[ISN] Secunia Weekly Summary - Issue: 2004-21
InfoSec News
isn at c4i.org
Fri May 21 10:54:47 EDT 2004
========================================================================
The Secunia Weekly Advisory Summary
2004-05-13 - 2004-05-20
This week : 68 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia has launched a new service called Secunia Virus Information.
Secunia Virus Information is based on information automatically
collected from seven different anti-virus vendors. The data will be
parsed and indexed, resulting in a chronological list, a searchable
index, and grouped profiles with information from the seven vendors.
Furthermore, when certain criteria are triggered virus alerts will be
issued. You can sign-up for the alerts here:
Sign-up for Secunia Virus Alerts:
http://secunia.com/secunia_virus_alerts/
Secunia Virus Information:
http://secunia.com/virus_information/
========================================================================
2) This Week in Brief:
ADVISORIES:
Secunia issued Monday a "Highly Critical" advisory for Mac OS X, as
it was reported that it was possible to silently deliver and execute
arbitrary code on a vulnerable system.
However, during the day more details were revealed, and more advanced
exploits were published by various sources, demonstrating exactly how
easily this vulnerability could be exploited.
Therefore, and in the light of no patch being available from Apple,
Secunia raised the severity to a rare "Extremely Critical" for this
vulnerability.
Please refer to Secunia advisory below for full details.
Reference:
http://secunia.com/SA11622
--
http-equiv found a vulnerability in Outlook Express, which can be
exploited to include arbitrary web content from remote sites in
emails. It could be exploited by e.g. spammers to "ping" an email
address to see if anyone is reading emails sent to it.
http-equiv also reported a vulnerability in Microsoft Outlook, which
could be exploited to bypass certain security restrictions.
Please refer to the Secunia advisories below for in-depth information
about the vulnerabilities.
Reference:
http://secunia.com/SA11607
http://secunia.com/SA11629
--
A vulnerability in CVS was reported by Stefan Esser, which can be
exploited to compromise a vulnerable system.
Many vendors have issued patches for this issue, and many more are
likely to follow in the next days. Please refer to http://secunia.com
for information about vendor patches.
Reference:
http://secunia.com/SA11641
VIRUS ALERTS:
Secunia has not issued any virus alerts during the last week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA11622] Mac OS X URI Handler Arbitrary Code Execution
2. [SA11066] Symantec Client Firewall Products Multiple
Vulnerabilities
3. [SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
4. [SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
5. [SA11012] Apple Filing Protocol Insecure Implementation
6. [SA11303] Mac OS X Security Update Fixes Multiple Vulnerabilities
7. [SA10959] Mac OS X Security Update Fixes Multiple Vulnerabilities
8. [SA10440] Mac OS X cd9660.util Privilege Escalation Vulnerability
9. [SA10524] Mac OS X Local Denial of Service Vulnerability
10. [SA10723] Mac OS X Security Update Fixes Multiple Vulnerabilities
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
[SA11637] NetChat HTTP Service GET Request Buffer Overflow
Vulnerability
[SA11607] Microsoft Outlook Express Loading of Arbitrary Web Content
[SA11633] Microsoft Windows "desktop.ini" Arbitrary File Execution
Vulnerability
UNIX/Linux:
[SA11622] Mac OS X URI Handler Arbitrary Code Execution
[SA11662] Slackware update for cvs
[SA11661] Fedora update for cvs
[SA11659] Fedora update for subversion
[SA11658] Mandrake update for cvs
[SA11653] SuSE update for cvs
[SA11652] FreeBSD update for cvs
[SA11651] Debian update for cvs
[SA11647] Red Hat update for cvs
[SA11646] Gentoo update for pound
[SA11642] Subversion Date Parsing Buffer Overflow Vulnerability
[SA11641] CVS Entry Line Heap Overflow Vulnerability
[SA11620] Gentoo update for exim
[SA11604] Zoneminder Query String Buffer Overflow Vulnerability
[SA11671] Gentoo update for icecast
[SA11670] Fedora update for ipsec-tools
[SA11660] Fedora update for libneon
[SA11657] Mandrake update for libneon
[SA11655] Gentoo update for proftpd
[SA11654] Debian update for cadaver
[SA11650] Debian update for libneon
[SA11648] Red Hat update for cadaver
[SA11643] cadaver libneon Date Parsing Heap Overflow Vulnerability
[SA11638] Neon Date Parsing Heap Overflow Vulnerability
[SA11630] Mandrake update for apache
[SA11617] Trustix update for apache
[SA11613] HP-UX update for Mozilla
[SA11610] Fedora update for LHA
[SA11636] Debian update for heimdal
[SA11614] HP-UX dtlogin XDMCP Parsing Vulnerability
[SA11669] Red Hat update for rsync
[SA11667] Red Hat update for libpng
[SA11663] Fedora update for tcpdump
[SA11656] Gentoo update for kdelibs
[SA11645] Mandrake update for kdelibs
[SA11644] Fedora update for kdelibs
[SA11635] Slackware update for kdelibs
[SA11631] Red Hat update for kdelibs
[SA11623] TTT-C Multiple Vulnerabilities
[SA11619] Gentoo update for libpng
[SA11612] Fedora update for libpng
[SA11628] SGI IRIX rpc.mountd Denial of Service Vulnerability
[SA11668] Red Hat update for mc
[SA11621] Slackware update for mc
[SA11618] SuSE update for mc
[SA11615] HP-UX B6848AB GTK+ Support Libraries Insecure Directory
Permissions
[SA11609] Gentoo update for utempter
[SA11605] OpenBSD procfs Integer Overflow Vulnerability
[SA11616] Sun Solaris SMC Web Server File Enumeration Security Issue
[SA11611] Fedora update for iproute
Other:
[SA11632] Sidewinder G2 Firewall Multiple Denial of Service
Vulnerabilities
[SA11603] Sweex Wireless Broadband Router Exposure of Configuration
[SA11627] Blue Coat Security Gateway OS Private Key Disclosure
[SA11606] Linksys BEF Series Routers DHCP Vulnerability
Cross Platform:
[SA11649] Zen Cart SQL Injection Vulnerability
[SA11640] phpMyFAQ Arbitrary File Inclusion Vulnerability
[SA11639] Java Secure Socket Extension Unspecified Server Certificate
Validation Vulnerability
[SA11625] PHP-Nuke Multiple Vulnerabilities
[SA11608] Ethereal Multiple Vulnerabilities
[SA11602] Multiple Browsers Telnet URI Handler File Manipulation
Vulnerability
[SA11624] osCommerce Directory Traversal Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-05-18
http-equiv has reported a vulnerability in Microsoft Outlook 2003,
allowing malicious people to perform illegal actions through emails.
Full Advisory:
http://secunia.com/advisories/11629/
--
[SA11637] NetChat HTTP Service GET Request Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-05-19
Marius Huse Jacobsen has reported a vulnerability in NetChat, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11637/
--
[SA11607] Microsoft Outlook Express Loading of Arbitrary Web Content
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-05-14
http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load
arbitrary content into the email client.
Full Advisory:
http://secunia.com/advisories/11607/
--
[SA11633] Microsoft Windows "desktop.ini" Arbitrary File Execution
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-18
Roozbeh Afrasiabi has reported a vulnerability in Microsoft Windows,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/11633/
UNIX/Linux:--
[SA11622] Mac OS X URI Handler Arbitrary Code Execution
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2004-05-17
Two vulnerabilities have been reported in Mac OS X, allowing malicious
web sites to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11622/
--
[SA11662] Slackware update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-20
Slackware has issued updated packages for cvs. These fix a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11662/
--
[SA11661] Fedora update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
Fedora has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11661/
--
[SA11659] Fedora update for subversion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
Fedora has issued updated packages for subversion. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11659/
--
[SA11658] Mandrake update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
MandrakeSoft has issued updated packages for cvs. These fix a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11658/
--
[SA11653] SuSE update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
SuSE has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11653/
--
[SA11652] FreeBSD update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
FreeBSD has issued updates for cvs. These fix a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11652/
--
[SA11651] Debian update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
Debian has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11651/
--
[SA11647] Red Hat update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
Red Hat has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11647/
--
[SA11646] Gentoo update for pound
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
Gentoo has issued an update for pound. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11646/
--
[SA11642] Subversion Date Parsing Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
Stefan Esser has discovered a vulnerability in Subversion, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11642/
--
[SA11641] CVS Entry Line Heap Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-19
Stefan Esser has reported a vulnerability in CVS, allowing malicious
users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11641/
--
[SA11620] Gentoo update for exim
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-17
Gentoo has issued updated packages for exim. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11620/
--
[SA11604] Zoneminder Query String Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-13
Mark Cox has reported a vulnerability in ZoneMinder, potentially
allowing malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11604/
--
[SA11671] Gentoo update for icecast
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-20
Gentoo has issued an update for icecast. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/11671/
--
[SA11670] Fedora update for ipsec-tools
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-20
Fedora has issued updates for ipsec-tools. These fix a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/11670/
--
[SA11660] Fedora update for libneon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19
Fedora has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11660/
--
[SA11657] Mandrake update for libneon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19
MandrakeSoft has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11657/
--
[SA11655] Gentoo update for proftpd
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-05-19
Gentoo has issued an update for proftpd. This fixes a security issue,
which potentially allows malicious people to bypass ACLs.
