Monthly Report Apr, 2007
advertisement
Monthly Report Apr, 2007 Generated by Secunia 1 May, 2007 20 pages Monthly Report - Apr, 2007 Table of Contents Introduction A Note from Secunia 2 Advisory Statistics All Advisories Advisories by Criticality Advisories by Attack Vector Advisories by Impact Advisories by Solution Status 3 4 5 6 7 Advisory Listing All Advisories for Apr, 2007 8 About Advisories Criticality Attack Vector Impact 17 18 19 Generated by Secunia 1 May 2007 Page 1 of 20 Monthly Report - Apr, 2007 A Note from Secunia Every month hundreds of vulnerabilities are discovered in various applications, ranging from browser plug-ins to critical business software, small web applications to application servers, archiving utilities to large relational database applications. At times even commonly used firewalls and anti-virus solutions from the largest security software vendors are affected by severe vulnerabilities. Although most of the larger software vendors have initiated projects and plans for designing more secure software, we continue to see a large number of vulnerabilities in software that businesses rely on. Fortunately, most of these vulnerabilities are found by the "good" guys who disclose this information to the software vendors, who in turn produce patches to eliminate the vulnerability. However, each vendor has got their own "disclosure" policy, which effectively means that most don't ensure that their customers are informed about the security related update and therefore may run with unpatched systems for an extended period of time. This gives the "bad" guys a long time to exploit vulnerabilities which could have been patched long ago. Secunia provides efficient solutions to track and eliminate all these vulnerabilities across different vendors and different disclosure policies (or lack thereof). These solutions make sure that even large companies can quickly map all of their software and stay secure with comprehensive and timely advisories. This monthly report provides an opportunity to give you, your co-workers, and management an insight into the tremendous job of keeping track of all the vulnerabilities found each and every day, with detailed statistics for the past month as well as annual figures. Stay Secure, Secunia Generated by Secunia 1 May 2007 Page 2 of 20 Monthly Report - Apr, 2007 Vulnerability Reports/Advisories The following table and graphs show information about all advisories published by Secunia through April 2007. The first column below shows the total number of advisories published in April 2007. The second column shows the total number of advisories published between the 1st of January 2007 and the end of April of the same year. Finally, the last column shows all advisories published between the start of 2003 through April 2007. Vulnerabilities Generated by Secunia Apr, 2007 2007 (Jan-Apr) 375 1,527 1 May 2007 2003-2007 17,244 Page 3 of 20 Monthly Report - Apr, 2007 Level of Criticality Having the ability to view statistics about advisories based on their criticality rating can give you a good idea just how much time you should plan to set aside for patching systems within your infrastructure. The data below is grouped to show you the advisories from April 2007, from all of 2005 (through April), and since January 1, 2003. Apr, 2007 Extremely critical Highly critical Moderately critical Less critical Not critical Generated by Secunia 1 104 133 129 8 2007 (Jan-Apr) 6 406 542 513 60 1 May 2007 2003-2007 120 3,548 6,689 5,864 1,023 Page 4 of 20 Monthly Report - Apr, 2007 Attack Vector The following table and graphs show information about all advisories published by Secunia through April 2007 grouped by Attack Vector. From remote From local network Local system Generated by Secunia Apr, 2007 2007 (Jan-Apr) 300 1,228 41 153 34 146 1 May 2007 2003-2007 13,251 1,578 2,413 Page 5 of 20 Monthly Report - Apr, 2007 Impact The following table and graphs show information about all advisories published by Secunia through April 2007 grouped by Impact. This information can be a valuable way to delegate resources when testing the security of your infrastructure, choosing to allocate more resources to those areas that tend to result in the most exploits. System access DoS Privilege escalation Exposure of sensitive information Exposure of system information Brute force Manipulation of data Spoofing Cross Site Scripting Security Bypass Hijacking Unknown Generated by Secunia Apr, 2007 2007 (Jan-Apr) 176 636 124 505 49 165 73 259 25 67 0 0 39 180 1 26 48 233 47 198 2 11 14 36 1 May 2007 2003-2007 6,659 5,052 2,187 2,370 985 22 2,130 394 2,886 2,242 93 314 Page 6 of 20 Monthly Report - Apr, 2007 Solution Status The following table and graphs show information about all advisories published by Secunia through April 2007 grouped by Solution Status. This illustrates trends of software vendors' reactions to advisories published by Secunia. Unpatched Vendor Patch Vendor Workaround Partial Fix Generated by Secunia Apr, 2007 2007 (Jan-Apr) 126 494 222 955 17 50 10 28 1 May 2007 2003-2007 4,298 12,353 310 283 Page 7 of 20 Monthly Report - Apr, 2007 Complete List of Secunia Advisories Released in Apr, 2007 The following is a complete listing of all Secunia advisories that were published in the month of April 2007. Apr 30, 2007 SA25044: Adobe Products PNG.8BI PNG File Handling Buffer Overflow SA25032: BEAST/BSE "seteuid()" and "setreuid()" Security Issue SA25034: Corel Paint Shop Pro Photo PNG File Handling Buffer Overflow SA25028: Debian update for clamav SA25025: Debian update for php4 SA25062: Debian update for php5 SA25033: FreeBSD IPv6 Type 0 Route Headers Denial of Service SA25059: Gentoo update for beast SA25066: HP Power Manager Remote Agent Unspecified Code Execution SA25038: Imager 8Bit BMP File Parsing Buffer Overflow Vulnerability SA25040: Imageview "album" Local File Inclusion SA25061: iputils rarpd Replies Denial of Service SA25052: IrfanView Formats Plug-in IFF File Handling Buffer Overflow Vulnerability SA25067: LAN Management System "OD" Cross-Site Scripting Vulnerability SA25068: Linux Kernel IPv6 Type 0 Route Headers Denial of Service SA25026: MyServer Data Processing Denial of Service Vulnerability SA25071: Papoo CMS "menuid" SQL Injection Vulnerability SA25009: Pi3Web HTTP Request Processing Denial of Service Vulnerability SA25036: Plesk "locale_id" Directory Traversal Vulnerabilities SA25043: PostNuke pnFlashGames Module "cid" SQL Injection SA25048: Sun Java System Directory Server NSS Denial of Service SA25072: SUSE Update for Multiple Packages SA25058: Ubuntu update for postgresql SA25042: WordPress myGallery Plugin "myPath" File Inclusion Apr 27, 2007 SA25046: AWBS "workdir" File Inclusion Vulnerability SA25012: Gimp SUNRAS Plugin "set_color_table()" Buffer Overflow SA25020: Groupmax Mobile Option Unspecified Buffer Overflow SA25045: IBM WebSphere Application Server Unspecified Vulnerability SA25051: IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow SA25021: Invision Power Board class_upload.php Cross-Site Scripting SA25007: MyDNS DNS Update Denial of Service SA25035: phpOracleView "include_all.inc.php" File Inclusion SA24993: Red Hat update for java-1.4.2-ibm SA25014: SineCms "stringa" Cross-Site Scripting SA25037: Sun Solaris PostgreSQL SECURITY DEFINER Privilege Escalation SA25013: Symantec Products Information Disclosure and Buffer Overflow SA24999: Trustix update for postgresql SA25057: Ubuntu update for php Apr 26, 2007 SA25055: ABC-View Manager PSP File Handling Buffer Overflow Generated by Secunia 1 May 2007 Page 8 of 20 Monthly Report - Apr, 2007 Apr 26, 2007 (continued) SA25050: AccuSoft ImageGear igcore15d.dll Buffer Overflow Vulnerability SA25002: CA CleverPath Portal SQL Injection Vulnerability SA25047: Cisco Products PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows SA25054: Fresh View PSP File Handling Buffer Overflow SA25053: JulmaCMS "file" Directory Traversal Vulnerability SA25005: Mandriva update for