New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online.
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!

· Ian T's (AR 20)
· Marcia's (QA2)
· Bill G's (CO8)
· Paul's (AR 5)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· Recommend Us
· RegChat
· Reviews
· Search (Topics)
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?

$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 475
Comments: 13
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
image cybsec: Advisories!: The Secunia Weekly Advisory image
Cyber Security

The Secunia Weekly Advisory Summary


2004-05-13
2004-05-20




This week : 68 advisories

Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Secunia has launched a new service called Secunia Virus Information.
Secunia Virus Information is based on information automatically
collected from seven different anti-virus vendors. The data will be
parsed and indexed, resulting in a chronological list, a searchable
index, and grouped profiles with information from the seven vendors.

Furthermore, when certain criteria are triggered virus alerts will be
issued. You can sign-up for the alerts here:

Sign-up for Secunia Virus Alerts:
http://secunia.com/secunia_virus_alerts/

Secunia Virus Information:
http://secunia.com/virus_information/

========================================================================
2) This Week in Brief:

ADVISORIES:

Secunia issued Monday a Highly Critical advisory for Mac OS X, as
it was reported that it was possible to silently deliver and execute
arbitrary code on a vulnerable system.

However, during the day more details were revealed, and more advanced
exploits were published by various sources, demonstrating exactly how
easily this vulnerability could be exploited.

Therefore, and in the light of no patch being available from Apple,
Secunia raised the severity to a rare Extremely Critical for this
vulnerability.

Please refer to Secunia advisory below for full details.

Reference:
http://secunia.com/SA11622

--

http-equiv found a vulnerability in Outlook Express, which can be
exploited to include arbitrary web content from remote sites in
emails. It could be exploited by e.g. spammers to ping an email
address to see if anyone is reading emails sent to it.

http-equiv also reported a vulnerability in Microsoft Outlook, which
could be exploited to bypass certain security restrictions.

Please refer to the Secunia advisories below for in-depth information
about the vulnerabilities.

Reference:
http://secunia.com/SA11607
http://secunia.com/SA11629

--

A vulnerability in CVS was reported by Stefan Esser, which can be
exploited to compromise a vulnerable system.

Many vendors have issued patches for this issue, and many more are
likely to follow in the next days. Please refer to http://secunia.com
for information about vendor patches.

Reference:
http://secunia.com/SA11641

VIRUS ALERTS:

Secunia has not issued any virus alerts during the last week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1. [SA11622] Mac OS X URI Handler Arbitrary Code Execution
2. [SA11066] Symantec Client Firewall Products Multiple
Vulnerabilities
3. [SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
4. [SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
5. [SA11012] Apple Filing Protocol Insecure Implementation
6. [SA11303] Mac OS X Security Update Fixes Multiple Vulnerabilities
7. [SA10959] Mac OS X Security Update Fixes Multiple Vulnerabilities
8. [SA10440] Mac OS X cd9660.util Privilege Escalation Vulnerability
9. [SA10524] Mac OS X Local Denial of Service Vulnerability
10. [SA10723] Mac OS X Security Update Fixes Multiple Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
[SA11637] NetChat HTTP Service GET Request Buffer Overflow
Vulnerability
[SA11607] Microsoft Outlook Express Loading of Arbitrary Web Content
[SA11633] Microsoft Windows desktop.ini Arbitrary File Execution
Vulnerability