Full Advisory:
http://secunia.com/advisories/11655/
--
[SA11654] Debian update for cadaver
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19
Debian has issued updated packages for cadaver. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11654/
--
[SA11650] Debian update for libneon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19
Debian has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11650/
--
[SA11648] Red Hat update for cadaver
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19
Red Hat has issued updated packages for cadaver. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11648/
--
[SA11643] cadaver libneon Date Parsing Heap Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19
cadaver is affected by a vulnerability in the libneon date parsing
code, which potentially can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11643/
--
[SA11638] Neon Date Parsing Heap Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-19
Stefan Esser has discovered a vulnerability in neon, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11638/
--
[SA11630] Mandrake update for apache
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing, Manipulation of data, DoS
Released: 2004-05-18
MandrakeSoft has issued updated packages for apache. These fix various
vulnerabilities, which can be exploited to inject potentially malicious
characters into error logfiles, bypass certain restrictions, gain
unauthorised access, or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11630/
--
[SA11617] Trustix update for apache
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing, Manipulation of data, DoS
Released: 2004-05-14
Trustix has issued updated packages for apache. These fix various
vulnerabilities, which can be exploited to inject potentially malicious
characters into error logfiles, bypass certain restrictions, gain
unauthorised access, or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11617/
--
[SA11613] HP-UX update for Mozilla
Critical: Moderately critical
Where: From remote
Impact: System access, DoS, Cross Site Scripting, Security Bypass
Released: 2004-05-14
HP has acknowledged various vulnerabilities in Mozilla for HP-UX, which
can be exploited by malicious people to conduct cross-site scripting
attacks, bypass certain cookie restrictions, and potentially compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/11613/
--
[SA11610] Fedora update for LHA
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-14
Fedora has issued an update for lha. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11610/
--
[SA11636] Debian update for heimdal
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2004-05-18
Evgeny Demidov has discovered a vulnerability in Heimdal, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/11636/
--
[SA11614] HP-UX dtlogin XDMCP Parsing Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-05-14
HP has acknowledged a vulnerability in HP-UX, which may be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11614/
--
[SA11669] Red Hat update for rsync
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: 2004-05-20
Red Hat has issued updated packages for rsync. These fix a
vulnerability, potentially allowing malicious people to write files
outside the intended directory.
Full Advisory:
http://secunia.com/advisories/11669/
--
[SA11667] Red Hat update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-20
Red Hat has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
Full Advisory:
http://secunia.com/advisories/11667/
--
[SA11663] Fedora update for tcpdump
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-19
Fedora has issued updated packages for tcpdump. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11663/
--
[SA11656] Gentoo update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-19
Gentoo has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
Full Advisory:
http://secunia.com/advisories/11656/
--
[SA11645] Mandrake update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-19
MandrakeSoft has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
Full Advisory:
http://secunia.com/advisories/11645/
--
[SA11644] Fedora update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-19
Fedora has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
Full Advisory:
http://secunia.com/advisories/11644/
--
[SA11635] Slackware update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-18
Slackware has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
Full Advisory:
http://secunia.com/advisories/11635/
--
[SA11631] Red Hat update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-18
Red Hat has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
Full Advisory:
http://secunia.com/advisories/11631/
--
[SA11623] TTT-C Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-05-19
Kaloyan Olegov Georgiev has reported some vulnerabilities in TTT-C,
allowing malicious people to conduct Cross Site Scripting and script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/11623/
--
[SA11619] Gentoo update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-17
Gentoo has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
Full Advisory:
http://secunia.com/advisories/11619/
--
[SA11612] Fedora update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-14
Fedora has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
Full Advisory:
http://secunia.com/advisories/11612/
--
[SA11628] SGI IRIX rpc.mountd Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-05-18
SGI has reported a vulnerability in IRIX, allowing malicious people to
cause a DoS (Denial of Service) on the rpc.mountd daemon.