postgresql SA25049: NaviCOPA GET Request Denial of Service Vulnerability SA25006: Sun Solaris X11 Multiple Vulnerabilities Apr 25, 2007 SA25023: Adobe Photoshop Bitmap File Handling Buffer Overflow Vulnerability SA24977: Asterisk T.38 SDP Buffer Overflows and Management Interface Denial of Service SA24970: Avaya Products Wireshark Multiple Denial of Service Vulnerabilities SA24972: CA BrightStor ARCserve Backup Media Server Multiple Buffer Overflows SA24982: Debian update for aircrack-ng SA25022: Gentoo update for clamav SA25029: HP StorageWorks Command View Advanced Edition for XP Unauthorized User Account Access SA24710: InterVideo HomeTheater WinDVDX ActiveX Control Buffer Overflows SA25031: Linksys SPA941 SIP Message Denial of Service SA24976: Linux Kernel "L2CAP" and "HCI" Information Disclosure SA25000: Lunascape RSS Feed Cross-Site Scripting Vulnerability SA24724: Nero MediaHome Denial of Service Vulnerability SA24984: Ripe Website Manager SQL Injection and Cross-Site Scripting SA24936: SilverStripe "search" Unspecified Vulnerability SA24985: Sun Cluster Software Denial of Service Vulnerability SA24975: Sun Solaris libX11 Integer Overflow Vulnerability SA25027: SUSE update for opera SA24957: USP FOSS Distribution "dnld" File Disclosure Vulnerability SA25015: wavewoo "path_include" File Inclusion Vulnerability Apr 24, 2007 SA24983: ACVSWS "CheminInclude" File Inclusion Vulnerability SA25011: Apple QuickTime Java Handling Unspecified Code Execution SA24997: Big Blue Guestbook "comments" Script Insertion SA25016: Corel Paint Shop Pro Photo igcore15d.dll CLP File Handling Buffer Overflow SA25010: EsForum "idsalon" SQL Injection Vulnerability SA24935: freePBX Script Insertion and Command Execution Vulnerabilities SA24991: Gentoo update for blender SA24980: Gentoo update for nas SA24990: HP-UX sendmail Unspecified Denial of Service SA25017: Microgaming Download Helper ActiveX Control Buffer Overflow Vulnerability SA24967: MyBB "day" SQL Injection Vulnerability SA24978: OpenBSD IPv6 Type 0 Route Headers Denial of Service SA24992: Pagode "asolute" Command Injection and Directory Traversal SA24952: phpMyAdmin Cross-Site Scripting Vulnerabilities SA24971: Post Revolution "dir" File Inclusion Vulnerabilities SA25019: PostgreSQL SECURITY DEFINER Functions Privilege Escalation SA24989: rPath update for postgresql and postgresql-server Generated by Secunia 1 May 2007 Page 9 of 20 Monthly Report - Apr, 2007 Apr 24, 2007 (continued) SA25004: SUSE update for XFree86 and Xorg SA24998: TJSChat "user" Cross-Site Scripting Vulnerability SA24959: Xaraya Roles Module Form Handler Security Bypass SA25018: Yate Unspecified SIP Protocol Handling Denial of Service Vulnerability Apr 23, 2007 SA24961: 3proxy Transparent Request Handling Buffer Overflow SA24994: ACDSee Products "ID_X.apl" XPM File Handling Buffer Overflow SA24987: Avaya CMS / IR Sun Solaris IP Packet Denial of Service SA24974: Debian update for webcalendar SA24963: Gentoo courier-imap "XMAILDIR" Variable Command Injection SA25001: Gentoo update for 3proxy SA24964: Gentoo update for aircrack-ng SA24979: Mandriva update for krb5 SA24968: Maran PHP Forum "name" PHP Code Execution SA25003: NeatUpload Response Handling Race Condition Information Disclosure SA24981: PhotoFiltre Studio TIF File Handling Buffer Overflow SA24995: SUSE Update for Multiple Packages SA24996: Trustix update for freetype and clamav SA24958: WEBinsta FM Manager "absolute_path" File Inclusion SA24973: XnView XPM File Handling Buffer Overflow SA24986: ZoneAlarm Products SRESCAN.SYS IOCTL Handler Privilege Escalation Apr 20, 2007 SA24934: Exponent CMS "icodir" Directory Listing Disclosure Weakness SA22924: Gracenote CDDBControl ActiveX Buffer Overflow Vulnerability SA24969: HP Oracle for OpenView Multiple Vulnerabilities SA24966: Mac OS X Security Update Fixes Multiple Vulnerabilities SA24962: Nortel VPN Router Default User Accounts and Missing Authentication Checks SA24932: Phorum Multiple Vulnerabilities SA24949: PHP-Nuke