LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-10-2004, 03:56 PM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
LQ security report - Mar 10th 2004


Mar 08th 2004
22 of 56 issues handled (ISS)
Invision Power Board search.php SQL injection
FreeBSD jail_attach allows elevated privileges
Anubis IDENT buffer overflow
Anubis format string error
xboing buffer overflow
phpBB viewtopic.php script allows cross-site
free-BB couleur or img HTML tags allow cross-site
Red Faction buffer overflow
YaBB SE multiple modules allow SQL injection
iG Shop page.php cross-site scripting
iG Shop SQL injection
XBoard -icshost buffer overflow
Hot Open Tickets allows attacker to obtain elevated
Squid url_regex ACL bypass
FreeBSD memory buffers (mbufs) denial of service
SandSurfer cross-site scripting
GWeb HTTP Server directory traversal
Adobe Acrobat Reader XFDF buffer overflow
qmail RELAYCLIENT buffer overflow
Coreutils dir -W integer overflow
ProFTPD off-by-one _xlate_ascii_write function
Invision Power Board invalid character could

Mar 8th 2004
29 of 48 issues handled (SF)
2. Calife Password Heap Overrun Vulnerability
3. Sun Solaris Unspecified Passwd Local Root Compromise Vulnera...
5. Sun Solaris conv_fix Unspecified File Overwrite Vulnerabilit...
7. FreeBSD Unauthorized Jailed Process Attaching Vulnerability
9. xboing Local Buffer Overflow Vulnerabilities
10. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
11. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi...
13. Invision Power Board Multiple Cross-Site Scripting Vulnerabi...
15. IGeneric Free Shopping Cart SQL Injection Vulnerability
16. GNU Anubis Multiple Remote Buffer Overflow and Format String...
17. IGeneric Free Shopping Cart Cross-Site Scripting Vulnerabili...
18. YABB SE Multiple Input Validation Vulnerabilities
19. Volition Red Faction Game Client Remote Buffer Overflow Vuln...
20. Calife Local Memory Corruption Vulnerability
22. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi...
26. ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
27. ignitionServer Global IRC Operator Privilege Escalation Vuln...
29. Volition Freespace 2 Game Client Remote Buffer Overflow Vuln...
33. Hot Open Tickets Unspecified Privilege Escalation Vulnerabil...
35. FreeBSD Out Of Sequence Packets Remote Denial Of Service Vul...
36. Coreutils DIR Width Argument Integer Overflow Vulnerability
37. 1st Class Internet Solutions 1st Class Mail Server Remote Bu...
39. QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflo...
40. SpiderSales Shopping Cart Multiple Vulnerabilities
42. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera...
43. Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulne...
45. Multiple Vendor HTTP Response Splitting Vulnerability
46. SmarterTools SmarterMail Multiple Vulnerabilities
48. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori...
 
Old 03-10-2004, 04:02 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415

Original Poster
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Mar 8th 2004 (SF)

SecurityFocus


2. Calife Password Heap Overrun Vulnerability
BugTraq ID: 9756
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9756
Summary:
Calife is reportedly prone to a locally exploitable heap overrun
vulnerability. This issue is due to insufficient bounds checking of
password input. If this issue was successfully exploited to execute
arbitrary code, it could potentially allow an unprivileged local user to
gain root access.

It has been reported that this issue may actually be indicative of a more
serious problem in the glibc implementation of the getpass() function.
This has not been confirmed. This BID will be updated as more information
is provided.

3. Sun Solaris Unspecified Passwd Local Root Compromise Vulnera...
BugTraq ID: 9757
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9757
Summary:
Sun has reported an unspecified vulnerability in the passwd utility on
Solaris that may permit local attackers to gain unauthorized root
privileges.

5. Sun Solaris conv_fix Unspecified File Overwrite Vulnerabilit...
BugTraq ID: 9759
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9759
Summary:
It has been reported that Sun Solaris may be prone to a vulnerability due
to an unspecified erroneous condition resulting from the 'conv_fix'
command invoked by conv_lpd(1M) script. This issue will reportedly permit
a local attacker to overwrite or create any file on the system.
Successful exploitation of this issue may allow a local attacker to gain
elevated privileges leading to full compromise of a vulnerable system.
The attacker may also cause a denial of service condition on the system.

7. FreeBSD Unauthorized Jailed Process Attaching Vulnerability
BugTraq ID: 9762
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9762
Summary:
A vulnerability was reported in FreeBSD that may permit a jailed process
with superuser privileges to gain unauthorized access to other jails.
This is due to an access validation issue in the jail_attach(2) system
call.