UNIX/Linux:
[SA11622] Mac OS X URI Handler Arbitrary Code Execution
[SA11662] Slackware update for cvs
[SA11661] Fedora update for cvs
[SA11659] Fedora update for subversion
[SA11658] Mandrake update for cvs
[SA11653] SuSE update for cvs
[SA11652] FreeBSD update for cvs
[SA11651] Debian update for cvs
[SA11647] Red Hat update for cvs
[SA11646] Gentoo update for pound
[SA11642] Subversion Date Parsing Buffer Overflow Vulnerability
[SA11641] CVS Entry Line Heap Overflow Vulnerability
[SA11620] Gentoo update for exim
[SA11604] Zoneminder Query String Buffer Overflow Vulnerability
[SA11671] Gentoo update for icecast
[SA11670] Fedora update for ipsec-tools
[SA11660] Fedora update for libneon
[SA11657] Mandrake update for libneon
[SA11655] Gentoo update for proftpd
[SA11654] Debian update for cadaver
[SA11650] Debian update for libneon
[SA11648] Red Hat update for cadaver
[SA11643] cadaver libneon Date Parsing Heap Overflow Vulnerability
[SA11638] Neon Date Parsing Heap Overflow Vulnerability
[SA11630] Mandrake update for apache
[SA11617] Trustix update for apache
[SA11613] HP-UX update for Mozilla
[SA11610] Fedora update for LHA
[SA11636] Debian update for heimdal
[SA11614] HP-UX dtlogin XDMCP Parsing Vulnerability
[SA11669] Red Hat update for rsync
[SA11667] Red Hat update for libpng
[SA11663] Fedora update for tcpdump
[SA11656] Gentoo update for kdelibs
[SA11645] Mandrake update for kdelibs
[SA11644] Fedora update for kdelibs
[SA11635] Slackware update for kdelibs
[SA11631] Red Hat update for kdelibs
[SA11623] TTT-C Multiple Vulnerabilities
[SA11619] Gentoo update for libpng
[SA11612] Fedora update for libpng
[SA11628] SGI IRIX rpc.mountd Denial of Service Vulnerability
[SA11668] Red Hat update for mc
[SA11621] Slackware update for mc
[SA11618] SuSE update for mc
[SA11615] HP-UX B6848AB GTK+ Support Libraries Insecure Directory
Permissions
[SA11609] Gentoo update for utempter
[SA11605] OpenBSD procfs Integer Overflow Vulnerability
[SA11616] Sun Solaris SMC Web Server File Enumeration Security Issue
[SA11611] Fedora update for iproute

Other:
[SA11632] Sidewinder G2 Firewall Multiple Denial of Service
Vulnerabilities
[SA11603] Sweex Wireless Broadband Router Exposure of Configuration
[SA11627] Blue Coat Security Gateway OS Private Key Disclosure
[SA11606] Linksys BEF Series Routers DHCP Vulnerability

Cross Platform:
[SA11649] Zen Cart SQL Injection Vulnerability
[SA11640] phpMyFAQ Arbitrary File Inclusion Vulnerability
[SA11639] Java Secure Socket Extension Unspecified Server Certificate
Validation Vulnerability
[SA11625] PHP-Nuke Multiple Vulnerabilities
[SA11608] Ethereal Multiple Vulnerabilities
[SA11602] Multiple Browsers Telnet URI Handler File Manipulation
Vulnerability
[SA11624] osCommerce Directory Traversal Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass

Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-05-18

http-equiv has reported a vulnerability in Microsoft Outlook 2003,
allowing malicious people to perform illegal actions through emails.

Full Advisory:
http://secunia.com/advisories/11629/

--

[SA11637] NetChat HTTP Service GET Request Buffer Overflow
Vulnerability

Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-05-19

Marius Huse Jacobsen has reported a vulnerability in NetChat, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/11637/

--

[SA11607] Microsoft Outlook Express Loading of Arbitrary Web Content

Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-05-14

http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load
arbitrary content into the email client.

