mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. (CVSS:6.4) (Last Update:2012-10-30)
All posts by 007admin
Critical Patch Update – July 2007
CVE-2007-3701 (tipping_point, tippingpoint_ips_tos)
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode ‘/’ (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
CVE-2007-3711 (tippingpoint_ips_tos)
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.
Critical Patch Update – April 2007
CVE-2007-1869
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. (CVSS:5.0) (Last Update:2008-11-15)
CVE-2007-1870
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. (CVSS:7.8) (Last Update:2008-11-15)
CVE-2007-1576 (phprojekt)
Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.
DRUPAL-SA-2007-005 – Drupal core – Arbitrary code execution
- Advisory ID: DRUPAL-SA-2007-005
- Project: Drupal core
- Version: 4.7.x, 5.x
- Date: 2007-Jan-29
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Description
Previews on comments were not passed through normal form validation routines, enabling users with the ‘post comments’ permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format.
Immediate workarounds include: disabling the comment module, revoking the ‘post comments’ permission for all users or limiting access to one input format.
Versions affected
- Drupal 4.7.x before version 4.7.6.
- Drupal 5.x before version 5.1.
Solution
Install the latest version:
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.6.
- If you are running Drupal 5.0 then upgrade to Drupal 5.1.
- To patch Drupal 4.7.5 use SA-2007-005-4.7.5.patch.
- To patch Drupal 5.0 use SA-2007-005-5.0.patch.
Reported by
The Drupal security team.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.