9. xboing Local Buffer Overflow Vulnerabilities
BugTraq ID: 9764
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9764
Summary:
xboing is prone to multiple buffer overflows that could be exploited to
allow a local user to elevate their privileges.

10. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
BugTraq ID: 9765
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9765
Summary:
It has been reported that one of the scripts included with phpBB is prone
to a cross-site scripting vulnerability. According to the author of the
report, the script "viewtopic.php" returns the value of the HTML variable
"postorder" to the client as its output without encoding it or otherwise
removing potentially hostile content. This can be exploited by
constructing malicious links with the malicious "postorder" variable value
embedded as a GET request style HTML variable. If the target user visits
such a link, the malicious, externally created content supplied in the
link will be rendered (or executed, in the case of script code) as part of
the viewtopic.php document and within the context of the vulnerable
website (including the phpBB forum).

11. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi...
BugTraq ID: 9766
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9766
Summary:
It has been reported that an input validation error with the potential for
use in a SQL injection attack is present in the "search.php" script.
Consequently, malicious users may corrupt the resulting SQL queries (there
are at least two) by specially crafting a value for the "st" variable.
The impact of this vulnerability depends on the underlying database. It
may be possible to corrupt/read sensitive data, execute
commands/procedures on the database server or possibly exploit
vulnerabilities in the database itself through this condition.

13. Invision Power Board Multiple Cross-Site Scripting Vulnerabi...
BugTraq ID: 9768
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9768
Summary:
Invision Power Board is prone to multiple cross-site scripting
vulnerabilities.

These issues are due to insufficient sanitization of input supplied via
the 'c', 'f', , 'showuser', and 'username' URI parameters. This input
will be included in dynamically generated pages, making it possible for an
attacker to create a malicious link to a vulnerable site that includes
hostile HTML and script code. This code may be rendered in the browser of
a victim user who visits the malicious link, potentially allowing for
theft of cookie-based credentials or other attacks.

These issues are reported to affect Invision Power Board 1.3 Final.
Earlier versions may also be affected.

15. IGeneric Free Shopping Cart SQL Injection Vulnerability
BugTraq ID: 9771
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9771
Summary:
It has been reported that iGeneric Free Shopping Cart is prone to an SQL
injection vulnerability. This issue is due to a failure of the
application to properly sanitize user supplied URI parameters

As a result of this issue a malicious user may influence database queries
in order to view or modify sensitive information, potentially compromising
the software or the database. It has been conjectured that an attacker may
be able to disclose user password hashes by exploiting this issue. This
issue may also be leveraged to exploit latent vulnerabilities within the
database itself.

16. GNU Anubis Multiple Remote Buffer Overflow and Format String...
BugTraq ID: 9772
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9772
Summary:
GNU Anubis has been reported prone to multiple buffer overflow and format
string vulnerabilities. It has been conjectured that a remote attacker
may potentially exploit these vulnerabilities to have arbitrary code
executed in the context of the Anubis software. The buffer overflow
vulnerabilities exist in the 'auth_ident' function in 'auth.c'. The
format string vulnerabilities are reported to affect the 'info' function
in 'log.c', the 'anubis_error' function in 'errs.c' and the 'ssl_error'
function in 'ssl.c'.

These vulnerabilities have been reported to exist in GNU Anubis versions
3.6.0, 3.6.1, 3.6.2, 3.9.92, and 3.9.93. It is possible that other
versions are affected as well.

These issues are undergiong further analysis, they will be divided into
separate BIDs as analysis is completed.

17. IGeneric Free Shopping Cart Cross-Site Scripting Vulnerabili...
BugTraq ID: 9773
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9773
Summary:
It has been reported that iGeneric Free Shopping Cart is prone to a
cross-site vulnerability. This issue is due to a failure of the
application to properly sanitize user supplied URI parameters

Exploitation could allow for theft of cookie-based authentication
credentials. Other attacks are also possible.

18. YABB SE Multiple Input Validation Vulnerabilities
BugTraq ID: 9774
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9774
Summary:
It has been reported that YaBB SE may be prone to multiple vulnerabilities
due to improper input validation. The issues may allow an attacker to
carry out SQL injection and directory traversal attacks. Successful
exploitation of these issues may allow an attacker to gain access to
sensitive information that may be used to mount further attacks against a
vulnerable system. The SQL injection vulnerabilities can be exploited to
gain access to user authentication credentials and corrupt user
information in the underlying database.

YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by
these issues, however it is possible that other versions are vulnerable as
well.

19. Volition Red Faction Game Client Remote Buffer Overflow Vuln...
BugTraq ID: 9775
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9775
Summary:
It has been reported that Red Faction game client may be prone to a remote
buffer overflow vulnerability that could allow remote attackers to execute
arbitrary code in a vulnerable system in order to gain unauthorized
access. It has been reported that this vulnerability can be reproduced by
sending a server name of 260 characters or more to a vulnerable client.
When the client reads in the string, sensitive regions of memory may be
corrupted with attacker-supplied values.

Red Faction versions 1.20 and prior are reported to be affected by this
issue.

20. Calife Local Memory Corruption Vulnerability
BugTraq ID: 9776
Remote: No
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9776
Summary:
Calife has been reported prone to a local memory corruption vulnerability.
The issue is likely due to a lack of sufficient sanity checks performed on
certain sequences of data that is read from the file "/etc/calife.auth".

Due to the nature of this vulnerability, it has been conjectured that a
local user who has write access to the "/etc/calife.auth" configuration
file may potentially leverage this issue to have arbitrary instructions
executed in the context of the root user.

22. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi...
BugTraq ID: 9778
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9778
Summary:
It has been reported that Squid Proxy may be prone to an unauthorized
access vulnerability that may allow remote users to bypass access controls
resulting in unauthorized access to attacker-specified resources. The
vulnerability presents itself when a URI that is designed to access a
specific location with a supplied username, contains '%00' characters.
This sequence may be placed as part of the username value prior to the @
symbol in the malicious URI.

Squid Proxy versions 2.0 to 2.5 STABLE4 are reported to be prone to this
vulnerability.

26. ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
BugTraq ID: 9782
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9782
Summary:
A remotely exploitable buffer overrun was reported in ProFTPD. This issue
is due to insufficient bounds checking of user-supplied data in the
_xlate_ascii_write() function, permitting an attacker to overwrite two
bytes memory adjacent to the affected buffer. This may potentially be
exploited to execute arbitrary code in the context of the server. This
issue may be triggered when submitting a RETR command to the server.

27. ignitionServer Global IRC Operator Privilege Escalation Vuln...
BugTraq ID: 9783
Remote: Yes
Date Published: Feb 29 2004
Relevant URL: http://www.securityfocus.com/bid/9783
Summary:
ignitionServer is prone to a vulnerability that may permit a local IRC
operator to escalate their privileges to that of a global IRC operator
through the use of an undocumented command.

29. Volition Freespace 2 Game Client Remote Buffer Overflow Vuln...
BugTraq ID: 9785
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9785
Summary:
It has been reported that Freespace 2 game client may be prone to a remote
buffer overflow vulnerability that could allow remote attackers to execute
arbitrary code in a vulnerable system in order to gain unauthorized
access. It has been reported that this vulnerability can be reproduced by
sending a server name of 180 characters or more to a vulnerable client.
When the client reads in the string, sensitive regions of memory may be
corrupted with attacker-supplied values.

Freespace 2 versions 1.20 and prior are reported to be affected by this
issue.

33. Hot Open Tickets Unspecified Privilege Escalation Vulnerabil...
BugTraq ID: 9790
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9790
Summary:
Hot Open Tickets is prone to an unspecified privilege escalation
vulnerability. This issue may allow a registered user to leverage a
vulnerability to escalate their privilege to administrator levels.

35. FreeBSD Out Of Sequence Packets Remote Denial Of Service Vul...
BugTraq ID: 9792
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9792
Summary:
A problem in the handling of out-of-sequence packets has been identified
in FreeBSD. Because of this, it may be possible for remote attackers to
deny service to legitimate users of vulnerable systems.

36. Coreutils DIR Width Argument Integer Overflow Vulnerability
BugTraq ID: 9793
Remote: Unknown
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9793
Summary:
Coreutils 'dir' has been reported prone to an integer overflow
vulnerability. The issue reportedly presents itself when handling large
integer value '-w' (width) command line arguments passed to the vulnerable
application.

Due to the nature of this issue it may possibly be leveraged to deny
service to applications that use the 'dir' utility. It has been
conjectured that when invoked by an application with a malicious integer
value passed via the '-w' argument, the affected application may hang
while waiting for the utility to return output.

37. 1st Class Internet Solutions 1st Class Mail Server Remote Bu...
BugTraq ID: 9794
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9794
Summary:
1st Class Mail Server has been reported prone to a remote buffer overflow
vulnerability. The issue exists due to a lack of sufficient boundary
checks performed on user-supplied data.