Full Advisory:
http://secunia.com/advisories/11607/

--

[SA11633] Microsoft Windows desktop.ini Arbitrary File Execution
Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-18

Roozbeh Afrasiabi has reported a vulnerability in Microsoft Windows,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/11633/


UNIX/Linux:--

[SA11622] Mac OS X URI Handler Arbitrary Code Execution

Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2004-05-17

Two vulnerabilities have been reported in Mac OS X, allowing malicious
web sites to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11622/

--

[SA11662] Slackware update for cvs

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-20

Slackware has issued updated packages for cvs. These fix a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11662/

--

[SA11661] Fedora update for cvs

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

Fedora has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11661/

--

[SA11659] Fedora update for subversion

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

Fedora has issued updated packages for subversion. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11659/

--

[SA11658] Mandrake update for cvs

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

MandrakeSoft has issued updated packages for cvs. These fix a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11658/

--

[SA11653] SuSE update for cvs

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

SuSE has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11653/

--

[SA11652] FreeBSD update for cvs

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

FreeBSD has issued updates for cvs. These fix a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11652/

--

[SA11651] Debian update for cvs

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

Debian has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11651/

--

[SA11647] Red Hat update for cvs

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

Red Hat has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11647/

--

[SA11646] Gentoo update for pound

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

Gentoo has issued an update for pound. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11646/

--

[SA11642] Subversion Date Parsing Buffer Overflow Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

Stefan Esser has discovered a vulnerability in Subversion, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11642/

--

[SA11641] CVS Entry Line Heap Overflow Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19

Stefan Esser has reported a vulnerability in CVS, allowing malicious
users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11641/

--

[SA11620] Gentoo update for exim

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-17

Gentoo has issued updated packages for exim. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11620/

--

[SA11604] Zoneminder Query String Buffer Overflow Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-13

Mark Cox has reported a vulnerability in ZoneMinder, potentially
allowing malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11604/

--

[SA11671] Gentoo update for icecast

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-20

Gentoo has issued an update for icecast. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/11671/

--

[SA11670] Fedora update for ipsec-tools

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-20

Fedora has issued updates for ipsec-tools. These fix a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/11670/

--

[SA11660] Fedora update for libneon

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19

Fedora has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11660/

--

[SA11657] Mandrake update for libneon

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19

MandrakeSoft has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11657/

--

[SA11655] Gentoo update for proftpd

Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-05-19

Gentoo has issued an update for proftpd. This fixes a security issue,
which potentially allows malicious people to bypass ACLs.

Full Advisory:
http://secunia.com/advisories/11655/

--

[SA11654] Debian update for cadaver

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19

Debian has issued updated packages for cadaver. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11654/

--

[SA11650] Debian update for libneon

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19

Debian has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11650/

--

[SA11648] Red Hat update for cadaver

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19

Red Hat has issued updated packages for cadaver. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11648/

--

[SA11643] cadaver libneon Date Parsing Heap Overflow Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19

cadaver is affected by a vulnerability in the libneon date parsing
code, which potentially can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/11643/

--

[SA11638] Neon Date Parsing Heap Overflow Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19

Stefan Esser has discovered a vulnerability in neon, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/11638/

--

[SA11630] Mandrake update for apache

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing, Manipulation of data, DoS
Released: 2004-05-18

MandrakeSoft has issued updated packages for apache. These fix various
vulnerabilities, which can be exploited to inject potentially malicious
characters into error logfiles, bypass certain restrictions, gain
unauthorised access, or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11630/

--

[SA11617] Trustix update for apache

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing, Manipulation of data, DoS
Released: 2004-05-14

Trustix has issued updated packages for apache. These fix various
vulnerabilities, which can be exploited to inject potentially malicious
characters into error logfiles, bypass certain restrictions, gain
unauthorised access, or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11617/

--

[SA11613] HP-UX update for Mozilla

Critical: Moderately critical
Where: From remote
Impact: System access, DoS, Cross Site Scripting, Security Bypass
Released: 2004-05-14

HP has acknowledged various vulnerabilities in Mozilla for HP-UX, which
can be exploited by malicious people to conduct cross-site scripting
attacks, bypass certain cookie restrictions, and potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/11613/

--

[SA11610] Fedora update for LHA

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-14

Fedora has issued an update for lha. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11610/

--

[SA11636] Debian update for heimdal

Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2004-05-18

Evgeny Demidov has discovered a vulnerability in Heimdal, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/11636/

--

[SA11614] HP-UX dtlogin XDMCP Parsing Vulnerability

Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-05-14

HP has acknowledged a vulnerability in HP-UX, which may be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11614/

--

[SA11669] Red Hat update for rsync

Critical: Less critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: 2004-05-20

Red Hat has issued updated packages for rsync. These fix a
vulnerability, potentially allowing malicious people to write files
outside the intended directory.

Full Advisory:
http://secunia.com/advisories/11669/

--

[SA11667] Red Hat update for libpng

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-20

Red Hat has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.

Full Advisory:
http://secunia.com/advisories/11667/

--

[SA11663] Fedora update for tcpdump

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-19

Fedora has issued updated packages for tcpdump. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11663/

--

[SA11656] Gentoo update for kdelibs

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-19

Gentoo has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.

Full Advisory:
http://secunia.com/advisories/11656/

--

[SA11645] Mandrake update for kdelibs

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-19

MandrakeSoft has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.

Full Advisory:
http://secunia.com/advisories/11645/

--

[SA11644] Fedora update for kdelibs

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-19

Fedora has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.

Full Advisory:
http://secunia.com/advisories/11644/

--

[SA11635] Slackware update for kdelibs

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-18

Slackware has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.

Full Advisory:
http://secunia.com/advisories/11635/

--

[SA11631] Red Hat update for kdelibs

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-18

Red Hat has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.

Full Advisory:
http://secunia.com/advisories/11631/

--

[SA11623] TTT-C Multiple Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-05-19

Kaloyan Olegov Georgiev has reported some vulnerabilities in TTT-C,
allowing malicious people to conduct Cross Site Scripting and script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/11623/

--

[SA11619] Gentoo update for libpng

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-17

Gentoo has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.

Full Advisory:
http://secunia.com/advisories/11619/

--

[SA11612] Fedora update for libpng

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-14

Fedora has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.

Full Advisory:
http://secunia.com/advisories/11612/

--

[SA11628] SGI IRIX rpc.mountd Denial of Service Vulnerability

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-05-18

SGI has reported a vulnerability in IRIX, allowing malicious people to
cause a DoS (Denial of Service) on the rpc.mountd daemon.

Full Advisory:
http://secunia.com/advisories/11628/

--

[SA11668] Red Hat update for mc

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-20

Red Hat has issued updates for mc. These fix some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/11668/

--

[SA11621] Slackware update for mc

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-17

Slackware has issued updates for mc. These fix some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/11621/

--

[SA11618] SuSE update for mc

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-17

SuSE has issued updates for mc. These fix some vulnerabilities, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/11618/

--

[SA11615] HP-UX B6848AB GTK+ Support Libraries Insecure Directory
Permissions

Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2004-05-14

HP has reported a vulnerability in HP-UX, which can be exploited by
malicious, local users to manipulate the content of certain files.

Full Advisory:
http://secunia.com/advisories/11615/

--

[SA11609] Gentoo update for utempter

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-14

Gentoo has issued an update for utempter. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with higher privileges on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11609/

--

[SA11605] OpenBSD procfs Integer Overflow Vulnerability

Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, DoS
Released: 2004-05-13

OpenBSD has issued patches for procfs. These fix a vulnerability, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service) or gain knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/11605/

--

[SA11616] Sun Solaris SMC Web Server File Enumeration Security Issue

Critical: Not critical
Where: From local network
Impact: Exposure of system information
Released: 2004-05-14

Jon Hart has reported a security issue in Sun Solaris, which can be
exploited by malicious people to enumerate files on an affected
system.