SQL Filter Bypass and SQL Injection Vulnerabilities SA24941: Red Hat Stronghold update for php SA24965: Red Hat update for php SA24925: Sharity Unspecified Denial of Service Vulnerability SA24921: Slackware update for freetype SA24866: Slackware update for xine-lib SA24946: SUSE update for clamav Apr 19, 2007 SA24955: AimStats "process.php" PHP Code Injection SA24937: BMC PATROL "bgs_sdservice.exe" Memory Corruption SA24940: Canon Network Camera Server VB100 Series Cross-Site Scripting Vulnerability SA24938: IBM Tivoli Monitoring Various Services Buffer Overflow Vulnerabilities SA24922: JEX-Treme Einfacher Passwortschutz "msg" Cross-Site-Scripting SA24956: jGallery "G_JGALL[inc_path]" File Inclusion Vulnerability SA24909: Mandriva update for php SA24954: MediaBeez "server.php" SQL Execution Vulnerability SA24944: Novell GroupWise WebAccess Base64 Decoding Buffer Overflow SA24915: Opensurveypilot Two File Inclusion Vulnerabilities Generated by Secunia 1 May 2007 Page 10 of 20 Monthly Report - Apr, 2007 Apr 19, 2007 (continued) SA24926: Rezervi Generic "root" File Inclusion Vulnerabilities SA24947: rPath update for lighttpd SA24945: rPath update for php, php-mysql, and php-pgsql SA24960: Second Sight ActiveGS ActiveX Control Buffer Overflow Vulnerabilities SA24928: Second Sight ActiveMod ActiveX Control Buffer Overflow Vulnerabilities SA24948: Sun Solaris Mozilla 1.7 Vulnerabilities SA24920: SUSE update for clamav SA24953: Ubuntu update for libx11 SA24951: WordPress Pingback Denial of Service Security Issue SA24899: Zomplog "file" Directory Traversal Vulnerability Apr 18, 2007 SA24908: Anthologia "ads_file" File Inclusion Vulnerability SA24918: Gentoo file Denial of Service Security Issue SA24917: Gentoo update for freeradius SA24931: Gentoo update for madwifi-ng SA24950: HP Insight Management Agents SSL Vulnerabilities SA24930: HP UX Tru64 Multiple SSL and BIND Vulnerabilities SA24893: McAfee e-Business Server Authentication Packet Processing Denial Of Service SA24914: McAfee VirusScan Enterprise On-Access Scanner Unicode Filename Buffer Overflow SA24942: my little weblog "id" Cross-Site Scripting SA24929: Oracle Products Multiple Vulnerabilities SA24887: PHP-Nuke vWar Module SQL Injection and Cross-Site Scripting SA24867: ProFTPD Auth API Multiple Authentication Modules Security Issue SA24939: ShoutPro "shout" PHP Code Injection Vulnerability SA24927: Sun Solaris and Java Web Console Format String Vulnerability SA24943: Wabbit PHP Gallery Script Two Cross-Site Scripting Vulnerabilities SA24933: webMethods Glue "resource" Directory Traversal Vulnerability Apr 17, 2007 SA24900: Akamai Download Manager ActiveX Control Buffer Overflow Vulnerabilities SA24859: Gentoo update for inkscape SA24906: Gentoo update for openoffice and openoffice-bin SA24905: Gentoo update for vixie-cron SA24882: MailBee WebMail Pro Cross-Site Scripting Vulnerabilities SA24895: Mandriva update for cups SA24907: Mandriva update for freeradius SA24826: Mandriva update for ipsec-tools SA24913: Mozilla Firefox Wizz RSS News Reader Extension Cross-Context Scripting SA24919: oe2edit "q" Cross-Site Scripting Vulnerability SA24910: Red Hat update for php SA24924: Red Hat update for php SA24901: rPath update for kernel SA24912: Simple PHP Scripts Gallery "gallery" File Inclusion SA24890: StoreFront for Gallery "GALLERY_BASEDIR" File Inclusion Vulnerabilities Apr 16, 2007 SA24902: CNStats File Inclusion Vulnerabilities SA24894: FileZilla Unspecified Format String Vulnerabilities Generated by Secunia 1 May 2007 Page 11 of 20 Monthly Report - Apr, 2007 Apr 16, 2007 (continued) SA24897: Gentoo update for xine-lib SA24892: LANDesk Management Suite Alert Service Buffer Overflow SA24886: lighttpd "mtime" and "\r\n\r\n\" Denial of Service Vulnerabilities SA24904: LS simple guestbook "message" PHP Code Execution SA24898: MiniShare Multiple Connections Denial of Service SA24896: NMDeluxe "template" Local File Inclusion Vulnerability SA24821: Pixaria Gallery "cfg[sys][base_path]" File