A remote attacker may pass excessive data as an argument for an APOP
command passed to the affected server. The attacker may exploit this issue
to corrupt a saved instruction pointer and in doing so may potentially
influence execution flow of the affected service into attacker-supplied
instructions.

39. QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflo...
BugTraq ID: 9797
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9797
Summary:
An integer overflow vulnerability has been reported in qmail-qmtpd. This
issue exists in code that processes values supplied to qmail-qmtpd in
RELAYCLIENT data. Though unconfirmed, this issue may be exploitable to
execute arbitrary code with elevated privileges.

It should be noted that this issue does not exist in the default
configuration and is only exposed if mail relaying is enabled by setting
the RELAYCLIENT environment variable.

40. SpiderSales Shopping Cart Multiple Vulnerabilities
BugTraq ID: 9799
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9799
Summary:
Multiple vulnerabilities have been identified in the application that may
allow an attacker to obtain the private cryptographic key and gain access
to sensitive information. The application is also reported prone to an
SQL injection vulnerability that may allow an attacker to gain
administrative level access to the underlying database.

The issues exist due to improper implementation of the RSA cryptosystem by
SpiderSales and failure to sanitize user-supplied input via the 'userId'
URI parameter employed by various scripts.

SpiderSales version 2.0 is assumed to be vulnerable to these issues,
however, other versions could be affected as well.

42. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera...
BugTraq ID: 9801
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9801
Summary:
It has been reported that a number of undisclosed SandSurfer scripts are
prone to cross-site scripting vulnerabilities.

This could permit a remote attacker to create a malicious link to the
vulnerable application that includes hostile HTML and script code. If this
link were followed, the hostile code may be rendered in the web browser of
the victim user.

43. Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulne...
BugTraq ID: 9802
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9802
Summary:
Acrobat Reader has been reported to be prone to a buffer overflow
vulnerability. According to the report, the overflow occurs when a user
views a malicious XFDF document.

Due to the nature of this vulnerability an attacker may potentially
leverage the issue to corrupt values that crucial to controlling program
execution flow, if this is the case it is conjectured that this issue may
be exploitable to execute arbitrary instructions in the context of the
affected software.

45. Multiple Vendor HTTP Response Splitting Vulnerability
BugTraq ID: 9804
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9804
Summary:
A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning
Attacks, and Related Topics) was released to describe various attacks that
target web users through web application, browser, web/application server
and proxy implementations. These attacks are described under the general
category of HTTP Response Splitting and involve abusing various input
validation flaws in these implementations to split HTTP responses into
multiple parts in such a way that response data may be misrepresented to
client users.

Exploitation would occur by injecting variations of CR/LF sequences into
parts of HTTP response headers that the attacker may control or influence.
The general consequences of exploitation are that an attacker may
misrepresent web content to the client, potentially enticing the user to
trust the content and take actions based on this false trust.

While the various implementations listed in the paper contribute to these
attacks, this issue will most likely be exposed through web applications
that do not properly account for CR/LF sequences when accepting
user-supplied input that may be returned in server responses.

This vulnerability could also aid in exploitation of cross-site scripting
vulnerabilities.

46. SmarterTools SmarterMail Multiple Vulnerabilities
BugTraq ID: 9805
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9805
Summary:
Multiple vulnerabilities have been identified in the software that may
allow an attacker to carry out directory traversal, cross-site scripting,
and denial of service attacks.

SmarterMail version 3.1 has been reported to be prone to these issues,
however, it is possible that other versions are affected as well.

48. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori...
BugTraq ID: 9807
Remote: No
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9807
Summary:
It has been reported that DAWKCo POP3 Server Hosting Version with WebMAIL
Extension does not properly handle timed out sessions. Because of this, it
may be possible for a user regain access to a previous session.

This could potentially expose sessions, especially in situations where
other vulnerabilities facilitate session hijacking.
 
