[ISN] Secunia Weekly Summary - Issue: 2004-28

InfoSec News isn at c4i.org
Fri Jul 9 06:52:04 EDT 2004


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2004-07-01 - 2004-07-08                        

                       This week : 47 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

New Features at Secunia.com


Secunia has implemented various statistical features at the websites
for both Secunia advisories and Virus Information.

Secunia Advisories Statistics:
http://secunia.com/advisory_statistics/

Examples of Specific Product Statistics:
http://secunia.com/product/11/ (Internet Explorer 6)
http://secunia.com/product/761/ (Opera 7.x)
http://secunia.com/product/1480/ (Mozilla 1.3)

Secunia Virus Information Statistics:
http://secunia.com/virus_statistics/


Furthermore, Secunia has made it possible for you to include all graphs
available at secunia.com on your own website.

This is described in detail at:
http://secunia.com/secunia_image_inclusion/


========================================================================
2) This Week in Brief:


ADVISORIES:

IBM Lotus Domino Web Access (formerly iNotes) is vulnerable to an
issue, which can be exploited by malicious people to cause a DoS
(Denial of Service).

The vulnerability is caused due to an unspecified error when
processing mails and can be exploited by sending a mail containing an
overly large, specially crafted JPG image attachment (about 12 MB) to
a vulnerable system.

Successful exploitation reportedly crashes the whole Domino server,
when the mail is opened.

http://secunia.com/SA12007


Mozilla and Mozilla Firefox are vulnerable to an issue, which allows
malicious websites to trick users into accepting security dialog boxes.

The problem is that it may be possible to trick users into typing or
clicking on a XPInstall / Security dialog box, using various
interactive events, without the user noticing the dialog box.

Successful exploitation may allow a malicious website to perform tasks
that require user interaction.

http://secunia.com/SA12007

VIRUS ALERTS:

During the last week, Secunia issued two MEDIUM RISK virus alerts.
Please refer to the grouped virus profile below for more information:

Bagle.AD - MEDIUM RISK Virus Alert - 2004-07-04 21:48 GMT+1
http://secunia.com/virus_information/10430/bagle.ad/

Lovgate.Y - MEDIUM RISK Virus Alert - 2004-07-02 02:29 GMT+1
http://secunia.com/virus_information/10388/lovgate.y/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA11978] Multiple Browsers Frame Injection Vulnerability
2.  [SA11966] Internet Explorer Frame Injection Vulnerability
3.  [SA11793] Internet Explorer Local Resource Access and Cross-Zone
              Scripting Vulnerabilities
4.  [SA10395] Internet Explorer URL Spoofing Vulnerability
5.  [SA11999] Mozilla XPInstall Dialog Box Security Issue
6.  [SA11996] Linux Kernel File Group ID Manipulation Vulnerability
7.  [SA11856] Mozilla Browser Address Bar Spoofing Weakness
8.  [SA11901] Opera Address Bar Spoofing Security Issue
9.  [SA11830] Internet Explorer Security Zone Bypass and Address Bar
              Spoofing Vulnerability
10. [SA12020] MySQL Authentication Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA12006] Easy Chat Server Multiple Vulnerabilities
[SA12026] Comersus Shopping Cart Cross-Site Scripting and Price
Manipulation
[SA12016] Fastream NETFile FTP/Web Server Directory Traversal
Vulnerability
[SA12011] Mbedthis AppWeb Multiple Vulnerabilities
[SA11985] Easy Chat Server Directory Traversal Vulnerability
[SA11988] WinGate Proxy File Retrieval Vulnerability
[SA12012] 12Planet Chat Server Cross-Site Scripting Vulnerability
[SA12022] UnrealIRCd IP Cloaking Bypassing Weakness