Inclusion SA24878: Red Hat update for cups SA24885: Red Hat update for freetype SA24911: Red Hat update for squid SA24903: ScramDisk 4 Linux Privilege Escalation Security Issues SA24916: SSH Tectia Server Insecure Permissions SA24889: SUSE Update for Multiple Packages SA24884: VCDGear Cue File Buffer Overflow Vulnerability Apr 13, 2007 SA24880: Aircrack-ng 802.11 Authentication Packet Processing Buffer Overflow SA24875: Avaya Products Incorrect GnuPG Usage SA24873: Chatness Security Bypass and PHP Code Execution SA24879: chCounter "login_name" Cross-Site Scripting SA24865: Cisco Products Multiple Vulnerabilities SA24891: Clam AntiVirus Multiple Vulnerabilities SA24881: eIQNetworks Enterprise Security Analyzer Command Processing Vulnerabilities SA24853: Gentoo update for dokuwiki SA24870: Mephisto "q" Cross-Site Scripting Vulnerability SA24871: Microsoft Windows DNS Service Buffer Overflow Vulnerability SA24775: Open Business Management Authentication Bypass SA24888: PhpWiki "UpLoad" PHP Script Upload Vulnerability SA24868: PicoZip Archive Handling Directory Traversal Vulnerability SA24857: Sun Solaris IP Packet Denial of Service SA24869: toendaCMS "searchword" Cross-Site Scripting Apr 12, 2007 SA24854: Adobe Bridge Update Installation Unspecified Privilege Escalation SA24846: CodeBreak "process_method" File Inclusion Vulnerability SA24845: CoSign POST Request Carriage Return Insertion Vulnerabilities SA24848: Drupal Database Administration Module Multiple Vulnerabilities SA24872: FAC Guestbook Database Disclosure Security Issue SA24849: FreeRADIUS EAP-TTLS "VALUE_PAIR" Memory Leak Security Issue SA24835: Hiox Guestbook "from" PHP Code Execution Vulnerability SA24852: IBM WebSphere Application Server Unspecified Vulnerabilities SA24839: Mandriva update for apache-mod_perl SA24841: Mandriva update for madwifi-source SA24876: Openads "adclick.php" HTTP Header Injection SA24877: Opera Unspecified Flash Player Plug-In Vulnerability SA24843: PunBB "referer" and Category Name Vulnerabilities SA24858: RicarGBooK "lang" Local File Inclusion SA24797: SUSE update for qt3 and qt4 SA24874: TuMusika Evolution "msg" Cross-Site Scripting Vulnerability Generated by Secunia 1 May 2007 Page 12 of 20 Monthly Report - Apr, 2007 Apr 12, 2007 (continued) SA24847: Ubuntu update for kdelibs and qt-x11-free SA24731: URLshrink Free Unspecified Vulnerability SA24837: UseBB Full Path Disclosure Weakness Apr 11, 2007 SA24850: Adobe ColdFusion MX Insecure Directory and File Permissions SA24864: bftpd GET/MGET File Transfer Denial of Service Vulnerability SA22251: CinePlayer SonicDVDDashVRNav.dll Buffer Overflow Vulnerability SA24862: Crea-book Multiple SQL Injection Vulnerabilities SA24829: DotClear "post_id" / "tool_url" Cross-Site Scripting Vulnerabilities SA24861: DropAFew "id" SQL Injection, Calorie Log Disclosure and Link Weaknesses SA24855: HP-UX Portable File System "pfs_mountd.rpc" Buffer Overflow Vulnerability SA24842: Inout Mailing List Manager Multiple Vulnerabilities SA24860: phpGalleryScript "include_class" File Inclusion Vulnerability SA24851: SimpCMS Light "site" File Inclusion Vulnerability SA24856: Sun StarOffice and StarSuite 8 WordPerfect Vulnerability SA24752: Ubuntu update for kernel SA24863: Weatimages "ini[langpack]" File Inclusion Vulnerability Apr 10, 2007 SA24836: AlstraSoft Video Share Enterprise SQL Injection and Missing Authentication SA24747: AOL Instant Messenger File Transfer Directory Traversal Vulnerability SA24830: Apple AirPort Extreme Base Station Two Weaknesses SA24838: Battle.net Clan Script "user" SQL Injection SA24811: Beryo "chemin" Directory Traversal Vulnerability SA24807: cattaDoc "download2.php" File Disclosure Vulnerability SA24840: CompreXX Archive Handling Directory Traversal Vulnerability SA24844: DeskPRO "username" Cross-Site Scripting Vulnerability SA24825: eCardMAX HotEditor "first" Local File Inclusion SA24805: Globus Toolkit GSI-OpenSSH Two Vulnerabilities SA24803: ICQ File Transfer Directory Traversal