Old 03-10-2004, 04:04 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415

Original Poster
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Mar 08th 2004 (ISS)

Internet Security Systems



Date Reported: 02/28/2004
Brief Description: Invision Power Board search.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Invision Power Board Any version, Linux Any
version, Unix Any version, Windows Any version
Vulnerability: invision-search-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15343

Date Reported: 02/27/2004
Brief Description: FreeBSD jail_attach allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: FreeBSD 5.1-RELEASE, FreeBSD 5.2-RELEASE
Vulnerability: freebsd-jailattach-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/15344

Date Reported: 03/01/2004
Brief Description: Anubis IDENT buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Anubis 3.6.2, Anubis 3.9.93, Linux Any version
Vulnerability: anubis-ident-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15345

Date Reported: 03/01/2004
Brief Description: Anubis format string error
Risk Factor: High
Attack Type: Network Based
Platforms: Anubis 3.6.2, Anubis 3.9.93, Linux Any version
Vulnerability: anubis-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/15346

Date Reported: 02/27/2004
Brief Description: xboing buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Debian Linux 3.0, xboing Any version
Vulnerability: xboing-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15347

Date Reported: 02/29/2004
Brief Description: phpBB viewtopic.php script allows cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, phpBB 2.0.6c, Unix Any version,
Windows Any version
Vulnerability: phpbb-viewtopicphp-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15348

Date Reported: 02/29/2004
Brief Description: free-BB couleur or img HTML tags allow cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, free-BB Any
version
Vulnerability: freebb-html-tags-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15352

Date Reported: 03/01/2004
Brief Description: Red Faction buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Mac OS Any version, Red Faction 1.2 and earlier,
Windows Any version
Vulnerability: redfaction-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15353

Date Reported: 03/01/2004
Brief Description: YaBB SE multiple modules allow SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Windows Any
version, YaBB SE 1.5.4, YaBB SE 1.5.5, YaBB SE
1.5.5b
Vulnerability: yabb-multiple-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15354

Date Reported: 02/28/2004
Brief Description: iG Shop page.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, iG Shop 1.4
Vulnerability: ig-shop-page-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15355

Date Reported: 02/28/2004
Brief Description: iG Shop SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, iG Shop 1.4
Vulnerability: ig-shop-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15356

Date Reported: 03/02/2004
Brief Description: XBoard -icshost buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Unix Any version, XBoard 4.2.7 and prior
Vulnerability: xboard-icshost-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15362

Date Reported: 03/02/2004
Brief Description: Hot Open Tickets allows attacker to obtain elevated
privileges
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Hot Open Tickets
prior 02272004_ver2c
Vulnerability: hot-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/15365

Date Reported: 03/01/2004
Brief Description: Squid url_regex ACL bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Squid Web Proxy Cache 2.x to 2.5.STABLE4, Unix Any
version
Vulnerability: squid-urlregex-acl-bypass
X-Force URL: http://xforce.iss.net/xforce/xfdb/15366

Date Reported: 03/01/2004
Brief Description: FreeBSD memory buffers (mbufs) denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: FreeBSD 4.0-Stable, FreeBSD 5.1
Vulnerability: freebsd-mbuf-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15369

Date Reported: 03/02/2004
Brief Description: SandSurfer cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SandSurfer prior to 1.7.1
Vulnerability: sandsurfer-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15377

Date Reported: 03/03/2004
Brief Description: GWeb HTTP Server directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, GWeb HTTP Server
0.6
Vulnerability: gweb-dotdot-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/15381

Date Reported: 03/03/2004
Brief Description: Adobe Acrobat Reader XFDF buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Acrobat Reader 5.1, Any operating system Any
version
Vulnerability: acrobatreader-xfdf-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15384

Date Reported: 03/03/2004
Brief Description: qmail RELAYCLIENT buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, qmail 1.03, Unix Any version
Vulnerability: qmail-relayclient-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15385

Date Reported: 03/02/2004
Brief Description: Coreutils dir -W integer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Coreutils prior to 5.2.0, Linux Any version
Vulnerability: coreutils-dir-w-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15386

Date Reported: 03/04/2004
Brief Description: ProFTPD off-by-one _xlate_ascii_write function
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, ProFTPD 1.2.x, Unix Any version
Vulnerability: proftpd-offbyone-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15387

Date Reported: 03/02/2004
Brief Description: Invision Power Board invalid character could
disclose path
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, Invision Power
Board 1.3 Final
Vulnerability: invision-invalid-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/15400
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ Security Report - April 10th 2005 Capt_Caveman Linux - Security 2 04-10-2005 08:00 PM
LQ Security Report May 28th 2004 Capt_Caveman Linux - Security 4 05-28-2004 01:26 PM
LQ security report - Mar 31th 2004 unSpawn Linux - Security 3 03-31-2004 03:48 PM
LQ security report - Mar 01st 2004 unSpawn Linux - Security 4 03-01-2004 05:08 PM
LQ weekly security rep - Mon Mar 10th 2003 unSpawn Linux - Security 5 03-14-2003 03:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration