I'n Blog 之萬象真藏

TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:

http://www.dragonsoft.com/en/epaper/

Contents:

* 10 Reported Vulnerabilities

* Sort by Risk

-------------------------------------------------

Date Reported: 2008/01/12

Name: Apple QuickTime RTSP Content-Type Header Remote Buffer Overflow Vulnerability

Risk: High

CVSS Base Score: 9.3

Description:

Apple QuickTime Player 7.3 are exist a buffer overflow vulnerability, caused by improper bounds checking of the RTSP Content-Type header, A remote attacker could persuading a victim to connect to a specially-crafted RTSP stream to cause the application to crash or execute arbitrary code with victim privileges.

Category: Others

Affect OS: Windows NT4, 2000, XP, 2003

Link: http://vdb.dragonsoft.com/detail.php?id=3161

Date Reported: 2008/01/12

Name: Apple QuickTime RTSP Reason-Phrase Remote Buffer Overflow Vulnerability

Risk: High

CVSS Base Score: 6.8

Description:

Apple QuickTime Player 7.3.1.70 are exist a buffer overflow vulnerability, caused by improper bounds checking of the RTSP Reason-Phrase, A remote attacker could create a error message response and  persuading a victim to connect to a specially-crafted RTSP stream to cause the application to crash or execute arbitrary code with victim privileges.

Category: Others

Affect OS: Windows NT4, 2000, XP, 2003

Link: http://vdb.dragonsoft.com/detail.php?id=3162

Date Reported: 2008/01/28

Name: PHP glob Function Security Bypass Vulnerability

Risk: Medium

CVSS Base Score: 7.5

Description:

PHP before version 4.4.8 are exist security bypass vulnerability in the glob() function, when the open_basedir is enabled, A remote attacker could exploit this vulnerability to bypass open_basedir restrictions and gain unauthorized access to the system.

Category: Web Servers

Affect OS: Windows, UNIX

Link: http://vdb.dragonsoft.com/detail.php?id=3168

Date Reported: 2008/01/27

Name: PHP cURL Library Security Bypass Vulnerability

Risk: Medium

CVSS Base Score: 5

Description:

PHP version 5.2.4 and 5.2.5 are exist security bypass vulnerability in the cURL library (libcurl), caused by improper validation of user-supplied input by the curl_init() function, A remote attacker could send a file:// request containing a \x00 sequence to bypass safe_mode and open_basedir restrictions and read arbitrary files.

Category: Web Servers

Affect OS: Windows, UNIX

Link: http://vdb.dragonsoft.com/detail.php?id=3164

Date Reported: 2008/01/28

Name: Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability 2

Risk: Medium

CVSS Base Score: 4.3

Description:

Apache v1.3.2-v1.3.9 and v2.0.35-v2.0.61, v2.2.0-v2.2.6 are exist cross-site scripting vulnerability in the mod_status module, when the server-status is enabled, A remote attacker could inject arbitrary web script or HTML, which could allow attacker to execute script in a victim's Web browser and steal the victim's cookie-based authentication credentials.

Category: Web Servers

Affect OS: Windows, UNIX

Link: http://vdb.dragonsoft.com/detail.php?id=3167

Date Reported: 2008/01/27

Name: Apache mod_proxy_balancer Multiple Cross-Site Scripting Vulnerabilities

Risk: Medium

CVSS Base Score: 4.3

Description:

The mod_proxy_balancer module in the Apache HTTP Server 2.2.0-2.2.6 are exist cross-site scripting vulnerability, A remote attacker could exploit the vulnerability to execute script in a victim's Web browser and steal the victim's cookie-based authentication credentials. (CVE-2007-6420, CVE-2007-6421, CVE-2007-6422, CVE-2007-6423)

Category: Web Servers

Affect OS: Windows, UNIX

Link: http://vdb.dragonsoft.com/detail.php?id=3166

Date Reported: 2008/01/27

Name: Apache mod_proxy_ftp UTF-7 Cross-Site Scripting Vulnerability

Risk: Medium

CVSS Base Score: 4.3

Description:

The mod_proxy_ftp module in the Apache HTTP Server 1.3.0-1.3.39 and 2.0.0-2.0.61, and 2.2.0-2.2.6 are exist cross-site scripting vulnerability, caused by improper validation of user-supplied input. A remote attacker could sending specially-crafted UTF-7 encoding to inject malicious script into a Web page, and execute script in a victim's Web browser and steal the victim's cookie-based authentication credentials.

Category: Web Servers

Affect OS: Windows, UNIX

Link: http://vdb.dragonsoft.com/detail.php?id=3165

-------------------------------------------------

Risk:

  High: Allow immediate remote, or local access or immediate execution of code or commands,

          with unauthorized privileges, and bypassing security on firewalls.

  Medium: Potential of granting access or allowing code execution by means of complex or

          lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle

          attacks, SQL injection, denial of service, information disclosure.

  Low: deny service or provide non-system information that could be used to formulate

         structured attacks on a target, but not directly gain unauthorized access.

-------------------------------------------------

Copyright (c) DragonSoft Security Associates, Inc. All rights reserved

Permission is hereby granted for the electronic redistribution of this document.

It is not to be edited or altered in any way without the express written consent of the DragonSoft Security Associates. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email alert@dragonsoft.com for permission.

Disclaimer: The information in the database may change without notice.

Use of this information constitutes acceptance for use in an AS IS condition.

There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education.

Founded in 2002, DragonSoft offers vulnerability management solutions, including vulnerability assessment, System Security Management and intrusion prevention.

DragonSoft Security Associates, Inc. http://www.dragonsoft.com/

Taipei: 4F-8, No 351, Sec.2, Chun-Sun Road, Chun-Ho City, Taiwan 235 R.O.C

 Tel. +886-2-8221-5408   Fax. +886-2-8221-5476

 Hsinchu: 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300 R.O.C

Tel. +886-3-5630989    Fax. +886-3-5797758