[ISN] Secunia Weekly Summary - Issue: 2004-27
InfoSec News
isn at c4i.org
Fri Jul 2 08:35:25 EDT 2004
========================================================================
The Secunia Weekly Advisory Summary
2004-06-24 - 2004-07-01
This week : 42 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
New Features at Secunia.com
Secunia has implemented various statistical features at the websites
for both Secunia advisories and Virus Information.
Secunia Advisories Statistics:
http://secunia.com/advisory_statistics/
Examples of Specific Product Statistics:
http://secunia.com/product/11/ (Internet Explorer 6)
http://secunia.com/product/761/ (Opera 7.x)
http://secunia.com/product/1480/ (Mozilla 1.3)
Secunia Virus Information Statistics:
http://secunia.com/virus_statistics/
Furthermore, Secunia has made it possible for you to include all graphs
available at secunia.com on your own website.
This is described in detail at:
http://secunia.com/secunia_image_inclusion/
========================================================================
2) This Week in Brief:
ADVISORIES:
Multiple browser have been proven vulnerable to a 6 year old
vulnerability, which can be exploited by malicious people to inject
information into other sites' frameset.
The vulnerability was first reported (and corrected) in Internet
Explorer 3 and 4 back in 1998. However, during the past week Internet
Explorer 6.0 was proven vulnerable to this issue again.
After this information surfaced, several other people reported to
Secunia that many other browsers also are affected by this.
Secunia has therefore constructed a test for this issue, allowing you
to check your own browser. A link for the test can be found in the
Secunia advisories below.
Reference:
http://secunia.com/SA11966
http://secunia.com/SA11978
VIRUS ALERTS:
During the last week, Secunia issued two MEDIUM RISK virus alerts.
Please refer to the grouped virus profile below for more information:
Bagle.x!proxy - MEDIUM RISK Virus Alert - 2004-07-01 05:35 GMT+1
http://secunia.com/virus_information/8675/bagle.xproxy/
Korgo.T - MEDIUM RISK Virus Alert - 2004-06-27 14:46 GMT+1
http://secunia.com/virus_information/10230/korgo.t/
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA11793] Internet Explorer Local Resource Access and Cross-Zone
Scripting Vulnerabilities
2. [SA11900] Unreal Engine "secure" Query Buffer Overflow
Vulnerability
3. [SA11966] Internet Explorer Frame Injection Vulnerability
4. [SA11956] Apache Input Header Folding Denial of Service
Vulnerability
5. [SA11925] Lotus Domino/Notes Cross-Site Scripting and Arbitrary
Code Execution
6. [SA11072] IBM Access Support ActiveX Controls Various Insecure
Methods
7. [SA11830] Internet Explorer Security Zone Bypass and Address Bar
Spoofing Vulnerability
8. [SA11928] php-exec-dir Command Execution Bypass Vulnerability
9. [SA11622] Mac OS X URI Handler Arbitrary Code Execution
10. [SA10395] Internet Explorer URL Spoofing Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA11966] Internet Explorer Frame Injection Vulnerability
[SA11951] Cart32 "GetLatestBuilds" Cross-Site Scripting Vulnerability
UNIX/Linux:
[SA11971] HP-UX Netscape Multiple Vulnerabilities
[SA11968] Mandrake update for apache
[SA11946] Debian update for apache
[SA11945] MPlayer GUI Filename Handling Buffer Overflow Vulnerability
[SA11976] Gentoo update for pavuk
[SA11975] Pavuk HTTP "Location:" Header Processing Buffer Overflow
Vulnerability
[SA11973] Gentoo update for krb5
[SA11962] Fedora update for ipsec-tools
[SA11954] artmedic links "id" Parameter Arbitrary File Reading
Vulnerability
[SA11953] Confixx "/root" Directory Information Disclosure
Vulnerability
[SA11949] Gentoo update for freeswan/openswan/strongswan
[SA11948] Various Products X.509 Certificate Validation Vulnerability
[SA11969] HP-UX Object Action Manager WebAdmin Vulnerability
[SA11967] Mandrake update for apache2
[SA11942] Gentoo update for gift-fasttrack
[SA11941] giFT-FastTrack Unspecified Denial of Service Vulnerability
[SA11937] vBulletin "newreply.php" Cross-Site Scripting Vulnerability
[SA11955] HP Tru64 UNIX DCE RPC Buffer Overflow Vulnerability
[SA11939] Gentoo update for gzip
[SA11938] Fedora update for kernel
[SA11936] Red Hat Linux Broadcom 5820 Cryptonet Driver Integer
Overflow
[SA11935] Sun StorEdge ESM Unspecified Privilege Escalation
Vulnerability
[SA11977] popclient "POP3_readmsg()" Off-By-One Buffer Overflow
Vulnerability
[SA11970] HP-UX ARPA Transport Unspecified Denial of Service
Vulnerability
[SA11940] Sun Solaris Kerberos Client Clear Text Password Logging
Other:
[SA11950] Juniper JUNOS Packet Forwarding Engine IPv6 Denial of
Service
[SA11963] D-Link DI-614+ DHCP Request Flooding Denial of Service
[SA11961] D-Link DI-614+ DHCP Service "LEASETIME" Option Denial of
Service
Cross Platform:
[SA11957] IBM HTTP Server mod_proxy "Content-Length:" Header Buffer
Overflow
[SA11978] Multiple Browsers Frame Injection Vulnerability
[SA11974] phpMyAdmin Configuration Manipulation and Code Injection
[SA11960] PowerPortal Multiple Vulnerabilities
[SA11959] BEA WebLogic Role Interpretation Security Issue
[SA11958] BEA WebLogic Crystal Reports Web Viewer Directory Traversal
Vulnerability
[SA11952] Help Desk Pro Login Validation SQL Injection Vulnerability
[SA11947] Infinity WEB Login Validation SQL Injection Vulnerability
[SA11944] phpmyfamily User Authentication Bypass Vulnerability
[SA11964] CuteNews "id" Parameter Cross Site Scripting Vulnerabilities
[SA11956] Apache Input Header Folding Denial of Service Vulnerability
[SA11965] csFAQ "database" Parameter Path Disclosure
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA11966] Internet Explorer Frame Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2004-06-30
Mark Laurence has discovered a 6 year old vulnerability in Microsoft
Internet Explorer, allowing malicious people to spoof the content of
websites.
Full Advisory:
http://secunia.com/advisories/11966/