Vulnerability SA24816: iPIX Image Well ActiveX Control Unspecified Buffer Overflows SA24815: IPsec Tools "isakmp_inf.c" Denial of Service SA24793: Linux Kernel "atalk_sum_skb()" AppleTalk Denial of Service SA22896: Microsoft Agent URL Parsing Memory Corruption Vulnerability SA24819: Microsoft Content Management Server Two Vulnerabilities SA24834: Microsoft Windows Kernel Mapped Memory Insecure Permissions SA24822: Microsoft Windows XP UPnP Memory Corruption Vulnerability SA24814: PHP "readwbmp()" Integer Overflow Vulnerability SA24818: PHP121 Instant Messenger "php121dir" File Inclusion Vulnerability SA24808: Quagga "reachable/unreachable" NLRI Attributes Denial of Service SA24831: QuizShock "forward_to" Cross-Site Scripting SA24832: Request It : Song Request System "id" File Inclusion Vulnerability SA24810: rPath update for openoffice.org SA24796: ScarNews "sn_admin_dir" File Inclusion Vulnerability SA24809: Scorp Book "config" File Inclusion Vulnerability SA24802: SmodBIP "zoom" SQL Injection Vulnerability SA24833: Ubuntu update for ipsec-tools SA24823: Windows Vista CSRSS Privilege Escalation Vulnerability Generated by Secunia 1 May 2007 Page 13 of 20 Monthly Report - Apr, 2007 Apr 9, 2007 SA24827: ArchiveXpert Archive Handling Directory Traversal Vulnerability SA24812: CMailServer Two Cross-Site Scripting Vulnerabilities SA24828: Debian update for man-db SA24804: Debian update for xmms SA24806: eBoard "GLOBALS[name]" Local File Inclusion Vulnerability SA24787: Gentoo update for evince SA24794: Gentoo update for libwpd SA24780: JustSystems Ichitaro Document Processing Unspecified Code Execution SA24801: man-db "BROWSER" Privilege Escalation Vulnerability SA24824: PHP "FILTER_VALIDATE_EMAIL" Filter Newline Injection SA24817: SGI update for krb5 SA24820: SignKorea SKCrypAX ActiveX Control Multiple Buffer Overflows SA24766: Winamp libsndfile.dll MAT File Handling NULL Byte Overwrite SA24813: WitShare "menu" Local File Inclusion Vulnerability Apr 6, 2007 SA24779: ACDSee Products BMP Image Handling Memory Corruption SA24789: CodeWand phpBrowse "include_path" Remote File Inclusion SA24784: FastStone Image Viewer BMP Image Handling Memory Corruption SA24792: HP-UX update for CIFS Server SA24799: IBM OpenSSH for AIX Two Vulnerabilities SA24800: Nuke ET "Your_Account" User Deletion Vulnerability SA24786: SUSE update for krb5 SA24767: Symantec Enterprise Security Manager Remote Upgrade Missing Authentication SA24782: Trustix Updates for Multiple Packages SA24712: WebSPELL "picture.php" Information Disclosure SA24769: XOOPS Jobs Module "cid" SQL Injection SA24774: XOOPS WF-Links Module "cid" SQL Injection Apr 5, 2007 SA24773: AROUNDMe File Inclusion Vulnerabilities SA24764: Enterasys Networks NetSight Products TFTPD/BOOTPD Vulnerabilities SA24768: FreeType BDF Font Integer Overflow Vulnerability SA24778: Kaspersky Products Multiple Vulnerabilities SA24795: Lite-CMS "p" Local File Inclusion Vulnerability SA24776: Mandriva update for freetype2 SA24777: Mandriva update for kernel SA24785: Mandriva update for krb5 SA24772: Mandriva update for tightvnc SA24765: Mandriva update for xorg-x11 SA24743: Mozilla Firefox Firebug Extension Two Cross-Context Scripting Vulnerabilities SA24798: Novell Kerberos KDC "krb5_klog_syslog()" Buffer Overflow SA24791: OpenBSD update for X.Org SA24783: rPath update for nas SA24722: SAP RFC Library Multiple Vulnerabilities SA24788: VMware ESX Server Multiple Vulnerabilities SA24790: Xoops Rha7 Downloads Module "lid" SQL Injection SA24781: Xoops WF-Snippets Module "c" SQL Injection Generated by Secunia 1 May 2007 Page 14 of 20 Monthly Report - Apr, 2007 Apr 4, 2007 SA24736: Debian update for krb5 SA24735: Gentoo update for mit-krb5 SA24720: Gentoo update for openafs SA24716: Gentoo update for openpbs SA24708: Gentoo update for zziplib SA24730: HP Mercury Quality Center "RunQuery()" Insecure Method SA24763: IBM Tivoli Business Service Manager Password Disclosure SA24740: Kerberos Multiple Vulnerabilities SA24705: Mandriva