Full Advisory:
http://secunia.com/advisories/11628/
--
[SA11668] Red Hat update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-20
Red Hat has issued updates for mc. These fix some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/11668/
--
[SA11621] Slackware update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-17
Slackware has issued updates for mc. These fix some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/11621/
--
[SA11618] SuSE update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-17
SuSE has issued updates for mc. These fix some vulnerabilities, which
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/11618/
--
[SA11615] HP-UX B6848AB GTK+ Support Libraries Insecure Directory
Permissions
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2004-05-14
HP has reported a vulnerability in HP-UX, which can be exploited by
malicious, local users to manipulate the content of certain files.
Full Advisory:
http://secunia.com/advisories/11615/
--
[SA11609] Gentoo update for utempter
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-14
Gentoo has issued an update for utempter. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with higher privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11609/
--
[SA11605] OpenBSD procfs Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, DoS
Released: 2004-05-13
OpenBSD has issued patches for procfs. These fix a vulnerability, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service) or gain knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/11605/
--
[SA11616] Sun Solaris SMC Web Server File Enumeration Security Issue
Critical: Not critical
Where: From local network
Impact: Exposure of system information
Released: 2004-05-14
Jon Hart has reported a security issue in Sun Solaris, which can be
exploited by malicious people to enumerate files on an affected
system.
Full Advisory:
http://secunia.com/advisories/11616/
--
[SA11611] Fedora update for iproute
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2004-05-14
Fedora has issued updated packages for iproute. These fix a
vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11611/
Other:--
[SA11632] Sidewinder G2 Firewall Multiple Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-18
Multiple vulnerabilities have been reported in Sidewinder, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/11632/
--
[SA11603] Sweex Wireless Broadband Router Exposure of Configuration
Critical: Moderately critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-05-13
Mark Janssen has reported a vulnerability in Sweex Wireless Broadband
Router/Accesspoint, allowing malicious people to gain knowledge of the
configuration.
Full Advisory:
http://secunia.com/advisories/11603/
--
[SA11627] Blue Coat Security Gateway OS Private Key Disclosure
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2004-05-18
A security issue has been reported in Blue Coat SGOS, which may
disclose private keys associated with imported certificates.
Full Advisory:
http://secunia.com/advisories/11627/
--
[SA11606] Linksys BEF Series Routers DHCP Vulnerability
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2004-05-13
Jon Hart has reported a vulnerability in Linksys BEFSR41 and BEFW11S4,
which can be exploited by malicious people to gain knowledge of
sensitive information or cause a DoS (Denial of Service)
Full Advisory:
http://secunia.com/advisories/11606/
Cross Platform:--
[SA11649] Zen Cart SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-19
Oliver Minack has reported a vulnerability in Zen Cart, allowing
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/11649/
--
[SA11640] phpMyFAQ Arbitrary File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-05-19
Stefan Esser has reported a vulnerability in phpMyFAQ, allowing
malicious people to view arbitrary local files and potentially execute
arbitrary local php code.
Full Advisory:
http://secunia.com/advisories/11640/
--
[SA11639] Java Secure Socket Extension Unspecified Server Certificate
Validation Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: 2004-05-19
A vulnerability has been discovered in JSSE (Java Secure Socket
Extension), allowing malicious websites to impersonate trusted
websites.
Full Advisory:
http://secunia.com/advisories/11639/
--
[SA11625] PHP-Nuke Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2004-05-18
Janek Vind has reported three vulnerabilities in PHP-Nuke, allowing
malicious people to conduct Cross Site Scripting attacks and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11625/
--
[SA11608] Ethereal Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-05-14
Multiple vulnerabilities have been discovered in Ethereal, which can be
exploited by malicious people to compromise a vulnerable system or
cause a DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11608/
--
[SA11602] Multiple Browsers Telnet URI Handler File Manipulation
Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-13
A vulnerability has been reported in various browsers, which can be
exploited by malicious people to create or truncate files on a user's
system.
Full Advisory:
http://secunia.com/advisories/11602/
--
[SA11624] osCommerce Directory Traversal Vulnerability
Critical: Not critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-05-19
l0om has reported a security issue in osCommerce, allowing malicious
administrative users to view arbitrary local files.
Full Advisory:
http://secunia.com/advisories/11624/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
More information about the ISN
mailing list