--
[SA11951] Cart32 "GetLatestBuilds" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-06-29
Dr Ponidi has reported a vulnerability in Cart32, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/11951/
UNIX/Linux:--
[SA11971] HP-UX Netscape Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS, System access
Released: 2004-06-30
HP has acknowledged multiple vulnerabilities in Netscape for HP-UX,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service), gain knowledge of sensitive information, or
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11971/
--
[SA11968] Mandrake update for apache
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2004-06-30
MandrakeSoft has issued an update for apache. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11968/
--
[SA11946] Debian update for apache
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-06-28
Debian has issued an update for apache. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11946/
--
[SA11945] MPlayer GUI Filename Handling Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-06-29
c0ntex has reported a vulnerability in MPlayer, which can be exploited
by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11945/
--
[SA11976] Gentoo update for pavuk
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-06-30
Gentoo has issued an update for pavuk. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11976/
--
[SA11975] Pavuk HTTP "Location:" Header Processing Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-06-30
A vulnerability has been reported in Pavuk, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11975/
--
[SA11973] Gentoo update for krb5
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-06-30
Gentoo has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11973/
--
[SA11962] Fedora update for ipsec-tools
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-06-29
Fedora has issued an update for ipsec-tools. This fixes a
vulnerability, which potentially can be exploited by malicious people
to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/11962/
--
[SA11954] artmedic links "id" Parameter Arbitrary File Reading
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-06-28
Adam Simuntis has reported a vulnerability in artmedic links, allowing
malicious people to disclose the content of arbitrary files.
Full Advisory:
http://secunia.com/advisories/11954/
--
[SA11953] Confixx "/root" Directory Information Disclosure
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-06-28
Dirk Pirschel has reported a vulnerability in Confixx, which
potentially can be exploited by malicious users to gain knowledge of
sensitive information.
Full Advisory:
http://secunia.com/advisories/11953/
--
[SA11949] Gentoo update for freeswan/openswan/strongswan
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2004-06-28
Gentoo has issued updates for freeswan/openswan/strongswan. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/11949/
--
[SA11948] Various Products X.509 Certificate Validation Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2004-06-28
Thomas Walpuski has reported a vulnerability in strongSwan, Openswan,
and FreeS/WAN, which potentially can be exploited by malicious people
to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/11948/
--
[SA11969] HP-UX Object Action Manager WebAdmin Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-06-30
HP has acknowledged a vulnerability in HP-UX, which potentially can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11969/
--
[SA11967] Mandrake update for apache2
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-06-30
MandrakeSoft has issued an update for apache2. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11967/
--
[SA11942] Gentoo update for gift-fasttrack
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-06-25
Gentoo has issued an update for gift-fasttrack. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11942/
--
[SA11941] giFT-FastTrack Unspecified Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-06-25
Alan Fitton has discovered a vulnerability in giFT-FastTrack, allowing
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11941/
--
[SA11937] vBulletin "newreply.php" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-06-25
Cheng Peng Su has reported a vulnerability in vBulletin, allowing
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/11937/
--
[SA11955] HP Tru64 UNIX DCE RPC Buffer Overflow Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-06-28
A vulnerability has been reported in DCE/DFS for Tru64 UNIX, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11955/
--
[SA11939] Gentoo update for gzip
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-06-25
Gentoo has issued an update for gzip. This fixes two vulnerabilities,
which can be exploited by malicious, local users to escalate their
privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11939/
--
[SA11938] Fedora update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2004-06-25
Fedora as issued an update for the kernel. This fixes various
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), gain knowledge of sensitive
information, or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/11938/
--
[SA11936] Red Hat Linux Broadcom 5820 Cryptonet Driver Integer
Overflow
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2004-06-24
infamous41md has reported a vulnerability in the Broadcom 5820
Cryptonet driver included with Red Hat Linux. This can potentially be
exploited by malicious, local users to cause a DoS (Denial of Service)
or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/11936/
--
[SA11935] Sun StorEdge ESM Unspecified Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-06-24
An unspecified vulnerability has been discovered in Sun StorEdge
Enterprise Storage Manager, which can be exploited by malicious, local
users to gain root privileges.
