Josh Bressers

**Name of the Vulnerable Software and Affected Versions** FreeBSD (affected versions not specified) **Description** The issue arises from how FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. Specifically, it uses the `MD5File()` function, which takes a `pathname` as an argument and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Squirrelmail version 4.0 Description: The issue concerns the use of the outdated MD5 hash algorithm for passwords. Recommendations: For Squirrelmail version 4.0, consider updating the password hashing mechanism to a more secure algorithm as a permanent fix. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mambo CMS versions through 4.6.5 **Description** The issue concerns multiple cross-site scripting (XSS) flaws. Cross-site scripting is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control of user sessions. **Recommendations** For versions through 4.6.5, update to a version later than 4.6.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** statusnet versions through 2010 **Description** The issue allows attackers to spoof syslog messages via newline injection attacks. **Recommendations** For statusnet versions through 2010, consider restricting access to the syslog functionality until a patch is available. As a temporary workaround, avoid using newline characters in input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vanilla Forums versions prior to 2.0.17.9 **Description** An issue exists due to the way cookies are handled. **Recommendations** For versions prior to 2.0.17.9, update to version 2.0.17.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** vsftpd version 2.3.4 **Description** The issue concerns a backdoor in vsftpd that opens a shell on port 6200/tcp. This backdoor was present in versions of vsftpd 2.3.4 that were downloaded between 20110630 and 20110703. **Recommendations** For vsftpd version 2.3.4, consider disabling the service or restricting access to port 6200/tcp as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Hardlink versions prior to 0.1.2 **Description** The issue allows a local attacker to conduct symlink attacks because it operates on full file system objects path names. **Recommendations** For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** StatusNet versions prior to 2011 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in error message contents. This type of vulnerability allows attackers to inject malicious scripts into content from otherwise trusted websites. **Recommendations** For versions prior to 2011, update to a version released after 2010 to resolve the issue. As a temporary workaround, consider restricting the display of error messages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** StatusNet versions prior to 2011 **Description** The issue arises from the way addslashes are used in SQL string escapes, potentially leading to unspecified security consequences. **Recommendations** For versions prior to 2011, update to a version released in 2011 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** StatusNet versions prior to 0.9.9 **Description** The issue is related to cross-site scripting (XSS). **Recommendations** For versions prior to 0.9.9, update to version 0.9.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** XFree86 x11perf versions prior to 1.5.4 **Description** The issue allows local users to gain privileges through unspecified Trojan horse code in the current working directory due to an untrusted search path vulnerability in x11perfcomp. **Recommendations** For versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** nspluginwrapper versions prior to 1.4.4 **Description** The issue prevents Firefox plugins from determining if they should run in Private Browsing mode, allowing remote attackers to bypass intended access restrictions. This could be demonstrated using Flash, where the `NPNVprivateModeBool` variable settings are not properly provided. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to plugins that rely on Private Browsing mode until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libgssglue versions prior to 0.4 libgssapi versions prior to 0.4 **Description** The issue concerns a problem with privilege checking in libgssapi and libgssglue, which can be exploited locally. This can lead to the execution of arbitrary code via the `GSSAPI MECH CONF` environment variable. For example, this can be demonstrated using `mount.nfs`. The exploitation of this issue may result in a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For libgssglue versions prior to 0.4, update to version 0.4 or later to resolve the issue. For libgssapi versions prior to 0.4, update to version 0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `GSSAPI MECH CONF` environment variable to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cherokee versions prior to 1.2.99 **Description** The issue concerns the generate admin password function, which uses time and PID values for seeding a random number generator. This makes it easier for local users to determine admin passwords via a brute-force attack. **Recommendations** For versions prior to 1.2.99, update to version 1.2.99 or later to resolve the issue. As a temporary workaround, consider restricting access to the generate admin password function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.7.4 Qt versions prior to 4.8.4 frysk version 0.0.1.2007.08.03 **Description** The issue is related to a heap-based buffer overflow in the `Lookup MarkMarkPos` function in the HarfBuzz module (`harfbuzz-gpos.c`), which can be exploited by remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For Qt versions prior to 4.7.4, update to version 4.7.4 or later to resolve the issue. For Qt versions prior to 4.8.4, update to version 4.8.4 or later to resolve the issue. For frysk version 0.0.1.2007.08.03, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libmodplug versions prior to 0.8.8.4 **Description** The issue concerns multiple vulnerabilities in the libmodplug package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, a stack-based buffer overflow in the `CSoundFile::ReadS3M` function allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset. **Recommendations** For libmodplug versions prior to 0.8.8.4, update to version 0.8.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `CSoundFile::ReadS3M` function in src/load s3m.cpp to minimize the risk of exploitation. Avoid using the libmodplug package with untrusted S3M files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libmodplug versions prior to 0.8.8.4 **Description** The issue is related to multiple vulnerabilities in the libmodplug package, which can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, an off-by-one error in the `CSoundFile::ReadDSM` function in `src/load dms.cpp` allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples. **Recommendations** For libmodplug versions prior to 0.8.8.4, update to version 0.8.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to DSM files or disabling the `CSoundFile::ReadDSM` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.5.6 through 3.6 **Description** The issue involves multiple race conditions in the mount.cifs and umount.cifs programs, allowing local users to cause a denial of service via a SIGKILL signal during a specific time window when the /etc/mtab~ file exists. This can lead to a mounting outage. The vulnerability can be exploited remotely, potentially disrupting confidentiality, integrity, and availability of protected information. **Recommendations** For Samba versions 3.5.6 through 3.6, consider disabling the mount.cifs and umount.cifs programs as a temporary workaround until a patch is available. Restrict access to the /etc/mtab~ file to minimize the risk of exploitation. Avoid using the SIGKILL signal during the time window when the /etc/mtab~ file exists. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.3.7 **Description** The issue allows context-dependent attackers to cause a denial of service or trigger a buffer overflow by providing an arbitrary value for a function argument. This is related to multiple files, including ext/curl/interface.c, ext/date/lib/parse date.c, ext/date/lib/parse iso intervals.c, ext/date/lib/parse tz.c, ext/date/lib/timelib.c, ext/pdo odbc/pdo odbc.c, ext/reflection/php reflection.c, ext/soap/php sdl.c, ext/xmlrpc/libxmlrpc/base64.c, TSRM/tsrm win32.c, and the strtotime function. **Recommendations** For PHP versions prior to 5.3.7, update to version 5.3.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** gimp-libs version 2.6.9 gimp-devel-tools version 2.6.9 gimp-help-browser version 2.6.9 gimp-devel version 2.6.9 gimp-debuginfo version 2.6.9 gimp version 2.6.9 **Description** The issue involves multiple vulnerabilities in the gimp packages of CentOS and Red Hat Enterprise Linux operating systems. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. **Recommendations** For gimp-libs version 2.6.9, update to a newer version to mitigate the risk. For gimp-devel-tools version 2.6.9, update to a newer version to mitigate the risk. For gimp-help-browser version 2.6.9, update to a newer version to mitigate the risk. For gimp-devel version 2.6.9, update to a newer version to mitigate the risk. For gimp-debuginfo version 2.6.9, update to a newer version to mitigate the risk. For gimp version 2.6.9, update to a newer version to mitigate the risk.