UNIX/Linux:
[SA12023] Red Hat update for httpd
[SA12017] Open WebMail "vacation.pl" Arbitrary Program Execution
Vulnerability
[SA12005] Debian update for webmin
[SA12002] Debian update for pavuk
[SA11989] Fedora update for mailman
[SA11982] Fedora update for kernel
[SA11980] Linux Kernel Netfilter TCP Option Matching Denial of Service
Vulnerability
[SA12004] Gentoo update for apache2
[SA12001] Gentoo update for pure-ftpd
[SA12000] Netegrity IdentityMinder Cross-Site Scripting Vulnerability
[SA11993] Fedora update for rsync
[SA11992] Pure-FTPd Multiple Connection Denial of Service
Vulnerability
[SA12025] Mandrake update for kernel
[SA12019] Gentoo update for xfree
[SA11998] Red Hat update for kernel
[SA11997] Fedora update for kernel
[SA11996] Linux Kernel File Group ID Manipulation Vulnerability
[SA12009] SuSE update for kernel
[SA12003] Gentoo update for kernel
[SA11991] Gentoo esearch Insecure Temporary File Creation
Vulnerability
[SA11990] IBM Informix I-Spy "runbin" Privilege Escalation
Vulnerability
[SA11986] RSBAC Privilege Escalation Vulnerabilities
[SA11983] FreeBSD Linux Compatibility Mode System Call Handling
Vulnerability
[SA11981] Linux Kernel Sbus PROM Driver Multiple Integer Overflow
Vulnerabilities
[SA12021] Linux VServer procfs Permission Weakness
[SA12008] Oracle 10g Installer Insecure Temporary File Creation

Other:
[SA12014] Enterasys XSR Routers "Record Route" Option Denial of
Service
[SA12018] D-Link DI-624 Multiple Vulnerabilities
[SA11994] NetScreen 5GT Firewall AV Scan Engine Cross-Site Scripting
Vulnerability
[SA11984] ZyXEL Prestige Routers Denial of Service Vulnerability

Cross Platform:
[SA12013] IBM WebSphere Application Server Denial of Service
[SA12007] IBM Lotus Domino Web Access Message Handling Denial of
Service
[SA11999] Mozilla XPInstall Dialog Box Security Issue
[SA11987] Centre Inclusion of Arbitrary Files and SQL Injection
[SA12024] Ethereal Multiple Vulnerabilities
[SA12020] MySQL Authentication Vulnerabilities
[SA12015] SCI Photo Chat Cross-Site Scripting Vulnerability
[SA12010] Brightmail Unauthorised Access to Filtered Mails
[SA11995] Lotus Domino IMAP Quota Manipulation Weakness

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA12006] Easy Chat Server Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2004-07-05

Multiple vulnerabilities have been reported in Easy Chat Server,
allowing malicious people to cause a DoS (Denial of Service), conduct
cross-site scripting attacks, and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12006/

 --

[SA12026] Comersus Shopping Cart Cross-Site Scripting and Price
Manipulation

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2004-07-08

Thomas Ryan has reported some vulnerabilities in Comersus Shopping
Cart, which can be exploited by malicious people to conduct cross-site
scripting attacks or manipulate orders.

Full Advisory:
http://secunia.com/advisories/12026/

 --

[SA12016] Fastream NETFile FTP/Web Server Directory Traversal
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2004-07-06

aT4r ins4n3 has reported a vulnerability in Fastream NETFile FTP/Web
Server, allowing malicious people to retrieve arbitrary files.

Full Advisory:
http://secunia.com/advisories/12016/

 --

[SA12011] Mbedthis AppWeb Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, Exposure of sensitive
information
Released:    2004-07-07

Multiple vulnerabilities have been discovered in Mbedthis AppWeb. Some
currently have an unknown impact and others may be exploited by
malicious people to gain knowledge of sensitive information or bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12011/

 --

[SA11985] Easy Chat Server Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Exposure of system
information
Released:    2004-07-02

Dr_insane has reported a vulnerability in Easy Chat Server, which can
be exploited by malicious people to read arbitrary files on a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/11985/

 --

[SA11988] WinGate Proxy File Retrieval Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information
Released:    2004-07-02

iDefense has reported a vulnerability in WinGate, allowing malicious
people to retrieve arbitrary files.

Full Advisory:
http://secunia.com/advisories/11988/

 --

[SA12012] 12Planet Chat Server Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-07-05

Donato Ferrante has reported a vulnerability in 12Planet Chat Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/12012/

 --

[SA12022] UnrealIRCd IP Cloaking Bypassing Weakness

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-07-06

bartavelle has reported a weakness in UnrealIRCd, which can be
exploited by malicious users to bypass certain security features.