update for kdelibs SA24699: Mandriva update for qt3 and qt4 SA24738: Metamod-P "safevoid_vsnprintf()" Denial of Service Vulnerability SA24689: MyBB "Client-IP" SQL Injection and Code Execution SA24760: MySpeach "chat.php" File Inclusion Vulnerability SA24750: Red Hat update for krb5 SA24744: Red Hat update for mysql SA24771: Red Hat update for XFree86 SA24745: Red Hat update for xorg-x11 SA24756: rPath update for freetype, xorg-x11, xorg-x11-fonts, xorg-x11-tools, and xorg-x11-xfs SA24739: rpath update for ImageMagick SA24759: rPath update for qt-x11-free SA24757: rPath updates for krb5 SA24704: ScriptMagix FAQ Builder "catid" SQL Injection SA24698: ScriptMagix Photo Rating "phid" SQL Injection SA24754: Slackware update for file SA24753: Slackware update for ktorrent SA24726: Slackware update for qt SA24762: SolidWorks sldimdownload ActiveX Control "Run()" Insecure Method SA24755: Sun SEAM Kerberized telnetd Daemon Arbitrary User Login SA24770: Ubuntu update for freetype, libxfont, xorg, and xorg-server SA24706: Ubuntu update for krb5 SA24751: WordPress XMLRPC SQL Injection and Security Bypass SA24741: X.Org X11 Multiple Vulnerabilities SA24758: XFree86 Multiple Vulnerabilities SA24761: Xoops PopnupBlog Module "postid" SQL Injection SA24742: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow Apr 3, 2007 SA24685: Advanced Website Creator SQL Injection Vulnerability SA24694: Asterisk AEL Extensions Security Bypass SA24723: Debian update for file SA24713: Debian update for zope2.7 SA24728: DirectAdmin Log Viewer Script Insertion Vulnerability SA24719: Gentoo update for asterisk SA24656: holaCMS Cross-Site Scripting Vulnerability SA24746: HP OpenView Network Node Manager Unspecified Unauthorized Access SA24717: IBM Tivoli Provisioning Manager for OS Deployment "multipart/form-data" Handling Multiple Vulnerabilities SA24721: ImageMagick DCM and XWD Buffer Overflows SA24725: IrfanView Animated Cursor Handling Buffer Overflow Generated by Secunia 1 May 2007 Page 15 of 20 Monthly Report - Apr, 2007 Apr 3, 2007 (continued) SA24711: Netscape Multiple Vulnerabilities SA24727: Qt Overlong UTF-8 Sequence Cross-Site Scripting Vulnerability SA24733: TinyMUX "fun_ladd()" Buffer Overflow Vulnerability SA24700: Winmail Server "sid" Directory Traversal Vulnerability SA24748: Xoops Camportail Module "camid" SQL Injection SA24749: Xoops Kshop Module "id" SQL Injection Apr 2, 2007 SA24714: America Online SuperBuddy ActiveX Control "LinkSBIcons()" Vulnerability SA24732: Apache Tomcat Directory Traversal Security Issue SA24701: BT-Sondage "repertoire_visiteur" File Inclusion SA24688: dproxy-nexgen "dns_decode_reverse_name" Buffer Overflow Vulnerability SA24660: Gentoo update for cups SA24608: Gentoo update for file SA24662: Gentoo update for squid SA24683: Hitachi Products Cosminexus Component Container Improper Session Information Usage SA24692: HP Mercury Quality Center SPIDERLib ActiveX Control Buffer Overflow SA24670: MadWifi Denial of Service and Information Disclosure Vulnerabilities SA24715: MapLab "gszAppPath" File Inclusion Vulnerability SA24718: PHP-Fusion Expanded Calendar Module "m_month" SQL Injection SA24697: PHP-Nuke Addressbook Module "module_name" Local File Inclusion SA24671: RSPA Multiple File Inclusion Vulnerabilities SA24729: Softerra Time-Assistant "inc_dir" / "lib_dir" File Inclusion Vulnerabilities SA24624: Sun Solaris Mozilla 1.7 Vulnerability SA24734: SUSE update for gpg SA24737: SUSE Update for Multiple Packages SA24677: Symantec Norton Personal Firewall Hooked Functions Denial of Service SA24709: Xoops RM+Soft Gallery System Module "idcat" SQL Injection Generated by Secunia 1 May 2007 Page 16 of 20 Monthly Report - Apr, 2007 About Advisories - Criticality Extremely Critical Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. These vulnerabilities can e.g. exist in services like FTP, HTTP, and SMTP or in certain client systems like email programs or browsers. Highly Critical Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure. Such