From security-bulletins@us-cert.gov Wed Mar 17 21:03:38 2004 From: US-CERT Security Bulletins To: security-bulletins@us-cert.gov Date: Wed, 17 Mar 2004 19:48:51 -0500 Subject: US-CERT Cyber Security Bulletin SB04-077 -- Summary of Security Items from March 3 through March 16, 2004 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary of Security Items from March 3 through March 16, 2004 US-CERT will begin to incorporate some of the information from CyberNotes into Cyber Security Bulletins. CyberNotes were previously compiled for the Department of Homeland Security and posted to the NIPC web site. During the transition of the information into the Cyber Security Bulletin, we are offering a PDF version of the most recent version of CyberNotes on the US-CERT web site. Publications by US-CERT Microsoft Outlook mailto URL Handling Vulnerability A vulnerability in the way Outlook 2002 interprets a "mailto:" URL could allow an attacker to execute arbitrary code of their choosing on the system running the vulnerable version of Outlook. * TA04-070A: Microsoft Outlook mailto URL Handling Vulnerability * VU#305206: Microsoft Outlook fails to properly filter parameters passed via "mailto:" URL US-CERT Vulnerability Notes VU#114070: NetScreen Instant Virtual Extranet (IVE) platform contains cross-site scripting vulnerability in delhomepage.cgi NetScreen Instant Virtual Extranet (IVE) platform contains a cross-site scripting vulnerability in the row parameter of delhomepage.cgi, which could allow an attacker to mount a cross-site scripting attack. VU#197318: IBM Net.Data db2www CGI interpreter fails to properly validate requested macro filenames IBM Net.Data fails to properly validate user input passed to the db2www CGI interpreter which could allow an attacker to mount a cross-site scripting attack against a vulnerable system. VU#363374: Cisco CSS 11000 Series Content Services Switch vulnerable to DoS via malformed UDP packets Several models of the Cisco Content Services Switch contain a vulnerability in their management interface that allows an attacker to restart the switch, resulting in a denial of service attack. VU#395670: FreeBSD fails to limit number of TCP segments held in reassembly queue FreeBSD fails to limit the number of TCP segments held in a reassembly queue which could allow an attacker to exhaust all available memory buffers (mbufs) on the destination system resulting in a denial-of-service condition. VU#412566: Solaris conv_fix insecure file handling vulnerability A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system. VU#490620: Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. VU#493966: Libxml2 URI parsing errors in nanohttp and nanoftp Libxml is the XML parser for Gnome, a desktop suite and development platform for Linux systems. Libxml2, the latest version of the library as of this writing, has a buffer overflow vulnerability which may allow execution of arbitrary code. VU#584606: NTP service vulnerable to internal overflow if date / time offset is greater than 34 years NTP (Network TIme Protocol) contains an integer overflow vulnerability that may lead to clients receiving an incorrect date/time offset. VU#688094: Microsoft MSN Messenger fails to properly validate file requests Microsoft MSN Messenger fails to properly validate file requests which could allow an attacker to view the contents of files on the victim's system. VU#694782: Sun Solaris passwd command allows for privilege escalation Sun Solaris contains a vulnerability in the passwd(1) command which could allow for privilege escalation. VU#831534: cPanel fails to verify input passed to the "user" parameter A remotely exploitable vulnerability in CPanel's password reset and login scripts may allow a remote attacker to gain control of the vulnerable system. VU#878526: Apple Mac OS X "cd9660.util" buffer overflow A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system. VU#902374: Apple Mac OS X TruBlueEnvironment vulnerable to buffer overflow Apple Mac OS X contains a buffer overflow in