| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.733 - 2.739 |
| Coverage Release Date | Jan 05, 2010 - Jan 15, 2010 |
| Published Date | Monday, January 18, 2010 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 41 | 6 | | High | 32 | 12 | | Medium | 13 | 3 | | Low | 3 | 1 | | Info | - | n/a | | Total | 89 | 22 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 22 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.739 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
 Critical ( 21 )
Description:
This indicates an attack attempt to exploit a remote code execution vulnerability in Adobe Illustrator.
The vulnerability is caused by an error when handling malformed .EPS file. It can be exploited via a crafted EPS file, leading to remote code execution.
Affected Products:
Adobe Illustrator CS4
Adobe Illustrator CS3
Reference IDs:
|
Description:
This indicates an attempt to exploit a code-execution vulnerability in Adobe Acrobat Reader.
The vulnerability is caused by an error when the vulnerable software handles
a crafted .PDF file. It may allow remote attackers to execute arbitrary code in vulnerable systems.
Affected Products:
Adobe Acrobat Reader 9.2
Prior versions are possibly affected.
Reference IDs:
|
Description:
This indicates an attack attempt against a command-injection vulnerability in Alcatel OmniPCX Office.
A vulnerability has been reported in Alcatel OmniPCX Office that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "id2" parameter value that is passed to "/FastJSData.cgi". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.
Affected Products:
Alcatel OmniPCX Office since release 210/061.1
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer-overflow vulnerability in libxml2.
This vulnerability is caused by an error in the xmlParseAttValueComplex function in parser.c when processing malformed entity names in XML files. It allows a remote attacker to execute arbitrary code via a crafted XML page.
Affected Products:
XMLSoft Libxml2 2.6.31
XMLSoft Libxml2 2.6.30
XMLSoft Libxml2 2.6.26
XMLSoft Libxml2 2.6.16
XMLSoft Libxml2 2.6.15
XMLSoft Libxml2 2.6.14
XMLSoft Libxml2 2.6.13
XMLSoft Libxml2 2.6.12
XMLSoft Libxml2 2.6.11
XMLSoft Libxml2 2.6.9
XMLSoft Libxml2 2.6.8
+ RedHat Fedora Core2
XMLSoft Libxml2 2.6.7
XMLSoft Libxml2 2.6.6
XMLSoft Libxml2 2.6.5
XMLSoft Libxml2 2.6.4
XMLSoft Libxml2 2.6.3
XMLSoft Libxml2 2.6.2
XMLSoft Libxml2 2.6.1
XMLSoft Libxml2 2.6 .0
XMLSoft Libxml2 2.5.11
XMLSoft Libxml2 2.5.10
XMLSoft Libxml2 2.5.8
XMLSoft Libxml2 2.5.4
XMLSoft Libxml2 2.5.1
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 10.0_x86
Sun Solaris 10
Sun OpenSolaris build snv_99
Sun OpenSolaris build snv_96
Sun OpenSolaris build snv_95
Sun OpenSolaris build snv_92
Sun OpenSolaris build snv_91
Sun OpenSolaris build snv_90
Sun OpenSolaris build snv_89
Sun OpenSolaris build snv_88
Sun OpenSolaris build snv_87
Sun OpenSolaris build snv_85
Sun OpenSolaris build snv_84
Sun OpenSolaris build snv_83
Sun OpenSolaris build snv_82
Sun OpenSolaris build snv_80
Sun OpenSolaris build snv_78
Sun OpenSolaris build snv_77
Sun OpenSolaris build snv_76
Sun OpenSolaris build snv_68
Sun OpenSolaris build snv_67
Sun OpenSolaris build snv_64
Sun OpenSolaris build snv_61
Sun OpenSolaris build snv_59
Sun OpenSolaris build snv_57
Sun OpenSolaris build snv_50
Sun OpenSolaris build snv_39
Sun OpenSolaris build snv_36
Sun OpenSolaris build snv_29
Sun OpenSolaris build snv_22
Sun OpenSolaris build snv_19
Sun OpenSolaris build snv_13
Sun OpenSolaris build snv_100
Sun OpenSolaris build snv_02
Sun OpenSolaris build snv_01
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
rPath rPath Linux 2
rPath rPath Linux 1
rPath Appliance Platform Linux Service 2
rPath Appliance Platform Linux Service 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
Nortel Networks Self-Service Peri Workstation 0
Nortel Networks Self-Service Peri Application 0
Nortel Networks Self-Service MPS 1000 0
Nortel Networks Self-Service - CCSS7 0
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya Voice Portal 3.0
Avaya SIP Enablement Services 3.1.2
Avaya SIP Enablement Services 5.0
Avaya SIP Enablement Services 4.0
Avaya Proactive Contact 4.0
