Search:Vulnerability:11.09.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Trend Micro antiviral products multiple security vulnerabilities
updated since 22.08.2007
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8084
Type: remote
Level: 7/10
Description: Buffer overflow in SSAPI engine on oversized local path. Buffer overflow in ServerProtect on different TCP/5168 RPC requests.

CVE: CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.)
CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.)
CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.)
CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.)

Original document ZDI, ZDI-07-051: Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability (11.09.2007)

ZDI, ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability (11.09.2007)

IDEFENSE, iDefense Security Advisory 08.21.07: Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability (22.08.2007)

document IDEFENSE, iDefense Security Advisory 08.21.07: Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities (22.08.2007)

IDEFENSE, iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability (22.08.2007)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8131
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: DIRECTADMIN : DirectAdmin 1.30
OLATE : Olate Download 3.4
ROIREVOLUTION : Urchin 5.6
INTERSPIRE : ActiveKB NX 2.5
CARE2X : CARE2X 2.2
TOMS : Toms Gastebuch 1.0
NETJUKE : Netjuke 1.0
PHPMYQUOTE : phpMyQuote 0.20
HUSREV : Husrev Forums 2.0
PROXYANKET : Proxy Anket 3.0
NUCLEARBB : NuclearBB Alpha 2

Original document Advisory_(at)_Aria-Security.net, [Aria-Security Team] social-networkin SQL Injection (11.09.2007)

b14ck1c3_(at)_hotmail.com, NuclearBB Alpha 2 Remote File Inclusion (11.09.2007)

yollubunlar_(at)_yollubunlar.org, Husrev Forums v2.0.1:PoWerBoard Sql (11.09.2007)

yollubunlar_(at)_yollubunlar.org, Proxy Anket v3.0.1 Sql injection Vulnerable (11.09.2007)

document yollubunlar_(at)_yollubunlar.org, phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities (11.09.2007)

cod3in_(at)_gmail.com, Netjuke 1.0-rc2 - sql injection & XSS (11.09.2007)

cod3in_(at)_gmail.com, Toms Gstebuch 1.00 - XSS (11.09.2007)

imei, Olate Download 3.4.2~uploads folder ~ directory traversal (11.09.2007)

document imei, Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files (11.09.2007)

home_edition2001_(at)_irc.mildnet.org, SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion (11.09.2007)

Ivan Niiiil, CARE2X php Integ Hospital Info System 2G Deployment 2.2 Multi Remote File Include (11.09.2007)

document Ivan Niiiil, CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include (11.09.2007)

r0t, DirectAdmin <= v1.30.2 XSS vuln. (11.09.2007)

noname indexed, XSS UMI CMS (11.09.2007)

durito, XXS � ActiveKB NX 2.5.4 (11.09.2007)

r0t, Urchin Multiple XSS vuln. (11.09.2007)

Discuss: Read or add your comments to this news (0 comments)

Samba nss_info extension privilege escalation
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8135
Type: local
Level: 5/10
Description: Gid 0 is assigned to user, if "winbind nss info" configuration parameter has value "sfu" or "rfc2307".

Affected: SAMBA : Samba 3.0
CVE: CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.)

Original document SAMBA, [SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default (11.09.2007)

Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows Services for UNIX privilege escalation
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8138
Type: local
Level: 5/10
Description: Invalid suid files handling.

Affected: MICROSOFT : Windows 2003 Server
MICROSOFT : Windows Services for UNIX 3.5
MICROSOFT : Windows Services for UNIX 3.0
MICROSOFT : Windows Vista
CVE: CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files.")

Original document MICROSOFT, Microsoft Security Bulletin MS07-053 - Important Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) (11.09.2007)

Files: Microsoft Security Bulletin MS07-053 - Important Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
Discuss: Read or add your comments to this news (0 comments)

Microsoft MSN Messenger / Windows Live Messenger memory corruption
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8139
Type: client
Level: 7/10
Description: Memory corruption on Webcam or Video Chat session establishment.

Affected: MICROSOFT : MSN Messenger 6.2
MICROSOFT : Windows Live Messenger 8.0
MICROSOFT : MSN Messenger 7.5
MICROSOFT : MSN Messenger 7.0
CVE: CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live Messenger before 8.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam sessions.)

Original document MICROSOFT, Microsoft Security Bulletin MS07-054 - Important Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099) (11.09.2007)

Files: Microsoft Security Bulletin MS07-054 - Important Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)
Discuss: Read or add your comments to this news (0 comments)

Symantec Antivirus privilege escalation
updated since 12.07.2007
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 7922
Type: local
Level: 6/10
Description: It's possible to overwrite system memory regions with IOCTL 0x83022323 of \\symTDI\ device.

Affected: SYMANTEC : Symantec AntiVirus 5.5

Original document SYMANTEC, Symantec Product Security: Symantec Device Driver Local Elevation of Privilege (11.09.2007)

IDEFENSE, iDefense Security Advisory 07.11.07: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability (12.07.2007)

Discuss: Read or add your comments to this news (0 comments)

IBM DB2 buffer overflow
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8132
Type: local
Level: 5/10
Description: Buffer overflow in sysproc.auth_list_groups_for_authid function.

Affected: IBM : DB2 9.1

Original document SHATTER, Team SHATTER Advisory: IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid (11.09.2007)

Discuss: Read or add your comments to this news (0 comments)

id3lib symbolic links security vulnerability
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8133
Type: local
Level: 5/10

CVE: CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.)

Original document DEBIAN, [SECURITY] [DSA 1365-1] New id3lib3.8.3 packages fix denial of service (11.09.2007)

Discuss: Read or add your comments to this news (0 comments)

PHP safemode bypass
Published: 11.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8134
Type: local
Level: 5/10
Description: By using LOAD_FILE, INTO DUMPFILE, INTO OUTFILE SQL modifiers it's possible to access files behind basedir.

Affected: PHP : PHP 5.2

Original document laurent.gaffie_(at)_gmail.com, PHP <=5.2.4 open_basedir bypass & code exec & denial of service (11.09.2007)

laurent.gaffie_(at)_gmail.com, PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass (11.09.2007)

Discuss: Read or add your comments to this news (0 comments)

Microsoft Visual Studio RPT files code execution
Published: 11.09.2007
Source: MICROSOFT
SecurityVulns ID: 8137
Type: client
Level: 5/10

CVE: CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports XI Professional has unknown impact and user-assisted attack vectors related to a crafted .RPT file.)

Original document MICROSOFT, Microsoft Security Bulletin MS07-052 - Important (11.09.2007)

Files: Microsoft Security Bulletin MS07-052 - Important Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Agent ActiveX buffer overflow
updated since 11.09.2007
Published: 12.09.2007
Source: MICROSOFT
SecurityVulns ID: 8136
Type: client
Level: 6/10
Description: Buffer overflow on oversized URL.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
CVE: CVE-2007-3040 (Stack-based buffer overflow in the Agent.Control function in Microsoft Agent ActiveX control (agentdpv.dll) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL, a different issue than CVE-2007-1205.)

Original document IDEFENSE, iDefense Security Advisory 09.11.07: Microsoft Windows 2000 Agent URL Canonicalizing Stack Based Buffer Overflow Vulnerability (12.09.2007)

VR-Subscription-noreply_(at)_assurent.com, Assurent VR - Microsoft Agent Crafted URL Stack Buffer Overflow (11.09.2007)

MICROSOFT, Microsoft Security Bulletin MS07-051 - Critical Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827) (11.09.2007)

Files: Microsoft Security Bulletin MS07-051 - Critical Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
Discuss: Read or add your comments to this news (0 comments)