TruBlueEnvironment which could allow a local, authenticated attacker to execute arbitrary code with root privileges. VU#981222: Linux kernel mremap(2) system call does not properly check return value from do_munmap() function A vulnerability in the Linux mremap(2) system call could allow an authenticated, local attacker to execute arbitrary code with root privileges. VU#982630: Microsoft Windows Media Services fails to properly validate TCP requests Microsoft Windows Media Services fails to properly validate TCP requests which could allow a remote, unauthenticated attacker to cause the services to refuse new TCP connections. Publications by Vendors Apache Software Foundation * mod_ssl memory leak (03-08-04) Cisco * Cisco Security Advisory: Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability (03-04-04) Debian * DSA-464 gdk-pixbuf (03-16-04) * DSA-463 samba - privilege escalation (03-12-04) * DSA-462 xitalk - missing privilege release (03-12-04) * DSA-461 calife - buffer overflow (03-11-04) * DSA-460 sysstat - insecure temporary file (03-10-04) * DSA-459 kdelibs - cookie path traversal (03-10-04) * DSA-458 python2.2 - buffer overflow (03-09-04) * DSA-457 wu-ftpd - several vulnerabilities (03-08-04) * DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush (03-06-04) * DSA-455 libxml - buffer overflows (03-03-04) Fedora * Fedora Core 1 Update: coreutils-5.0-34.1 (03-10-04) * Fedora Core 1 Update: less-382-1.1 (03-09-04) * mailman 2.1.4 available, also resolves security CAN-2003-0992 (03-05-04) * Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1 (03-04-04) Gentoo * Linux kernel do_mremap local privilege escalation (03-06-04) * Libxml2 URI Parsing Buffer Overflow Vulnerabilities (03-06-04) Hewlett Packard * HPSBUX0310-290 SSRT3622 rev.2 Bind v920 (03-15-04) * HPSBMA01003 SSRT4679 - HP Web-enabled Management Software certificate compromise using HP HTTP Server (03-11-04) * HPSBTU01000 SSRT3674 Tru64 UNIX IPsec/IKE Potential Remote Unauthorized Access (03-03-04) Macromedia * MPSB04-04 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS (03-15-04) * MPSB04-03 Potential Security Risk with Macromedia E-Licensing Client Activation Code (03-12-04) Mandrake * MDKSA-2004:022 - kdelibs (03-10-04) * MDKSA-2004:021 - mozilla (03-10-04) * MDKSA-2004:020 - gdk-pixbuf (03-10-04) * MDKSA-2004:019 - python (03-09-04) * MDKSA-2004:018 - libxml2 (03-03-04) * MDKSA-2004:017 - pwlib (03-03-04) Microsoft * MS04-010: Security Update for MSN Messenger (03-09-04) * MS04-009: Security Update for Microsoft Office (03-09-04) * MS04-008 Vulnerability in Windows Media Services Could Allow a Denial of Service (03-09-04) OpenBSD * Bug in the parsing of Allow/Deny rules for httpd(8)'s access module (03-13-04) Oracle * Security Vulnerabilities in Oracle Application Server Web Cache (03-12-04) * Security Vulnerability in Oracle9i Application and Database Servers (03-12-04) Red Hat * Updated kdelibs packages resolve cookie security issue (03-10-04) * Updated sysstat packages fix security vulnerabilities (03-10-04) * Updated gdk-pixbuf packages fix denial of service vulnerability (03-10-04) * Updated libxml2 packages fix security vulnerability (03-03-04) SCO * OpenLinux: cups denial of service vulnerability (03-03-04) SGI * SGI Advanced Linux Environment security update #14 (03-12-04) * SGI Advanced Linux Environment security update #13 (03-03-04) Sun Microsystems * Potential SSL Vulnerabilities in Sun Products (03-16-04) * Sun Java System Application Server Denial-of-Service Vulnerability (03-15-04) * ASN.1 Parsing Issue May Lead to Denial-of-Service Condition in Sun Java System Web Server and Sun Java System Application Server (03-15-04) * Sun ONE Web Server Buffer Overflow Vulnerability May Result in "Denial of Service" (DoS) (03-15-04) * Security Vulnerability With Loading Arbitrary Kernel Modules in Solaris Kernel (03-15-04) * SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols (03-15-04) * Solaris 9 patches 114332-08 and 114929-06 are WITHDRAWN - Patches Disable the Auditing Functionality