Avaya Proactive Contact 3.0
Avaya Proactive Contact 0
Avaya Messaging Storage Server MSS 3.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 4.0
Avaya Messaging Storage Server 3.1
Avaya Messaging Storage Server 2.0
Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Message Networking
Avaya Meeting Exchange - Enterprise Edition
Avaya Meeting Exchange 5.0 .0.52
Avaya Meeting Exchange 5.0
Avaya Intuity AUDIX LX 2.0
Avaya EMMC 1.021
Avaya EMMC 1.017
Avaya EMMC 0
Avaya Communication Manager 4.0.3 SP1
Avaya Communication Manager 3.1.4 SP2
Avaya Communication Manager 5.1
Avaya Communication Manager 5.0 SP3
Avaya Communication Manager 5.0
Avaya Communication Manager 4.0
Avaya Communication Manager 3.1
Avaya CMS Server 13.0
Avaya CMS Server 15.0
Avaya CMS Server 14.1
Avaya CMS Server 14.0
Avaya CMS Server 13.1
Avaya AES 4.2.1
Avaya AES 3.1.6
Apple Safari 3.2.2 for Windows
Apple Safari 3.1.2 for Windows
Apple Safari 3.1.2
Apple Safari 3.1.1 for Windows
Apple Safari 3.1.1
Apple Safari 3.0.4 Beta for Windows
Apple Safari 3.0.3
Apple Safari 3.0.3
Apple Safari 3.0.2 Beta for Windows
Apple Safari 3.0.2 Beta
Apple Safari 3.0.1 Beta for Windows
Apple Safari 3.0.1 Beta
Apple Safari 4 Beta
Apple Safari 3.2
Apple Safari 3.1 for Windows
Apple Safari 3.1
Apple Safari 3 Beta for Windows
Apple Safari 3 Beta
Apple Safari 3
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a remote code-execution vulnerability in Apple Quicktime.
The vulnerability is caused by an error when parsing a malformed "0x71" tag in PICT files. It can be exploited via a crafted PICT file, leading to remote code execution.
Affected Products:
Apple QuickTime Player 7.6.1
Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1 .70
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 7.6
Apple QuickTime Player 7.5
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.5
Reference IDs:
|
Description:
This indicates a possible attack against a heap-based buffer-overflow vulnerability in Apple QuickTime.
The vulnerability is due to the way the application parses PICT files. A remote attacker may exploit this by sending a crafted PICT image.
Affected Products:
Apple QuickTime before 7.6.2
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in BaiduX.
The vulnerability is caused by an error when the GetUiDllVersion function in an ActiveX control in UiCheck.dll handles a specially crafted filename parameter. It allows a remote attacker to execute arbitrary code.
Affected Products:
BaiduX
Reference IDs:
|
Gumblar.Botnet
Event ID: 18101 |
Release Date: Jan 12, 2010
IPS Definitions DB Version: 2.736 |
Description:
This indicates that the system might be infected by the Gumblar trojan.
Affected Products:
Any unprotected Windows system is vulnerable to the attack.
Reference IDs:
|
Description:
This indicates an attack attempt against a stack overflow vulnerability in
HP Application Recovery Manager.
The vulnerability is caused by an error when the vulnerable software handles a malicious packet. It allows a remote attacker to execute arbitrary code.
Affected Products:
HP OpenView Data Protector Application Recovery Manager 5.5
HP OpenView Data Protector Application Recovery Manager 6.0
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in Hewlett-Packard OpenView Network Node Manager.
The vulnerability is caused by an error when the vulnerable software handles a overlong "Template" variable that is passed to "nnmRptConfig.exe". It allows a remote attacker to execute arbitrary code via sending a crafted HTTP POST request.
Affected Products:
HP OpenView Network Node Manager 7.50 Windows 2000/XP
HP OpenView Network Node Manager 7.50 Solaris
HP OpenView Network Node Manager 7.50 Linux
HP OpenView Network Node Manager 7.50 HP-UX 11.X
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.53
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.01
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in Hewlett-Packard OpenView Network Node Manager.
The vulnerability is caused by an error when the vulnerable software handles a overlong "Oid" variable that is passed to "snmp.exe". It allows a remote attacker to execute arbitrary code via sending a crafted HTTP request.
Affected Products:
HP OpenView Network Node Manager 7.50 Windows 2000/XP
HP OpenView Network Node Manager 7.50 Solaris
HP OpenView Network Node Manager 7.50 Linux
HP OpenView Network Node Manager 7.50 HP-UX 11.X
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.53
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.01
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer-overflow vulnerability in Media Jukebox.
This vulnerability is caused by an error in the vulnerable software when processing malformed ".m3u" (M3U) files. It allows a remote attacker to execute arbitrary code via sending a crafted M3U file.
Affected Products:
MultiMedia Jukebox 4.0 Build 020124
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles malformed data in TreeColumns. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles malcious Javascript. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Mozilla Firefox 3.5.x before 3.5.4
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted CSS style object. It allows a remote attacker to execute arbitrary code.
Affected Products:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a memory-corruption vulnerability in Novell eDirectory.
The vulnerability is caused by an error in the "evtFilteredMonitorEventsRequest()" function when processing malformed client LDAP requests. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Novell eDirectory 8.8.1
Novell eDirectory 8.8
Reference IDs:
|
Description:
This indicates an attack attempt against a command-injection vulnerability in Oracle Secure Backup.
A vulnerability has been reported in Oracle Secure Backup that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "ora_osb_lcookie", "ora_osb_bgcookie", and "rbtool" parameter values that are passed to "login.php". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.
Affected Products:
Oracle Secure Backup 10.2.0.3
Oracle Secure Backup 10.2.0.2
Oracle Secure Backup 10.1.0.3
Oracle Secure Backup 10.1.0.2
Oracle Secure Backup 10.1.0.1
Reference IDs:
|
Description:
This indicates an attack attempt against an integer-overflow vulnerability in
Sun Java.
The vulnerability is caused by an error when the vulnerable software handles
a malicious Pack200 compressed JAR file. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
JDK and JRE 6 Update 14 and earlier
JDK and JRE 5.0 Update 19 and earlier
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Sun Java Runtime.
The vulnerability is caused by an error when the vulnerable software handles a malicious parameter. It allows a remote attacker to execute arbitrary code via sending a crafted .class file.
Affected Products:
JDK and JRE 6 Update 16 and earlier
JDK and JRE 5.0 Update 21 and earlier
Reference IDs:
|
Description:
This indicates an attack attempt against an integer-overflow vulnerability in
Sun Java WebStart.
The vulnerability is caused by an error when the vulnerable software handles
a malicious splash JPEG icon. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
JDK and JRE 6 Update 14 and earlier
Reference IDs:
|
Description:
This indicates an attempt to exploit a code-execution vulnerability in Symantec Altiris Products.
The vulnerability is located in the "AeXNSConsoleUtilities.dll" ActiveX control through misuse of the "RunCMD" method. It may allow remote attackers to download and install arbitrary files in vulnerable systems.
Affected Products:
Symantec Management Platform 7.0 SP1
Symantec Management Platform 7.0
Symantec Altiris Notification Server 6.0 SP3 R7
Symantec Altiris Notification Server 6.0 SP3
Symantec Altiris Notification Server 6.0 SP2
Symantec Altiris Notification Server 6.0 SP1
Symantec Altiris Notification Server 6.0
Symantec Altiris Deployment Solution 6.9.355 SP1
Symantec Altiris Deployment Solution 6.9.355
Symantec Altiris Deployment Solution 6.9.176
Symantec Altiris Deployment Solution 6.9.164
Symantec Altiris Deployment Solution 6.9 SP3 Build 430
Symantec Altiris Deployment Solution 6.9 SP2 build 375
Symantec Altiris Deployment Solution 6.9 SP1
Symantec Altiris Deployment Solution 6.9
Reference IDs:
|
High ( 19 )
Description:
This indicates an attempt to exploit an integer-overflow vulnerability in Adobe Acrobat Reader.
The vulnerability is caused by an error when the vulnerable software handles
a crafted .PDF file. It may allow remote attackers to execute arbitrary code in vulnerable systems.
Affected Products:
Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
Reference IDs:
|
Description:
This indicates an attempt to exploit a code-execution vulnerability in the Adobe get_atlcom Class.
The vulnerability is located in the "gp.ocx" ActiveX control through misuse of multiple vulnerable properties. It may allow remote attackers to execute arbitrary code in vulnerable systems.