Full Advisory:
http://secunia.com/advisories/11935/
--
[SA11977] popclient "POP3_readmsg()" Off-By-One Buffer Overflow
Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2004-06-30
A vulnerability has been reported in popclient, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11977/
--
[SA11970] HP-UX ARPA Transport Unspecified Denial of Service
Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2004-06-30
A vulnerability has been discovered in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11970/
--
[SA11940] Sun Solaris Kerberos Client Clear Text Password Logging
Critical: Not critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-06-25
A security issue has been discovered in Sun Solaris, which may disclose
sensitive information to users.
Full Advisory:
http://secunia.com/advisories/11940/
Other:--
[SA11950] Juniper JUNOS Packet Forwarding Engine IPv6 Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-06-30
A vulnerability has been discovered in Juniper JUNOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11950/
--
[SA11963] D-Link DI-614+ DHCP Request Flooding Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-06-29
Gregory Duchemin has reported a vulnerability in D-Link 614+, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11963/
--
[SA11961] D-Link DI-614+ DHCP Service "LEASETIME" Option Denial of
Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-06-30
Gregory Duchemin has reported a vulnerability in D-Link DI-614+, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/11961/
Cross Platform:--
[SA11957] IBM HTTP Server mod_proxy "Content-Length:" Header Buffer
Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-06-29
IBM has acknowledged a vulnerability in IBM HTTP Server, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11957/
--
[SA11978] Multiple Browsers Frame Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2004-07-01
A 6 year old vulnerability has been discovered in multiple browsers,
allowing malicious people to spoof the content of websites.
Full Advisory:
http://secunia.com/advisories/11978/
--
[SA11974] phpMyAdmin Configuration Manipulation and Code Injection
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, System access
Released: 2004-06-30
Nasir Simbolon has reported two vulnerabilities in phpMyAdmin, allowing
malicious people to manipulate certain configuration settings and
inject arbitrary code.
Full Advisory:
http://secunia.com/advisories/11974/
--
[SA11960] PowerPortal Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2004-06-29
DarkBicho has reported some vulnerabilities in PowerPortal, potentially
allowing malicious people to reveal sensitive information and conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/11960/
--
[SA11959] BEA WebLogic Role Interpretation Security Issue
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-06-29
A security issue has been discovered in BEA WebLogic, potentially
allowing unauthorised users to access affected web applications.
Full Advisory:
http://secunia.com/advisories/11959/
--
[SA11958] BEA WebLogic Crystal Reports Web Viewer Directory Traversal
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, Exposure of sensitive information, Exposure of system
information
Released: 2004-06-29
A vulnerability has been discovered in BEA WebLogic, allowing malicious
people to disclose the content of arbitrary files or delete these.
Full Advisory:
http://secunia.com/advisories/11958/
--
[SA11952] Help Desk Pro Login Validation SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-06-28
D'Amato Luigi has reported a vulnerability in Help Desk Pro, allowing
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/11952/
--
[SA11947] Infinity WEB Login Validation SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-06-28
D'Amato Luigi has reported a vulnerability in Infinity WEB, allowing
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/11947/
--
[SA11944] phpmyfamily User Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-06-28
Valerie Holfield has discovered a vulnerability in phpmyfamily, which
can be exploited by malicious people to gain edit privileges.
Full Advisory:
http://secunia.com/advisories/11944/
--
[SA11964] CuteNews "id" Parameter Cross Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-06-29
DarkBicho has reported some vulnerabilities in CuteNews, potentially
allowing malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/11964/
--
[SA11956] Apache Input Header Folding Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-06-28
Georgi Guninski has reported a vulnerability in Apache httpd, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11956/
--
[SA11965] csFAQ "database" Parameter Path Disclosure
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2004-06-30
DarkBicho has reported a weakness in csFAQ, allowing malicious people
to see the installation path.
Full Advisory:
http://secunia.com/advisories/11965/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
More information about the ISN
mailing list