Weekly Vulnerabilities Reports > March 14 to 20, 2005

Overview

29 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 34 products from 30 vendors including Redhat, Suse, Zpanel, Linux, and Novell. Vulnerabilities are notably categorized as "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 24 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-03-15 CVE-2005-0798 Novell Remote Security vulnerability in Novell Ichain 2.2/2.2.113/2.3

Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.

7.5
2005-03-15 CVE-2005-0793 Zpanel SQL Injection and File Include vulnerability in ZPanel

PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.

7.5
2005-03-15 CVE-2005-0792 Zpanel SQL Injection and File Include vulnerability in ZPanel

SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php.

7.5
2005-03-14 CVE-2005-0786 Simpgb SQL Injection vulnerability in Simpgb 1.0

SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php.

7.5
2005-03-14 CVE-2005-0505 Stackworks Enterprises Remote Security vulnerability in Information Resource Manager

Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins.

7.5
2005-03-16 CVE-2005-0352 Woodstone Local Privilege Escalation vulnerability in Woodstone Servers Alive 4.1/5.0

Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges.

7.2

22 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-03-15 CVE-2005-0767 Linux Unspecified vulnerability in Linux Kernel 2.6.8.1

Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root.

6.9
2005-03-15 CVE-2005-0794 Zpanel Denial-Of-Service vulnerability in ZPanel

ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php.

6.4
2005-03-14 CVE-2005-0259 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

6.4
2005-03-15 CVE-2005-0799 Oracle Denial-Of-Service vulnerability in Oracle Mysql 4.1.9

MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.

5.0
2005-03-15 CVE-2005-0797 Novell Remote Information Disclosure vulnerability in Novell iChain Mini FTP Server

Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

5.0
2005-03-15 CVE-2005-0384 Redhat
Suse
Trustix
Ubuntu
Remote Denial Of Service vulnerability in Linux Kernel PPP Driver

Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.

5.0
2005-03-14 CVE-2005-0795 Hola Unspecified vulnerability in Hola Holacms

HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.

5.0
2005-03-14 CVE-2005-0790 Phpadsnew Information Disclosure vulnerability in PHPadsnew 2.0.4Pr1

phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message.

5.0
2005-03-14 CVE-2005-0789 Limewire Unspecified vulnerability in Limewire 3.9.6/4.6.0

Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a ..

5.0
2005-03-14 CVE-2005-0788 Limewire Unspecified vulnerability in Limewire 4.1.2/4.5.6

LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request.

5.0
2005-03-14 CVE-2005-0507 GD Software Directory Traversal vulnerability in GD Software SD Server 4.0.70

Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via ..

5.0
2005-03-14 CVE-2005-0506 Avaya Remote Security vulnerability in Avaya IP Office Phone Manager and IP Soft Phone

The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.

5.0
2005-03-14 CVE-2005-0473 ROB Flynn
Mandrakesoft
Redhat
Remote Denial of Service vulnerability in Gaim

The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

5.0
2005-03-14 CVE-2005-0472 ROB Flynn
Mandrakesoft
Redhat
Remote Denial of Service vulnerability in Gaim

Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

5.0
2005-03-14 CVE-2005-0471 SUN Remote Security vulnerability in SUN JDK and JRE

Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.

5.0
2005-03-14 CVE-2005-0470 WPA Supplicant
Gentoo
Suse
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
5.0
2005-03-14 CVE-2005-0398 Ipsec Tools
Kame
SGI
Altlinux
Redhat
Suse
Denial of Service vulnerability in KAME Racoon Malformed ISAKMP Packet Headers

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

5.0
2005-03-14 CVE-2005-0258 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.

5.0
2005-03-14 CVE-2005-0508 Apache Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."
4.6
2005-03-14 CVE-2005-0504 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.

4.6
2005-03-14 CVE-2005-0791 Phpadsnew Cross-Site Scripting vulnerability in PHPAdsNew AdFrame.PHP

Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter.

4.3
2005-03-14 CVE-2005-0509 Microsoft
Mono
Cross-Site Scripting vulnerability in .NET Framework

Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-03-14 CVE-2005-0510 Fallback Reboot Denial-Of-Service vulnerability in fallback-reboot

The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty.

2.1