NIPC CyberNotes #2002-12 Page 20 of 33 06/17/2002
Vendor
Operating
System
Software
Name
Vulnerability/
Impact
Patches/Workarounds/
Alerts
Common
Name
Risk*
Attacks/
Scripts
The XMB
Group
87
Multiple XMB
Forum 1.6
Magic
Lantern
A Cross-Site Scripting
vulnerability exists because
script code is not properly
filtered from URL parameters,
which could let a remote
malicious user execute
arbitrary script code.
No workaround or patch
available at time of
publishing.
XMB Forum
Magic Lantern
Cross-Site
Scripting
High
Bug discussed
in newsgroups
and websites.
Exploit has
been published.
Transware
88
Multiple Active!
Mail 1.422,
Mail 2.0
A vulnerability exists because
e-mail headers are not
properly stripped of HTML
code prior to display, which
could let a remote malicious
user execute arbitrary code.
Upgrade available at:
http://www.transware.co.jp/
active/download/am_downl
oad.html
Active Mail
HTML
Injection
High
Bug discussed
in newsgroups
and websites.
University
of
Washing-
ton
89
Unix Pine 4.21,
4.30, 4.33,
4.44
A vulnerability exists because
user names and/or ids can still
be leaked due to Pine's
insertion of "Sender:" and/or
"X-Sender:" headers, which
could let a remote malicious
use obtain sensitive
information.
No workaround or patch
available at time of
publishing.
Pine Unix
Sensitive
Information
Medium Bug discussed
in newsgroups
and websites.
There is no
exploit code
required.
Voxel Dot
Net
90
Multiple CBMS 0.7 Multiple Cross-Site Scripting
and SQL injection
vulnerabilities exist, which
could let a malicious user
execute arbitrary code.
No workaround or patch
available at time of
publishing.
CBMS
Multiple
Cross-Site
Scripting
High
Bug discussed
in newsgroups
and websites.
Exploit has
been published.
Washing-
ton
University
91
Multiple wu-imapd
2001.0a
A vulnerability exists in
configurations where users are
not authorized shell access to
a system, but have a valid
account from which to
download mail via IMAP,
which could let a malicious
user obtain sensitive
information.
The University of
Washington IMAP FAQ
gives information to
secure affected servers
located at:
http://www.washington.edu/
imap/IMAP-
FAQs/index.html#5.1
IMAP
Arbitrary File
Access
Medium Bug discussed
in newsgroups
and websites.
Working
Resources
Inc.
92
Windows
95/98/ME/
NT
4.0/2000,
XP
BadBlue
1.7 .0
A vulnerability exists if a
remote malicious user
appends the unicode variant of
the "%" symbol, which could
let a remote malicious user
obtain sensitive information.
Upgrade available at:
Windows 95/NT
http://www.badblue.com/bb
95.exe
Windows 98/ME/200,
XP
http://www.badblue.com/bb
98.exe
BadBlue
Directory
Contents
Disclosure
Medium Bug discussed
in newsgroups
and websites.
There is no
exploit code
required.
XFree86
93
Unix X11R6 4.0,
4.0.1,
4.0.2–11,
4.0.3, 4.1.0,
4.1-12,
4.1-11,
4.2.0
A remote Denial of Service
vulnerability exists when a
malicious user passes an
overly large font size to the X
Window system.
No workaround or patch
available at time of
publishing.
X Window
System
Denial of
Service
Low Bug discussed
in newsgroups
and websites.
Exploit has
been published.
87
Security Bugware, June 5, 2002.
88
SNS Advisory No.54, June 13, 2002.
89
Bugtraq, June 7, 2002.
90
Bugtraq, June 6, 2002.
91
Bugtraq, June 1, 2002.
92
Bugtraq, June 1, 2002.
93
Bugtraq, June 10, 2002.
(51 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales