The Secunia Weekly Advisory Summary

2004-05-20 - 2004-05-27




This week: 48 advisories

Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written.

Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

======================================================================== 2) This Week in Brief:

ADVISORIES:

Apple issued updates for the Mac OS X on Friday (21-05-2004) to fix the HELP URI handler vulnerability. However, the update from Apple did not correct the "disk" vulnerability. This unfortunately leaves users of the Mac OS X just as vulnerable to attacks as before the update was issued.

Secunia has described the vulnerability in detail along with mitigating steps. See referenced Secunia Advisory below.

Reference:
http://secunia.com/SA11689
--

Yuu Arai has discovered a vulnerability in Symantec Norton AntiVirus ActiveX Control, which can be exploited by malicious websites to execute code that already resides on the affected user's system or cause the application to stop responding.

Symantec has issued an updated version, which is available via the LiveUpdate feature.

Reference:
http://secunia.com/SA11676

--

F-Secure has reported a buffer overflow vulnerability in many of their products, which reportedly can be exploited to perform a Denial of Service attack.

The buffer overflow will occur when processing specially crafted LHA archives.

Reference:
http://secunia.com/SA11712

VIRUS ALERTS:

During the last week, Secunia issued one MEDIUM RISK virus alert. Please refer to the grouped virus profile below for more information:

Bobax.C - MEDIUM RISK Virus Alert - 2004-05-18 23:37 GMT+1
http://secunia.com/virus_information/9513/bobaxc/

========================================================================

3) This Weeks Top Ten Most Read Advisories:

1. [SA11622] Mac OS X URI Handler Arbitrary Code Execution
2. [SA11689] Mac OS X Volume URI Handler Registration Code Execution Vulnerability
3. [SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
4. [SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability
5. [SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
6. [SA11066] Symantec Client Firewall Products Multiple Vulnerabilities
7. [SA10395] Internet Explorer URL Spoofing Vulnerability
8. [SA11633] Microsoft Windows "desktop.ini" Arbitrary File Execution Vulnerability
9. [SA11674] Gentoo update for CVS
10. [SA11677] OpenBSD update for cvs
========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA11706] Orenosv HTTP/FTP Server GET Request Buffer Overflow Vulnerability
[SA11715] MiniShare HTTP Request Denial of Service Vulnerability
[SA11684] BNBT Authorization Header Denial of Service Vulnerability
[SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability
[SA11699] F-Secure Anti-Virus Archived Virus Detection Bypass Vulnerability
[SA11678] Exceed Xconfig Setting Editing Restriction Bypass

UNIX/Linux:
[SA11689] Mac OS X Volume URI Handler Registration Code Execution Vulnerability
[SA11687] Gentoo update for metamail
[SA11677] OpenBSD update for cvs
[SA11675] Gentoo update for subversion
[SA11674] Gentoo update for CVS
[SA11719] Gentoo update for apache
[SA11718] Mandrake update for mailman
[SA11717] HP-UX update for Java
[SA11709] Red Hat update for LHA
[SA11707] Conectiva update for mailman
[SA11702] Conectiva update for libneon
[SA11701] Mailman Unspecified Password Retrieval Vulnerability
[SA11693] e107 Site Statistics Script Insertion Vulnerability
[SA11692] Liferay Enterprise Portal Multiple Script Insertion Vulnerabilities
[SA11686] Gentoo update for squirrelmail
[SA11685] Squirrelmail Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities
[SA11681] Mandrake update for apache-mod_perl
[SA11680] vsftpd Connection Handling Denial of Service Vulnerability
[SA11673] Gentoo update for neon
[SA11672] Gentoo update for cadaver
[SA11725] Conectiva update for kde
[SA11713] SuSE update for kdelibs
[SA11710] Red Hat update for tcpdump
[SA11705] Fedora update for httpd
[SA11703] Gentoo update for opera
[SA11688] OpenPKG update for rsync
[SA11720] Gentoo update for mc
[SA11714] FreeBSD "msync()" MS_INVALIDATE Implementation Security Issue
[SA11708] Red Hat update for utempter
[SA11704] Gentoo update for mysql
[SA11700] cPanel mod_php suexec Privilege Escalation Vulnerability
[SA11695] Debian update for xpcd
[SA11691] Gentoo update for firebird
[SA11690] libpcd PhotoCD Image Error Handling Buffer Overflow Vulnerabilities
[SA11683] Mandrake update for kernel

Other:
[SA11694] VocalTec Telephony Gateways H.323 Denial of Service Vulnerability
[SA11682] HP ProCurve Routing Switch TCP Connection Reset Denial of Service
[SA11679] Novell NetWare TCP Connection Reset Denial of Service
[SA11716] 3Com OfficeConnect 812 ADSL Router Telnet Protocol Denial of Service
[SA11698] Netgear RP114 URL Filtering Bypass Vulnerability

Cross Platform:
[SA11712] F-Secure Anti-Virus Products LHA Archive Processing Buffer Overflow
[SA11696] e107 "user.php" Cross Site Scripting Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA11706] Orenosv HTTP/FTP Server GET Request Buffer Overflow Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-26

badpack3t has discovered a vulnerability in Orenosv HTTP/FTP Server, which potentially can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11706/

--

[SA11715] MiniShare HTTP Request Denial of Service Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-27

Donato Ferrante has discovered a vulnerability in MiniShare, which can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11715/

--

[SA11684] BNBT Authorization Header Denial of Service Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-24

badpack3t has reported a vulnerability in BNBT, which can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11684/

--

[SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-05-21

Yuu Arai has discovered a vulnerability in Norton AntiVirus 2004, which can be exploited by malicious people to perform various actions on a user's system.

Full Advisory:
http://secunia.com/advisories/11676/

--

[SA11699] F-Secure Anti-Virus Archived Virus Detection Bypass Vulnerability

Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-05-25

A vulnerability has been discovered in F-Secure Anti-Virus, which may prevent certain malware in archives from being detected.

Full Advisory:
http://secunia.com/advisories/11699/

--

[SA11678] Exceed Xconfig Setting Editing Restriction Bypass

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-05-21

A vulnerability has been discovered in Exceed, which can be exploited by malicious, local users to bypass certain restrictions.

Full Advisory:
http://secunia.com/advisories/11678/


UNIX/Linux:--

[SA11689] Mac OS X Volume URI Handler Registration Code Execution Vulnerability

Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2004-05-22

A vulnerability has been reported in Mac OS X, allowing malicious web sites to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11689/

--

[SA11687] Gentoo update for metamail

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-22

Gentoo has issued an update for metamail. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/11687/

--

[SA11677] OpenBSD update for cvs

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-21

OpenBSD has issued patches for cvs. These fix a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11677/

--

[SA11675] Gentoo update for subversion

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-21

Gentoo has issued an update for subversion. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11675/

--

[SA11674] Gentoo update for CVS

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-21

Gentoo has issued an update for CVS. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11674/

--

[SA11719] Gentoo update for apache

Critical: Moderately critical
Where: From remote
Impact: DoS, Manipulation of data, Spoofing, Security Bypass
Released: 2004-05-27

Gentoo has issued an update for apache. This fixes various vulnerabilities, which can be exploited to inject potentially malicious characters into error logfiles, bypass certain restrictions, gain unauthorised access, or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11719/

--

[SA11718] Mandrake update for mailman

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-05-27

MandrakeSoft has issued an update for mailman. This fixes a vulnerability, which can be exploited by malicious people to retrieve members' passwords.

Full Advisory:
http://secunia.com/advisories/11718/

--

[SA11717] HP-UX update for Java

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-26
HP has acknowledged a vulnerability in Java for HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11717/

--

[SA11709] Red Hat update for LHA

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-26

Red Hat has issued an update for LHA. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11709/

--

[SA11707] Conectiva update for mailman

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information, DoS
Released: 2004-05-26

Conectiva has issued an update for mailman. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or retrieve users' passwords.

Full Advisory:
http://secunia.com/advisories/11707/

--

[SA11702] Conectiva update for libneon

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-26

Conectiva has issued an update for libneon. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/11702/

--

[SA11701] Mailman Unspecified Password Retrieval Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-05-26

A vulnerability has been discovered in mailman, which can be exploited by malicious people to retrieve members' passwords.

Full Advisory:
http://secunia.com/advisories/11701/

--

[SA11693] e107 Site Statistics Script Insertion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-05-24

Chinchilla has reported a vulnerability in e107, which can be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/11693/

--

[SA11692] Liferay Enterprise Portal Multiple Script Insertion Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-05-24

Sandeep Giri has reported multiple vulnerabilities in Liferay Enterprise Portal, which can be exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/11692/

--

[SA11686] Gentoo update for squirrelmail

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information
Released: 2004-05-24

Gentoo has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/11686/

--

[SA11685] Squirrelmail Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information
Released: 2004-05-24

Various vulnerabilities have been discovered in SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/11685/

--

[SA11681] Mandrake update for apache-mod_perl

Critical: Moderately critical
Where: From remote
Impact: DoS, Manipulation of data, Spoofing, Security Bypass
Released: 2004-05-21

MandrakeSoft has issued updated packages for apache-mod_perl. These fix various vulnerabilities, which can be exploited to inject potentially malicious characters into error logfiles, bypass certain restrictions, gain unauthorised access, or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11681/

--

[SA11680] vsftpd Connection Handling Denial of Service Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-21

Olivier Baudron has discovered a vulnerability in vsftpd, which can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11680/

--

[SA11673] Gentoo update for neon

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-21

Gentoo has issued an update for neon. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11673/

--

[SA11672] Gentoo update for cadaver

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-21

Gentoo has issued an update for cadaver. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11672/

--

[SA11725] Conectiva update for kde

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-27

Conectiva has issued an update for kde. This fixes a vulnerability, which can be exploited by malicious people to create or truncate files on a user's system.

