> ****************************************************************
>
> (2) HIGH: Oracle E-Business Suite Diagnostics Pack Vulnerabilities
> Affected:
> Oracle E-business Suite Diagnostics
>
> Description: Oracle has released a security update for Oracle
> E-business
> diagnostics that will be included in the next critical patch update to
> be released in April 2006. Oracle Diagnostics package allows an Oracle
> E-business suite administrator to conduct various tests related to the
> suite's configuration and functioning. Some of the Diagnostic webpages
> can be accessed without any authentication as well as some contain SQL
> injection vulnerabilities. The technical details required to exploit
> these flaws have not been posted. Note that the "HIGH" rating is based
> on the fact that Oracle is advising customers to apply this patch.
>
> Status: Apply the patch released for the Diagnostics package. A
> workaround is to block access to URLs that begin with "/OA_HTML/jtfqa"
> from the Internet using a firewall or an IPS.
>
> Council Site Actions: Only one of the reporting council
> sites is using
> the affected software. They are still reviewing the
> vulnerability alert
> and will most likely wait until the next Oracle quarterly update to
> patch their systems.
>
> References:
> Integrigy Advisory
> http://www.integrigy.com/info/IntegrigySecurityAnalysis-Oracle
Diag0206.pdf
> CERT Advisory
> http://www.kb.cert.org/vuls/id/298958
> SecurityFocus BID
> http://www.securityfocus.com/bid/16844
>
> ****************************************************************
>
> *************
> Exploit
> *************
>
> (3) Internet Explorer IsComponentInstalled Overflow
>
> Description: Microsoft Internet Explorer contains a stack-based buffer
> overflow in the "IsComponentInstalled" function. The overflow has
> reportedly been fixed in Windows 2000 SP4 and Windows XP SP1. Exploit
> code has been included in the Metasploit project.
>
> References:
> Exploit Code
> http://metasploit.com/projects/Framework/exploits.html#ie_isco
> mponentinstalled
>
> **************************************************************
> 06.9.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer IsComponentInstalled Buffer
> Overflow
> Description: Microsoft Internet Explorer supports the
> "IsComponentInstalled()" method to report if a particular component is
> installed. It is prone to a buffer overflow condition due to
> insufficient bounds checking on the "sID" argument. This issue was
> reportedly addressed in Windows 2000 SP4 and Windows XP SP1, however
> this has not been confirmed. Internet Explorer 6 is vulnerable to this
> issue; earlier versions may also be affected.
> Ref: http://www.securityfocus.com/bid/16870
> ______________________________________________________________________
> ______________________________________________________________________
>
> 06.9.3 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Alt-N MDaemon IMAP Server Remote Format String
> Description: Alt-N MDaemon is a Microsoft Windows-based mail server
> product. It is affected by a remote format string vulnerability due to
> improper sanitization of user-supplied input prior to its use in the
> format-specifier argument to a formatted printing function. This issue
> presents itself when an attacker submits format specification
> sequences through the folder name argument of the IMAP "CREATE" and
> "LIST" commands. Alt-N MDaemon 8.1.1 is reported to be vulnerable;
> other versions are likely affected as well.
> Ref: http://www.securityfocus.com/bid/16854/exploit
> ______________________________________________________________________
>
> 06.9.14 CVE: CVE-2005-3847
> Platform: Linux
> Title: Linux Kernel handle_stop_signal Denial of Service
> Description: Linux kernel is prone to a denial of service
> vulnerability caused by a race condition. The issue resides in the
> "handle_stop_signal()" function in "signal.c". It arises when a core
> dump is triggered in one thread while another thread has a pending
> SIGKILL.
> Ref:
> http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2
.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp>
=ade6648b3b11a5d81f6f28135193ab6d85d621db
> ______________________________________________________________________
>
> 06.9.17 CVE: CVE-2006-0554
> Platform: Linux
> Title: Linux Kernel XFS File System Local Information Disclosure
> Description: The Linux kernel contains support for the XFS filesystem
> by SGI. It is susceptible to a local information disclosure issue due
> to a flaw in the filesystem that may result in previously written data
> being returned to local users. This issue arrises when certain
> "ftruncate()" activity triggers a flaw that may result in data extents
> being exposed to local users where holes should be. Linux kernel
> versions prior to 2.6.15.5 are affected.
> Ref: http://www.securityfocus.com/bid/16844
> ______________________________________________________________________
>
> 06.9.18 CVE: CVE-2006-0555
> Platform: Linux
> Title: Linux Kernel NFS Client Denial of Service
> Description: Linux kernel NFS client is prone to a local denial of
> service vulnerability. This issue is due to improper handling of the
> direct I/O with excessive O_DIRECT data. For more information on
> affected versions, please follow the reference link.
> Ref: http://www.securityfocus.com/bid/16922
> ______________________________________________________________________
>
> 06.9.19 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel sys_mbind System Call Local Denial of Service
> Description: The Linux kernel "sys_mbind" system call is vulnerable to
> a local denial of service issue due to insufficient sanitization in
> the system call's arguments.
> Linux kernel versions 2.6.15.4 and earlier are vulnerable.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
> ______________________________________________________________________
>
> 06.9.20 CVE: CVE-2006-0741
> Platform: Linux
> Title: Linux Kernel ELF File Entry Point Denial of Service
> Description: Linux kernel is vulnerable to a denial of service when
> opening malformed ELF files with a bad entry address. Intel EM64T
> processors running Linux kernel versions 2.6.15.4 and earlier are
> vulnerable.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
> ______________________________________________________________________
>
> 06.9.21 CVE: Not Available
> Platform: BSD
> Title: FreeBSD Remote NFS Mount Request Denial of Service
> Description: FreeBSD is susceptible to a remote denial of service
> vulnerability. This issue is due to a flaw in affected kernels that
> potentially results in a crash when handling malformed NFS mount
> requests.
> Ref: http://www.securityfocus.com/bid/16838/exploit
> ______________________________________________________________________
>
> 06.9.22 CVE: Not Available
> Platform: Solaris
> Title: Sun Solaris HSFS Filesystem Local Denial of Service
> Description: Sun Solaris is prone to a local denial of service issue
> that affects multiple locations of the "hsfs" module. A local
> unprivileged attacker can cause a system panic.
> Ref: http://www.securityfocus.com/bid/16816
> ______________________________________________________________________
>
> 06.9.25 CVE: Not Available
> Platform: Cross Platform
> Title: MySQL Query Logging Bypass
> Description: MySQL is susceptible to a query logging bypass
> vulnerability. This issue is due to a discrepancy between the handling
> of NULL bytes in input data in the "mysql_real_query()" function, and
> the query logging functionality. If an attacker issues queries against
> a vulnerable database with query logging enabled, they can include
> NULL bytes in order to truncate the query in the log. MySQL version
> 5.0.18 is affected.
> Ref: http://www.securityfocus.com/bid/16850
> ______________________________________________________________________
>
> 06.9.27 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Multiple Security Bypass Vulnerabilities
> Description: PHP is prone to multiple input validation
> vulnerabilities. These issues could allow an attacker to bypass the
> "safe_mode" and "open_basedir" security settings to obtain sensitive
> information. The first issue exists because the "mb_send_mail()"
> function does not properly validate user-supplied input to the
> "additional_parameter" parameter. The second issue occurs because
> various PHP IMAP functions do not properly validate user-supplied
> input. The IMAP vulnerabilities exist in PHP version 4.4.2 compiled
> with c_client 2004g; other versions may also be affected.
> Ref: http://www.securityfocus.com/bid/16878/exploit
> ______________________________________________________________________
>
> 06.9.28 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Thunderbird Multiple Remote Information Disclosure
> Vulnerabilities
> Description: Mozilla Thunderbird is susceptible to multiple remote
> information disclosure vulnerabilities. These issues are due to a
> failure of the application to properly enforce the restriction for
> downloading remote content in email messages. These issues allow
> remote attackers to gain access to potentially sensitive information,
> aiding them in further attacks. Mozilla Thunderbird version 1.5 is
> vulnerable to these issues.
> Ref: http://www.securityfocus.com/archive/1/426347
> ______________________________________________________________________
>
> 06.9.30 CVE: CVE-2006-0803
> Platform: Cross Platform
> Title: SuSE YaST Online Update Script Signature Verification Bypass
> Description: SuSE YaST Online Update (YOU) is a software update
> utility that facilitates the installation of software updates from an
> online repository. The YaST Online Update is affected by a design
> error that could allow malicious scripts to bypass signature
> verification.
> Ref: http://www.securityfocus.com/bid/16889
> ______________________________________________________________________
>
> 06.9.31 CVE: CVE-2006-0883
> Platform: Cross Platform
> Title: OpenSSH Remote PAM Denial of Service
> Description: OpenSSH is susceptible to a remote denial of service
> vulnerability. This issue arises when OpenSSH is configured with
> PrivilegeSeparation enabled, as well as configured to utilize OpenPAM
> as an authentication system. In this configuration, OpenSSH forks an
> unprivileged process to handle incoming connections, and another
> process to interact with the PAM authentication system. If the
> unprivileged process handling the incoming connection terminates while
> PAM authentication is underway, the OpenSSH master process mistakenly
> counts the orphaned children PAM processes in its connection
> accounting code. If an attacker causes many of these connections to be
> counted in this manner, the OpenSSH master process will believe that
> it is overloaded and it will stop accepting new connections. OpenSSH
> in conjunction with OpenPAM on FreeBSD versions 5.3 and 5.4 are
> affected by this issue. Other operating systems and versions may also
> be affected.
> Ref: http://www.securityfocus.com/bid/16892
> ______________________________________________________________________
>
> 06.9.32 CVE: Not Available
> Platform: Cross Platform
> Title: Flex Multiple Unspecified Vulnerabilities
> Description: GNU Flex is a tool for generating lexical analyzers. It
> is vulnerable to multiple unspecified security issues. GNU Flex
> versions 2.5.32 and 2.5.30 are vulnerable.
> Ref: http://secunia.com/advisories/19071/
> ______________________________________________________________________
>
> 06.9.35 CVE: Not Available
> Platform: Cross Platform
> Title: Apache mod_python FileSession Code Execution
> Description: Apache's mod_python is a module which allows the web
> server to interpret Python scripts. Apache mod_python is prone to a
> code execution vulnerability. Reports indicate that this issue affects
> the FileSession object of mod_python. It should be noted that this
> issue only affects mod_python version 3.2.7 and only arises if
> FileSession has been enabled, which is not enabled by default.
> Ref: http://www.cgisecurity.com/2006/02/07
> ______________________________________________________________________
>
> 06.9.36 CVE: Not Available
> Platform: Cross Platform
> Title: STLPort Library Multiple Buffer Overflow Vulnerabilities
> Description: STLport is a freely available, open source C++ Standard
> Template Library (STL). The STLport library is susceptible to multiple
> buffer overflow vulnerabilities. These issues are due improper
> boundary checking of the user-supplied input prior to copying it to
> insufficiently sized memory buffers. The first issues are due to
> several incorrectly-bounded uses of the "strcpy()" function in the
> "src/c_locale_glibc/c_locale_glibc2.c" source file. STLport versions
> prior to 5.0.2 are affected by these issues.
> Ref: http://www.securityfocus.com/bid/16928
> ______________________________________________________________________