Full Advisory:
http://secunia.com/advisories/11616/

--

[SA11611] Fedora update for iproute

Critical: Not critical
Where: Local system
Impact: DoS
Released: 2004-05-14

Fedora has issued updated packages for iproute. These fix a
vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11611/


Other:--

[SA11632] Sidewinder G2 Firewall Multiple Denial of Service
Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-18

Multiple vulnerabilities have been reported in Sidewinder, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/11632/

--

[SA11603] Sweex Wireless Broadband Router Exposure of Configuration

Critical: Moderately critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-05-13

Mark Janssen has reported a vulnerability in Sweex Wireless Broadband
Router/Accesspoint, allowing malicious people to gain knowledge of the
configuration.

Full Advisory:
http://secunia.com/advisories/11603/

--

[SA11627] Blue Coat Security Gateway OS Private Key Disclosure

Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2004-05-18

A security issue has been reported in Blue Coat SGOS, which may
disclose private keys associated with imported certificates.

Full Advisory:
http://secunia.com/advisories/11627/

--

[SA11606] Linksys BEF Series Routers DHCP Vulnerability

Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2004-05-13

Jon Hart has reported a vulnerability in Linksys BEFSR41 and BEFW11S4,
which can be exploited by malicious people to gain knowledge of
sensitive information or cause a DoS (Denial of Service)

Full Advisory:
http://secunia.com/advisories/11606/


Cross Platform:--

[SA11649] Zen Cart SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-19

Oliver Minack has reported a vulnerability in Zen Cart, allowing
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/11649/

--

[SA11640] phpMyFAQ Arbitrary File Inclusion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-05-19

Stefan Esser has reported a vulnerability in phpMyFAQ, allowing
malicious people to view arbitrary local files and potentially execute
arbitrary local php code.

Full Advisory:
http://secunia.com/advisories/11640/

--

[SA11639] Java Secure Socket Extension Unspecified Server Certificate
Validation Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: 2004-05-19

A vulnerability has been discovered in JSSE (Java Secure Socket
Extension), allowing malicious websites to impersonate trusted
websites.

Full Advisory:
http://secunia.com/advisories/11639/

--

[SA11625] PHP-Nuke Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2004-05-18

Janek Vind has reported three vulnerabilities in PHP-Nuke, allowing
malicious people to conduct Cross Site Scripting attacks and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11625/

--

[SA11608] Ethereal Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-05-14

Multiple vulnerabilities have been discovered in Ethereal, which can be
exploited by malicious people to compromise a vulnerable system or
cause a DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11608/

--

[SA11602] Multiple Browsers Telnet URI Handler File Manipulation
Vulnerability

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-13

A vulnerability has been reported in various browsers, which can be
exploited by malicious people to create or truncate files on a user's
system.

Full Advisory:
http://secunia.com/advisories/11602/

--

[SA11624] osCommerce Directory Traversal Vulnerability

Critical: Not critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-05-19

l0om has reported a security issue in osCommerce, allowing malicious
administrative users to view arbitrary local files.

Full Advisory:
http://secunia.com/advisories/11624/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web : http://secunia.com/
E-mail : [email protected]
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45




__________ NOD32 1.768 (20040520) Information __________

This message was checked by NOD32 antivirus system.
part000.txt - is OK

http://www.nod32.com

Posted on Thursday, 20 May 2004 @ 10:15:00 EDT by phoenix22
image

 
Login
Nickname

Password

· New User? ·
Click here to create a registered account.
image
Related Links
· TrackBack (0)
· Linux.com
· PHP HomePage
· MandrakeSoft
· Red Hat
· Debian GNU/Linux
· Slackware
· FreeBSD
· Microsoft
· Microsoft
· PHP-Nuke
· SuSE
· HotScripts
· Apple
· Apache Web Server
· W3 Consortium
· KDE
· Mozilla
· Hewlett Packard
· Spam Cop
· More about Cyber Security
· News by phoenix22


Most read story about Cyber Security:
Booby Trapped software!

image
Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent


image
Options

Printer Friendly Page  Printer Friendly Page

Send to a Friend  Send to a Friend
image
"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register