to hide certain actions on a vulnerable
system from the Administrator.
-- Apple released a security update for Mac OS X, which fixes some vulnerabilities. -- Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.Internet Security Vulnerabilities Summary
Serv-U FTP Server Potential Denial of Service Vulnerability CheckMark MultiLedger DUNZIP32.dll Buffer Overflow Vulnerability ASP Fast Forum "error" Cross-Site Scripting Vulnerability Snitz Forums 2000 "post.asp" Cross-Site Scripting Vulnerability Ringtail CaseBook Cross-Site Scripting and Username Enumeration Hyper Estraier Windows Unicode Filename Handling Vulnerability F-Secure Products Web Console Directory Traversal Vulnerability Sony CD First4Internet XCP DRM Software Security Issue UNIX/Linux: NetBSD Update Fixes Multiple Vulnerabilities Gentoo update for ethereal Gentoo update for mantis Debian update for lynx-ssl MailWatch for MailScanner Two Vulnerabilities Red Hat update for curl Red Hat update for openssl096b Red Hat update for wget Red Hat update for openssl Cisco Management Center for IPS Sensors Security Issue Avaya Multiple Ethereal Vulnerabilities Ubuntu update for libgda2-1 / libgda2-3 Fedora update for openssl096b OpenVPN Format String and Denial of Service Vulnerabilities Gentoo update for xli / xloadimage Debian update for gallery Red Hat update for kernel Gentoo update for tikiwiki Ubuntu update for sudo Ntop Red Hat Initialisation Script Insecure Temporary File Creation IBM "chcons" Command Buffer Overflow Vulnerability Mac OS X Update Fixes Multiple Vulnerabilities Ethereal IRC Protocol Dissector Denial of Service HP OpenVMS Unspecified Denial of Service Vulnerability Mandriva update for wget Linux Kernel Potential Buffer Overflow Vulnerabilities Gentoo update for pam Other: Cisco IOS System Timers Potential Arbitrary Code Execution Cisco Wireless LAN Controllers Encryption Bypass Vulnerability Cross Platform: Subdreamer Login SQL Injection Vulnerabilities phpBB "register_globals" Deregistration Bypass Vulnerabilities News2Net "category" SQL Injection Vulnerability Invision Gallery "st" SQL Injection Vulnerability MG2 Disclosure of Password Protected Images oaboard SQL Injection Vulnerabilities PHP Multiple Vulnerabilities Simple PHP Blog Cross-Site Scripting Vulnerabilities Sun Java System Communications Express Configuration File Disclosure Invision Gallery Image Script Insertion VulnerabilityContent on Internet Security Issues 910010
Serv-U FTP Server Potential Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS A vulnerability has been reported in Serv-U, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). -- CheckMark MultiLedger DUNZIP32.dll Buffer Overflow Vulnerability Critical: Less critical Where: From remote Impact: System access Juha-Matti Laurio has reported a vulnerability in CheckMark MultiLedger, which potentially can be exploited by malicious people to compromise a user's system. -- ASP Fast Forum "error" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting syst3m_f4ult has reported a vulnerability in ASP Fast Forum, which can be exploited by malicious people to conduct cross-site scripting attacks. -- Snitz Forums 2000 "post.asp" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting h4xorcrew has discovered a vulnerability in Snitz Forums 2000, which can be exploited by malicious people to conduct cross-site scripting attacks. -- Ringtail CaseBook Cross-Site Scripting and Username Enumeration Critical: Less critical Where: From remote Impact: Cross Site Scripting, Exposure of system information A weakness and a vulnerability has been reported in Ringtail CaseBook, which can be exploited by malicious people to gain knowledge of certain information and conduct cross-site scripting attacks. -- Hyper Estraier Windows Unicode Filename Handling Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information, DoS A vulnerability has been reported in Hyper Estraier, which can be exploited by malicious users to cause a DoS (Denial of Service) or to gain knowledge of certain sensitive information. -- F-Secure Products Web Console Directory Traversal Vulnerability Critical: Less critical Where: From local network Impact: Exposure of sensitive information A vulnerability has been reported in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper, which can be exploited by malicious people to gain knowledge of potentially sensitive information. -- Sony CD First4Internet XCP DRM Software Security Issue Critical: Less critical Where: Local system Impact: Security Bypass A security issue has been reported in First4Internet XCP DRM software used to playback Sony copy-protected music CDs, which can be exploited by malicious, local users to hide certain actions on a vulnerable system from the Administrator. UNIX/Linux:-- NetBSD Update Fixes Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Privilege escalation, DoS, System access Some vulnerabilities have been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges, or by malicious users to cause a DoS (Denial of Service) and compromise a vulnerable system, or by malicious people to bypass certain security restrictions and compromise a user's system. -- Gentoo update for ethereal Critical: Highly critical Where: From remote Impact: DoS, System access Gentoo has issued an update for ethereal. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. -- Gentoo update for mantis Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, System access Gentoo has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, and compromise a vulnerable system. -- Debian update for lynx-ssl Critical: Highly critical Where: From remote Impact: System access Debian has issued an update for lynx-ssl. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. -- MailWatch for MailScanner Two Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Manipulation of data Two vulnerabilities have been reported in MailWatch for MailScanner, where one has an unknown impact, and the other potentially can be exploited by malicious people to conduct SQL injection attacks. -- Red Hat update for curl Critical: Moderately critical Where: From remote Impact: System access Red Hat has issued an update for curl. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. -- Red Hat update for openssl096b Critical: Moderately critical Where: From remote Impact: DoS Red Hat has issued an update for openssl096b. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). -- Red Hat update for wget Critical: Moderately critical Where: From remote Impact: System access Red Hat has issued an update for wget. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. -- Red Hat update for openssl Critical: Moderately critical Where: From remote Impact: DoS Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). -- Cisco Management Center for IPS Sensors Security Issue Critical: Moderately critical Where: From remote Impact: Security Bypass A security issue has been reported in Cisco Management Center for IPS Sensors (IPS MC), which can be exploited by malicious people to bypass certain security restrictions. -- Avaya Multiple Ethereal Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Avaya has acknowledged some vulnerabilities in Ethereal included in some products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. -- Ubuntu update for libgda2-1 / libgda2-3 Critical: Moderately critical Where: From remote Impact: System access Ubuntu has issued updates for libgda2-1 and libgda2-3. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. -- Fedora update for openssl096b Critical: Moderately critical Where: From remote Impact: DoS Fedora has issued an update for openssl096b. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). -- OpenVPN Format String and Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Two vulnerabilities have been reported in OpenVPN, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. -- Gentoo update for xli / xloadimage Critical: Moderately critical Where: From remote Impact: System access Gentoo has issued updates for xli and xloadimage. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. -- Debian update for gallery Critical: Less critical Where: From remote Impact: Security Bypass Debian has issued an update for gallery. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions. -- Red Hat update for kernel Critical: Less critical Where: From remote Impact: DoS Red Hat has issued an update for kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), or by malicious people to disclose certain sensitive information and cause a DoS. -- Gentoo update for tikiwiki Critical: Less critical Where: From remote Impact: Cross Site Scripting Gentoo has issued an update for tikiwiki. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. -- Ubuntu update for sudo Critical: Less critical Where: Local system Impact: Privilege escalation Ubuntu has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. -- Ntop Red Hat Initialisation Script Insecure Temporary File Creation Critical: Less critical Where: Local system Impact: Privilege escalation nnposter has reported a vulnerability in Ntop, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. -- IBM "chcons" Command Buffer Overflow Vulnerability Critical: Less critical Where: Local system Impact: Unknown A vulnerability has been reported in AIX, which has an unknown impact. -- Mac OS X Update Fixes Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Security Bypass, Exposure of system information, Exposure of sensitive information Apple has issued an update for Mac OS X. This fixes some vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions or to gain knowledge of potentially sensitive information. -- Ethereal IRC Protocol Dissector Denial of Service Critical: Not critical Where: From remote Impact: DoS Daniel Gryniewicz has reported a vulnerability in Ethereal, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). -- HP OpenVMS Unspecified Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS A vulnerability has been reported in OpenVMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service). -- Mandriva update for wget Critical: Not critical Where: Local system Impact: Privilege escalation Mandriva has issued an update for wget. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. -- Linux Kernel Potential Buffer Overflow Vulnerabilities Critical: Not critical Where: Local system Impact: Unknown Two vulnerabilities have been reported in the Linux Kernel, with an unknown impact. -- Gentoo update for pam Critical: Not critical Where: Local system Impact: Security Bypass Gentoo has issued an update for pam. This fixes a security issue, which potentially can be exploited by malicious, local users to bypass certain security restrictions. Other:-- Cisco IOS System Timers Potential Arbitrary Code Execution Critical: Moderately critical Where: From remote Impact: Security Bypass A vulnerability has been reported in Cisco IOS, which potentially can be exploited by malicious people to bypass certain security restrictions. -- Cisco Wireless LAN Controllers Encryption Bypass Vulnerability Critical: Less critical Where: From local network Impact: Security Bypass A vulnerability has been reported in Cisco WLAN (Wireless LAN) Controllers, which can be exploited by malicious people to bypass certain security restrictions. Cross Platform:-- Subdreamer Login SQL Injection Vulnerabilities Critical: Highly critical Where: From remote Impact: Manipulation of data, System access, Security Bypass RST/GHC has reported some vulnerabilities in Subdreamer, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. -- phpBB "register_globals" Deregistration Bypass Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, System access Stefan Esser has reported some vulnerabilities in phpBB, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system. -- News2Net "category" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Mousehack has discovered a vulnerability in News2Net, which can be exploited by malicious people to conduct SQL injection attacks. -- Invision Gallery "st" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data almaster has reported a vulnerability in Invision Gallery, which can be exploited by malicious people to conduct SQL injection attacks. -- MG2 Disclosure of Password Protected Images Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Preben Nylokken has discovered a vulnerability in MG2, which can be exploited by malicious people to disclose potentially sensitive information. -- oaboard SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Abducter has discovered two vulnerabilities in oaboard, which can be exploited by malicious people to conduct SQL injection attacks. -- PHP Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, DoS, System access Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system. -- Simple PHP Blog Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Nenad Jovanovic has discovered some vulnerabilities in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site scripting attacks. -- Sun Java System Communications Express Configuration File Disclosure Critical: Less critical Where: From remote Impact: Exposure of sensitive information A vulnerability has been reported in Sun Java Communications Express, which can be exploited by malicious users to gain knowledge of potentially sensitive information. -- Invision Gallery Image Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Tatercrispies has reported a vulnerability in Invision Gallery, which can be exploited by malicious people to conduct script insertion attacks.