vulnerabilities can e.g. exist in services like FTP, HTTP, and SMTP or in client systems like email programs or browsers. Moderately Critical Typically used for remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allows system compromises but require user interaction. This rating is also used for vulnerabilities allowing system compromise on LANs in services like SMB, RPC, NFS, LPD and similar services that are not intended for use over the Internet. Less Critical Typically used for cross-site scripting vulnerabilities and privilege escalation vulnerabilities. This rating is also used for vulnerabilities allowing exposure of sensitive data to local users. Not Critical Typically used for very limited privilege escalation vulnerabilities and locally exploitable Denial of Service vulnerabilities. This rating is also used for non-sensitive system information disclosure vulnerabilities (e.g. remote disclosure of installation path of applications). Generated by Secunia 1 May 2007 Page 17 of 20 Monthly Report - Apr, 2007 About Advisories - Attack vector Local system "Local system" describes vulnerabilities, where the attack vector requires that the attacker is a local user on the system. From local network "From local network" describes vulnerabilities, where the attack vector requires that an attacker is situated on the same network as a vulnerable system (not necessarily a LAN). This category covers vulnerabilities in certain services (e.g. DHCP, RPC, administrative services etc.), which should not be accessible from the Internet, but only from a local network and optionally a restricted set of external systems. From remote "From remote" describes other vulnerabilities, where the attack vector doesn't require access to the system nor a local network. This category covers services, which are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP etc.) as well as client applications used on the Internet and certain vulnerabilities, where it is reasonable to assume that a security conscious user can be tricked into performing certain actions. Generated by Secunia 1 May 2007 Page 18 of 20 Monthly Report - Apr, 2007 About Advisories - Impact Brute force Used in cases where an application or algorithm allows an attacker to guess passwords in an easy manner. Cross-Site Scripting Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system. Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery". Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks. DoS (Denial of Service) This includes various vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Exposure of sensitive information Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. Exposure of system information Vulnerabilities where excessive information about the system (e.g. version numbers, running services, installation paths, and similar) is exposed and can be revealed from remote and in some cases locally. Hijacking This covers vulnerabilities where a user session or a communication channel can be taken over by other users or remote attackers. Manipulation of data This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access. The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries. Privilege escalation This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users. This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system. Security Bypass This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application. Generated by Secunia 1 May 2007 Page 19 of 20 Monthly Report - Apr, 2007 The actual impact varies significantly depending on the design and purpose of the affected application. Spoofing This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems. System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Unknown Covers various weaknesses, security issues, and vulnerabilities not covered by the other impact types, or where the impact isn't known due to insufficient information from vendors and researchers. Generated by Secunia 1 May 2007 Page 20 of 20