Affected Products:
Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
Reference IDs:
|
Description:
This indicates an attack attempt against a JavaScript execution vulnerability
in Adobe software.
The vulnerability is caused by an error when the vulnerable software handles
a malicious FDF file. It allows a remote attacker to execute
JavaScript via sending a crafted web page.
Affected Products:
Adobe Acrobat Reader 9.1 and earlier versions
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Adobe Acrobat and Adobe Reader.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted PDF file. It allows a remote attacker to execute arbitrary code.
Affected Products:
Adobe Acrobat 9 and previous versions
Adobe Reader 9 and previous versions
Reference IDs:
|
Description:
This indicates an attack attempt against a use-after-free vulnerability in an ActiveX control in America Online (AOL).
The vulnerability is caused by an error when the Sb.SuperBuddy.1 ActiveX control (sb.dll) handles a specially crafted argument to the SetSuperBuddy method. It allows a remote attacker to execute arbitrary code.
Affected Products:
AOL 9.1
Reference IDs:
|
Description:
This indicates a possible attack against a vulnerability in Darwin/QuickTime Streaming Servers which may lead to arbitrary code execution due to insufficient user-supplied input sanitation.
Affected Products:
Apple Quicktime Streaming Server 4.1.1
Apple Darwin Streaming Server 4.1.2
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in Apple Quicktime.
The vulnerability is caused by an error when the vulnerable software handles a malicious Java applet. It allows a remote attacker to execute arbitrary code via sending a crafted Java applet.
Affected Products:
QuickTime Player 7.1.6 and prior versions
Reference IDs:
|
Description:
This indicates a possible attack against a stack-based buffer overflow vulnerability in Hewlett-Packard Power Manager 4.2, which could be exploited by sending a specially crafted POST request with an overly long string, leading to arbitrary code execution.
Affected Products:
Hewlett-Packard Power Manager 4.2
Reference IDs:
|
Description:
This indicates a possible attack against a stack-based buffer-overflow vulnerability in the client in IBM Tivoli Storage Manager (TSM) and TSM Express.
The vulnerability is in the client acceptor daemon scheduler, which may allow remote attackers to execute arbitrary code via crafted data in a TCP packet.
Affected Products:
IBM Tivoli Storage Manager 5.3 before 5.3.6.7
IBM Tivoli Storage Manager 5.4 before 5.4.3
IBM Tivoli Storage Manager 5.5 before 5.5.2.2
IBM Tivoli Storage Manager 6.1 before 6.1.0.2
TSM Express 5.3.3.0 through 5.3.6.6,
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to cause a denial of service (crash) and possibly execute arbitrary code.
Affected Products:
Mozilla Firefox 1.5.0.1 and previous versions
Reference IDs:
|
Description:
This indicates an attack attempt to exploit an SQL-injection vulnerability in MyPhPim.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server.
Affected Products:
MyPhPim 01.05
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in PeerCast.
The vulnerability is caused by an error when the vulnerable software handles an HTTP request that includes a malicious "Authorization" header. It allows a remote attacker to execute arbitrary code via sending a crafted HTTP request.
Affected Products:
peercast.org PeerCast 0.1218
GNOME PeerCast 0.5.4
Gentoo Linux
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in the PHP library.
The vulnerability is caused by an error when the vulnerable software handles a malicious zip url. It allows a remote attacker to execute arbitrary code via sending a crafted PHP file.
Affected Products:
PHP 5.2.0 and PHP with PECL ZIP <= 1.8.3
Reference IDs:
|
Description:
This indicates an attack attempt against a remote command-execution vulnerability in phpBook.
A vulnerability has been reported in phpBook that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "mail" parameter value. An attacker may include shell commands by supplying an injection string through the URL.
Affected Products:
phpBook 1.3.2 and prior versions
Reference IDs:
|
Description:
This indicates an attack attempt to exploit an SQL-injection vulnerability in PHPjournaler.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in a SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server.
Affected Products:
PHPjournaler PHPjournaler 1.0
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Hexamail Server.
The vulnerability is caused by an error when the vulnerable software handles a long USER command. It allows a remote attacker to cause a denial of service (daemon crash) and possibly execute arbitrary code.
Affected Products:
Hexamail Server version 3.0.0.001 and previous versions
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in the Serv-U WebClient HTTP Service. The vulnerability is caused by an insufficient sanitation of user supplied input data to an HTTP request, that could lead to remote code execution.
Affected Products:
Serv-U WebClient earlier than(including) 9.0.0.5.