Full Advisory:
http://secunia.com/advisories/11725/

--

[SA11713] SuSE update for kdelibs

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-26

SuSE has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to create or truncate files on a user's system.

Full Advisory:
http://secunia.com/advisories/11713/

--

[SA11710] Red Hat update for tcpdump

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-26

Red Hat has issued an update for tcpdump. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11710/

--

[SA11705] Fedora update for httpd

Critical: Less critical
Where: From remote
Impact: Manipulation of data, DoS
Released: 2004-05-26

Fedora has issued an update for httpd. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or inject certain potentially malicious characters in error log files.

Full Advisory:
http://secunia.com/advisories/11705/

--

[SA11703] Gentoo update for opera

Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-26

Gentoo has issued an update for opera. This fixes a vulnerability, which can be exploited by malicious people to create or truncate files on a user's system.

Full Advisory:
http://secunia.com/advisories/11703/

--

[SA11688] OpenPKG update for rsync

Critical: Less critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: 2004-05-22

OpenPKG has issued an update for rsync. This fixes a vulnerability, potentially allowing malicious people to write files outside the intended directory.

Full Advisory:
http://secunia.com/advisories/11688/

--

[SA11720] Gentoo update for mc

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-27

Gentoo has issued an update for mc. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/11720/

--

[SA11714] FreeBSD "msync()" MS_INVALIDATE Implementation Security Issue

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-26

Stephan Uphoff and Matt Dillon has discovered a security issue in FreeBSD. This can be exploited by malicious, local users to prevent changes to certain files, which they have read access to, from being committed to disk.

Full Advisory:
http://secunia.com/advisories/11714/

--

[SA11708] Red Hat update for utempter

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-26

Red Hat has issued an update for utempter. This fixes a security issue, which potentially can be exploited by malicious, local users to perform certain actions with higher privileges on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11708/

--

[SA11704] Gentoo update for mysql

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-26

Gentoo has issued an update for mysql. This fixes two vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/11704/

--

[SA11700] cPanel mod_php suexec Privilege Escalation Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-26

Rob Brown has reported an security issue in cPanel, potentially allowing malicious users to escalate their privileges.

Full Advisory:
http://secunia.com/advisories/11700/

--

[SA11695] Debian update for xpcd

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-25

Debian has issued an update for xpcd. This fixes three vulnerabilities, which potentially can be exploited by malicious people to execute arbitrary code on a user's system.

Full Advisory:
http://secunia.com/advisories/11695/

--

[SA11691] Gentoo update for firebird

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-24

Gentoo has issued an update for firebird. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11691/

--

[SA11690] libpcd PhotoCD Image Error Handling Buffer Overflow Vulnerabilities

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-25

Jaguar has reported some vulnerabilities in libpcd, which potentially can be exploited by malicious people to execute arbitrary code on a user's system.

Full Advisory:
http://secunia.com/advisories/11690/

--

[SA11683] Mandrake update for kernel

Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive information
Released: 2004-05-22

MandrakeSoft has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/11683/


Other:--

[SA11694] VocalTec Telephony Gateways H.323 Denial of Service Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-25
Tagoff Eugene has reported a vulnerability in certain VocalTec Telephony Gateways, which can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11694/

--

[SA11682] HP ProCurve Routing Switch TCP Connection Reset Denial of Service

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-21

HP has acknowledged a vulnerability in various products, which can be exploited by malicious people to reset established TCP connections on a vulnerable device.

Full Advisory:
http://secunia.com/advisories/11682/

--

[SA11679] Novell NetWare TCP Connection Reset Denial of Service

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-21

Novell has partly acknowledged a vulnerability in NetWare, which can be exploited by malicious people to reset established TCP connections on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11679/

--

[SA11716] 3Com OfficeConnect 812 ADSL Router Telnet Protocol Denial of Service

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-05-26

iDEFENSE has reported a vulnerability in 3Com OfficeConnect Remote 812 ADSL Router, which can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11716/

--

[SA11698] Netgear RP114 URL Filtering Bypass Vulnerability

Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-05-25

Marc Ruef has reported a vulnerability in NetGear RP114, which can be exploited by malicious people to bypass the URL filtering functionality.

Full Advisory:
http://secunia.com/advisories/11698/


Cross Platform:--

[SA11712] F-Secure Anti-Virus Products LHA Archive Processing Buffer Overflow

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-26

A vulnerability has been discovered in various F-Secure Anti-Virus products, which can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11712/

--

[SA11696] e107 "user.php" Cross Site Scripting Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-05-25

Chris Norton has reported a vulnerability in e107, allowing malicious users to conduct Cross Site Scripting attacks.

Full Advisory:
http://secunia.com/advisories/11696/