Full Advisory:
http://secunia.com/advisories/12022/


UNIX/Linux:--

[SA12023] Red Hat update for httpd

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-07-06

Red Hat has issued an update for httpd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12023/

 --

[SA12017] Open WebMail "vacation.pl" Arbitrary Program Execution
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-07-06

Ken Girrard has reported a vulnerability in Open WebMail, which can be
exploited by malicious users to execute arbitrary application.

Full Advisory:
http://secunia.com/advisories/12017/

 --

[SA12005] Debian update for webmin

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2004-07-05

Debian has issued an update for webmin. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12005/

 --

[SA12002] Debian update for pavuk

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-07-05

Debian has issued an update for pavuk. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12002/

 --

[SA11989] Fedora update for mailman

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2004-07-02

Fedora has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious people to retrieve members'
passwords.

Full Advisory:
http://secunia.com/advisories/11989/

 --

[SA11982] Fedora update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-07-01

Fedora has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/11982/

 --

[SA11980] Linux Kernel Netfilter TCP Option Matching Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-07-01

Adam Osuchowski and Tomasz Dubinski have reported a vulnerability in
the Linux kernel, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11980/

 --

[SA12004] Gentoo update for apache2

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-07-05

Gentoo has issued an update for apache2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12004/

 --

[SA12001] Gentoo update for pure-ftpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-07-05

Gentoo has issued an update for pure-ftpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12001/

 --

[SA12000] Netegrity IdentityMinder Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-07-05

HEXVIEW has reported a vulnerability in Netegrity IdentityMinder,
allowing malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12000/

 --

[SA11993] Fedora update for rsync

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2004-07-02

Fedora has issued an update for rsync. This fixes a vulnerability,
potentially allowing malicious people to write files outside the
intended directory.

Full Advisory:
http://secunia.com/advisories/11993/

 --

[SA11992] Pure-FTPd Multiple Connection Denial of Service
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-07-05

A vulnerability has been discovered in Pure-FTPd, allowing malicious
people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11992/

 --

[SA12025] Mandrake update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information, Privilege escalation
Released:    2004-07-07

MandrakeSoft has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions, gain knowledge of sensitive information
or escalate privileges.

Full Advisory:
http://secunia.com/advisories/12025/

 --

[SA12019] Gentoo update for xfree

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2004-07-06

Gentoo has issued an update for xfree. This fixes a security issue,
which potentially may allow malicious users to gain unintended access
to a system.

Full Advisory:
http://secunia.com/advisories/12019/

 --

[SA11998] Red Hat update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data
Released:    2004-07-02

Red Hat has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious users to bypass
certain security restrictions

Full Advisory:
http://secunia.com/advisories/11998/

 --

[SA11997] Fedora update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data, Privilege escalation, DoS
Released:    2004-07-02

Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions, cause a DoS (Denial of Service) or
potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/11997/

 --

[SA11996] Linux Kernel File Group ID Manipulation Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data
Released:    2004-07-02

SuSE has discovered a vulnerability in the Linux kernel, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/11996/

 --

[SA12009] SuSE update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information, Privilege escalation
Released:    2004-07-05

SuSE has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, cause a DoS (Denial of Service), or gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/12009/

 --

[SA12003] Gentoo update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, Privilege escalation, DoS
Released:    2004-07-05

Gentoo has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges, cause a DoS (Denial of Service), or gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/12003/

 --

[SA11991] Gentoo esearch Insecure Temporary File Creation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2004-07-02

Tavis Ormandy has discovered a vulnerability in esearch for Gentoo
Linux, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/11991/

 --

[SA11990] IBM Informix I-Spy "runbin" Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-07-02

A vulnerability has been discovered in IBM Informix I-Spy, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/11990/

 --

[SA11986] RSBAC Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-07-02

Two vulnerabilities have been reported in RSBAC, potentially allowing
malicious, local users to escalate their privileges.

Full Advisory:
http://secunia.com/advisories/11986/

 --

[SA11983] FreeBSD Linux Compatibility Mode System Call Handling
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information, Privilege escalation
Released:    2004-07-02

Tim Robbins has discovered a vulnerability in FreeBSD, which can be
exploited by malicious, local users to gain knowledge of sensitive
information or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/11983/

 --

[SA11981] Linux Kernel Sbus PROM Driver Multiple Integer Overflow
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2004-07-02

infamous41 has reported some vulnerabilities in the Linux kernel, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/11981/

 --

[SA12021] Linux VServer procfs Permission Weakness

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information, DoS
Released:    2004-07-06

Veit Wahlich has reported a weakness in Linux VServer, which can be
exploited by certain malicious, local users to cause a DoS (Denial of
Service) or gain knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/12021/

 --

[SA12008] Oracle 10g Installer Insecure Temporary File Creation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-07-05

Knud Erik Højgaard has reported a security issue in Oracle Database
10g, allowing malicious users to manipulate temporary files.

Full Advisory:
http://secunia.com/advisories/12008/


Other:--

[SA12014] Enterasys XSR Routers "Record Route" Option Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-07-06

Frederico Queiroz has reported a vulnerability in Enterasys XSR-1800
and XSR-3000 Series, which can be exploited by malicious people to
cause a Denial of Service.

Full Advisory:
http://secunia.com/advisories/12014/

 --

[SA12018] D-Link DI-624 Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, Cross Site Scripting
Released:    2004-07-06

Gregory Duchemin has reported multiple vulnerabilities in D-Link
DI-624, which can be exploited by malicious people to cause a DoS
(Denial of Service) or conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/12018/

 --

[SA11994] NetScreen 5GT Firewall AV Scan Engine Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-07-02

A vulnerability has been discovered in NetScreen ScreenOS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/11994/

 --

[SA11984] ZyXEL Prestige Routers Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-07-01

Sami Gascón has reported a vulnerability in ZyXEL Prestige, allowing
malicious people to cause a Denial of Service.

Full Advisory:
http://secunia.com/advisories/11984/


Cross Platform:--

[SA12013] IBM WebSphere Application Server Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-07-06

Leandro Meiners has reported a vulnerability in IBM WebSphere, allowing
malicious people to cause a Denial of Service.

Full Advisory:
http://secunia.com/advisories/12013/

 --

[SA12007] IBM Lotus Domino Web Access Message Handling Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-07-05

Andreas Klein has reported a vulnerability in IBM Lotus Domino Web
Access (formerly iNotes), which can be exploited by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12007/

 --

[SA11999] Mozilla XPInstall Dialog Box Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-07-05

Jesse Ruderman has reported a security issue in Mozilla and Mozilla
Firefox, allowing malicious websites to trick users into accepting
security dialog boxes.

Full Advisory:
http://secunia.com/advisories/11999/

 --

[SA11987] Centre Inclusion of Arbitrary Files and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2004-07-02

Manip has reported two vulnerabilities in Centre, allowing malicious
people to include arbitrary files and conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/11987/

 --

[SA12024] Ethereal Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2004-07-07

Three vulnerabilities have been discovered in Ethereal, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12024/

 --

[SA12020] MySQL Authentication Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, Privilege escalation
Released:    2004-07-06

Chris Anley has reported two vulnerabilities in MySQL, allowing
malicious people to gain access to the database or the local system.

Full Advisory:
http://secunia.com/advisories/12020/

 --

[SA12015] SCI Photo Chat Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-07-06

Donato Ferrante has reported a vulnerability in SCI Photo Chat,
potentially allowing malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/12015/

 --

[SA12010] Brightmail Unauthorised Access to Filtered Mails

Critical:    Not critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2004-07-05

Thomas Springer has reported a privacy issue in Brightmail, potentially
allowing malicious users to read arbitrary mails.

Full Advisory:
http://secunia.com/advisories/12010/

 --

[SA11995] Lotus Domino IMAP Quota Manipulation Weakness

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-07-02

Andreas Klein has reported a weakness in Lotus Domino, which can be
exploited by malicious users to manipulate certain configuration
options.

Full Advisory:
http://secunia.com/advisories/11995/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

========================================================================





More information about the ISN mailing list