Reference IDs:
|
Description:
This indicates an attack attempt against a denial of service vulnerability in Asterisk SIP Channel Driver.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted SIP request. It allows a remote attacker to cause a denial of service.
Affected Products:
Asterisk Asterisk 1.6.3
Asterisk Asterisk 1.6.2
Asterisk Asterisk 1.6.1
Reference IDs:
|
Description:
This indicates an attack attempt against an integer-overflow vulnerability in Synergy.
This issue is caused by an error when the vulnerable software handles a malicious clipboard data message. It allows a remote attacker to execute
arbitrary code via sending a crafted client request.
Affected Products:
Synergy 1.3.1 and prior versions
|
Medium ( 10 )
Description:
This indicates an attack attempt against a remote code-execution vulnerability in Apple CUPS.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted packet. It allows a remote attacker to execute arbitrary code.
Affected Products:
Apple CUPS 1.3.7
Apple CUPS 1.3.10
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Apple Mac OS X's Finder.
The vulnerability is caused by an error when the vulnerable software handles
a malicious disk image file(.dmg). It may allow remote attackers to cause a denial of service or possibly execute arbitrary code via sending a crafted DMG file.
Affected Products:
Apple Mac OS X Server 10.4.8
Apple Mac OS X 10.4.8
Reference IDs:
|
Description:
This indicates an attack attempt to exploit an SQL-injection vulnerability in SalesLogix.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server.
Affected Products:
SalesLogix Corporation SalesLogix 2000.0
Best Software SalesLogix
Reference IDs:
|
Description:
This indicates an attack attempt to exploit an SQL-injection vulnerability in Nabopoll web poll package.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server.
Affected Products:
nabopoll 1.2 and the prior
Reference IDs:
|
Description:
This indicates an attempt to exploit a file-deleting vulnerability in Pegasus Imaging ImagXpress.
The vulnerability is located in the "PegasusImaging.ActiveX.ThumnailXpress1.dll" ActiveX control. It may allow remote attackers to delete arbitrary files in vulnerable systems via a malicious argument to the "CacheFile" method.
Affected Products:
Pegasus Imaging Corporation. ImagXpress 8.0
Reference IDs:
|
Description:
This indicates an attack attempt to exploit an SQL-injection vulnerability in PHPenpals.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server.
Affected Products:
PHPenpals PHPenpals 310704
Reference IDs:
|
Description:
This indicates an attack attempt against a directory traversal vulnerability in SAP Internet Transaction Server (ITS).
A vulnerability has been reported in SAP Internet Transaction Server (ITS) that may allow an attacker to browse arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "~template" parameter value that is passed to "wgate.dll". An attacker may browse arbitrary files by sending a crafted HTTP request.
Affected Products:
SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in MySQL database server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted query containing a view using temporary tables and PROCEDURE ANALYSE. It allows a remote attacker to cause a denial of service.
Affected Products:
Sun MySQL prior to 5.0.88
Sun MySQL prior to 5.1.41
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in MySQL database server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted SELECT query with a sub-query in the WHERE clause. It allows a remote attacker to cause a denial of service.
Affected Products:
Sun MySQL versions prior to 5.1.41 and 5.0.88
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a shell-injection vulnerability in
Zabbix Agent.
The vulnerability is a result of the application's failure to properly sanitize user input before using the parameter. As a result, a remote attacker can send a crafted query to execute shell commands on a vulnerable server.
Affected Products:
FreeBSD and Solaris agents.
Reference IDs:
|
Low ( 2 )
Description:
This indicates an attack attempt against a credentials-disclosure vulnerability in Alcatel OmniPCX Office.
The vulnerability is caused by an error when the vulnerable software handles a malicious connect request from the client. It allows a remote attacker to get the user and password information via sending a crafted client request.
Affected Products:
SalesLogix Corporation SalesLogix 2000.0
Best Software SalesLogix
Reference IDs:
|
Description:
This indicates a possible attack against a denial-of-service vulnerability in ntpd in NTP.
This vulnerability is caused by the program's inability to properly handle spoofed requests or response packets that use MODE_PRIVATE. A remote attacker may exploit this to cause a denial-of-service condition.
Affected Products:
ntpd in NTP before 4.2.4p8, and 4.2.5
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 29 )
High ( 18 )
Medium ( 4 )
Low ( 2 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 6 of 41 )
High ( 11 of 31 )
Medium ( 2 of 12 )
Low ( 1 of 3 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, January 18, 2010 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