on Basic Security Module (BSM) Enabled Systems (03-11-04) * Security Vulnerability Involving the passwd(1) Command (03-08-04) * Multiple Buffer Overflows in "/usr/bin/uucp" May Allow Unauthorized uucp(1C) User ID Access (03-03-04) Back to top Publications by Third Parties AusCERT * Macromedia Security Bulletin -- Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS (03-16-04) * iDEFENSE Security Advisory 03.09.04 *UPDATE* -- Microsoft Outlook "mailto:" Parameter Passing Vulnerability (03-16-04) * Macromedia Security Bulletin -- Potential Security Risk with Macromedia E-Licensing Client Activation Code (03-16-04) * NGSSoftware Insight Security Research Advisory -- IBM DB2 Remote Command Execution Privilege Upgrade (03-16-04) * RHSA-2004:053-01 -- Updated sysstat packages fix security vulnerabilities (03-15-04) * RHSA-2004:102-01 -- Updated gdk-pixbuf packages fix denial of service vulnerability (03-15-04) * Debian Security Advisory DSA 463-1 -- New samba packages fix privilege escalation in smbmnt (03-15-04) * Debian Security Advisory DSA 462-1 -- New xitalk packages fix local group utmp exploit (03-15-04) * HP SECURITY BULLETIN HPSBMA01003 -- SSRT4679 - HP Web-enabled Management Software certificate compromise using HP HTTP Server (03-15-04) * Debian Security Advisory DSA 461-1 -- New calife packages fix buffer overflow (03-12-04) * US-CERT Technical Cyber Security Alert TA04-070A -- Microsoft Outlook mailto URL Handling Vulnerability (03-11-04) * Sun(sm) Alert Notification - Sun Alert ID: 57508 -- Multiple Buffer Overflows in "/usr/bin/uucp" May Allow Unauthorized uucp(1C) User ID Access (03-11-04) * Sun(sm) Alert Notification - Sun Alert ID: 57498 -- ASN.1 Parsing Issue May Lead to Denial-of-Service Condition in Sun Java System Web Server and Sun Java System Application Server (03-11-04) * RHSA-2004:103-01 -- Updated gdk-pixbuf packages fix crash (03-11-04) * RHSA-2004:093-01 -- Updated sysstat packages fix security vulnerabilities (03-11-04) * RHSA-2004:075-01 -- Updated kdelibs packages resolve cookie security issue (03-11-04) * Debian Security Advisory DSA 460-1 -- New sysstat packages fix insecure temporary file creation (03-11-04) * Debian Security Advisory DSA 459-1 -- New kdelibs, kdelibs-crypto packages fix cookie traversal bug (03-11-04) * Debian Security Advisory DSA 458-1 -- New python2.2 packages fix buffer overflow (03-11-04) * Microsoft Security Bulletin MS04-010 -- Vulnerability in MSN Messenger Could Allow Information Disclosure (838512) (03-10-04) * Microsoft Security Bulletin MS03-022 -- Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343) (03-10-04) * Microsoft Security Bulletin MS04-009 -- Vulnerability in Microsoft Outlook Could Allow Code Execution (828040) (03-10-04) * Microsoft Security Bulletin MS04-008 -- Vulnerability in Windows Media Services Could Allow a Denial of Service (03-10-04) * RHSA-2004:096-01 -- Updated wu-ftpd package fixes security issues (03-10-04) * Debian Security Advisory DSA 457-1 -- New wu-ftpd packages fix multiple vulnerabilities (03-10-04) * CIAC BULLETIN O-093 -- Oracle9i Database Buffer Overflow Vulnerabilities (03-09-04) * NGSSoftware Insight Security Research Advisories -- Buffer Overflow Vulnerabilities in SLWebMail and SLMail Pro Supervisor Report Center (03-09-04) * CIAC BULLETIN O-090 -- Vulnerability in Novell Client Firewall Tray Icon (03-08-04) * NetBSD Security Note 20040304-1 -- NetBSD not vulnerable to TCP reassembly mbuf DoS (03-08-04) * Debian Security Advisory DSA 456-1 -- New Linux 2.2.19 packages fix local root exploit (arm) (03-08-04) * Debian Security Advisory DSA 455-1 -- New libxml packages fix arbitrary code execution (03-05-04) * HEWLETT-PACKARD SECURITY BULLETIN HPSBTU00030 -- SSRT3674 Tru64 UNIX IPsec/IKE Potential Remote Unauthorized Access (03-05-04) * Cisco Security Advisory -- Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability (03-05-04) * NGSSoftware Insight Security Research Advisory NISR03022004 -- Adobe Acrobat Reader XML Forms Data Format Buffer Overflow (03-04-04) * RHSA-2004:091-02 -- Updated libxml2 packages fix security vulnerability (03-04-04) * Debian Security Advisory DSA 454-1 and DSA 453-1 -- New Linux 2.2.22 and 2.2.20 packages fix local root exploit (03-03-04) * FreeBSD-SA-04:04.tcp -- many out-of-sequence TCP packets denial-of-service (03-03-04) F-Secure * Bagle.C (03-16-04) * NetSky.N (03-16-04) * Bagle.N (03-15-04) * Bagle.P (03-15-04) * Agobot.FO (03-15-04) * Bagle.M (03-11-04) * Java.Classloader (03-11-04) * NetSky.M (03-11-04) * NetSky.L (03-10-04) * Cidra.D (03-10-04) * Bagle.L (03-10-04) * PSW-Worm (03-10-04) * NetSky.K (03-08-04) * NetSky.J (03-08-04) * Sober.D (03-08-04) * NetSky.I (03-08-04) * NetSky.H (03-05-04) * Bagle.G (03-04-04) * NetSky.G (03-04-04) * NetSky.D (03-04-04) * NetSky.E (03-04-04) * NetSky.F (03-04-04) * Bagle.H (03-04-04) * MyDoom.H (03-03-04) * MyDoom.G (03-03-04) * Bagle.K (03-03-04) * Bagle.J (03-03-04) ISS * AS04-11 (03-15-04) * AS04-10 (03-08-04) Network Associates * Spy-Idwi (03-16-04) * W32/Netsky.n@MM (03-15-04) * W32/Bagle.p@MM (03-15-04) * W32/Polybot.l!irc (03-14-04) * W32/Bagle.n@MM (03-13-04) * Adware-Findemnow (03-12-04) * W32/Netsky.m@MM (03-11-04) * W32/Netsky.l@MM (03-10-04) * W32/Bagle.l (03-09-04) * W32/Netsky.k@MM (03-08-04) * W32/Netsky.j@MM (03-08-04) * VBS/Lasku (03-07-04) * W32/Sober.d@MM (03-07-04) * W32/Netsky.i@MM (03-07-04) * W32/NetSky.h@MM (03-05-04) * W32/Netsky.g@MM (03-04-04) * W32/Mydoom.h@MM (03-03-04) * W32/Bagle.k@MM (03-03-04) * W32/Netsky.f@MM (03-03-04) SANS * SANS NewsBites #9 (03-03-04) * SANS NewsBites #10 (03-10-04) * @RISK: The Consensus Security Vulnerability Alert #9 (03-03-04) * @RISK: The Consensus Security Vulnerability Alert #10 (03-10-04) Sophos * Troj/Prorat-D (03-16-04) * W32/Francette-H (03-16-04) * Troj/Delf-CB (03-16-04) * Troj/Flood-EF (03-16-04) * Troj/Coldrage-A (03-16-04) * Troj/DownLdr-FA (03-16-04) * W32/Floppy-B (03-16-04) * Troj/DownLdr-FC (03-16-04) * W32/Protoride-F (03-16-04) * W32/Nachi-G (03-16-04) * W32/Agobot-DZ (03-16-04) * Troj/LDPinch-K (03-16-04) * Troj/Psyme-M (03-16-04) * W32/Agobot-EC (03-16-04) * W32/SdBot-BB (03-16-04) * Troj/Apher-M (03-16-04) * Troj/Sdbot-GQ (03-16-04) * W32/Agobot-EA (03-16-04) * W32/Bagle-N (03-16-04) * Troj/Bdoor-CCK (03-15-04) * W32/Aidid-A (03-15-04) * Dial/Ras-B (03-15-04) * W32/Nackbot-A (03-15-04) * W32/Nackbot-B (03-15-04) * W32/Cone-C (03-15-04) * W32/Marjor-A (03-15-04) * W32/Randon-AD (03-15-04) * Dial/RASDial-B (03-15-04) * W32/Randon-AE (03-15-04) * W32/Sdbot-GO (03-15-04) * W32/Sdbot-GP (03-15-04) * Troj/Lohav-E (03-15-04) * W32/Agobot-EB (03-15-04) * W32/Bagle-Zip (03-15-04) * W32/Bagle-O (03-15-04) * W32/Bagle-J (03-14-04) * Troj/LDPinch-H (03-12-04) * Troj/SdAgent-A (03-12-04) * JS/Seeker-G (03-12-04) * W32/Agobot-DY (03-12-04) * W32/KWBot-G (03-12-04) * Troj/CBase-A (03-12-04) * Troj/LdPinch-I (03-12-04) * Troj/LDPinch-G (03-12-04) * Troj/LdPinchFam (03-12-04) * Troj/PAdmin-C (03-12-04) * W32/Agobot-DV (03-12-04) * W32/Sdbot-GL (03-12-04) * Troj/Inor-G (03-12-04) * W32/Agobot-DU (03-12-04) * W32/Bereb-B (03-11-04) * W32/Sdbot-AJ (03-11-04) * Troj/Ositdoor-A (03-11-04) * W32/Sdbot-AK (03-11-04) * Troj/Ovedil-A (03-11-04) * W32/Cone-A (03-11-04) * W32/Sdbot-AL (03-11-04) * Troj/Eyeveg-C (03-11-04) * Troj/Sdbot-GN (03-11-04) * Troj/Multidr-S (03-11-04) * W32/Agobot-DW (03-11-04) * Troj/Imiserv-C (03-11-04) * W32/Agobot-DX (03-11-04) * Troj/Agent-R (03-11-04) * W32/SdBot-MY (03-11-04) * W32/Netsky-M (03-11-04) * W32/Netsky-D (03-10-04) * W32/Netsky-L (03-10-04) * Troj/Domwis-A (03-10-04) * Troj/Sdbot-GM (03-10-04) * W32/Lamecada-D (03-10-04) * Troj/Small-AI (03-10-04) * W32/Cissi-C (03-10-04) * Troj/Tofger-P (03-10-04) * Troj/Killproc-C (03-10-04) * W32/Bar-1236 (03-10-04) * Troj/Cidra-D (03-10-04) * W32/Agobot-DQ (03-09-04) * XM97/Kbase-A (03-09-04) * W32/Keco-A (03-09-04) * W32/Nachi-F (03-09-04) * W32/Sdbot-GK (03-09-04) * Troj/Stawin-D (03-09-04) * Troj/StartPa-Y (03-09-04) * W32/Bagle-K (03-09-04) * W32/Netsky-F (03-09-04) * W32/MyDoom-H (03-09-04) * W32/Netsky-J (03-08-04) * W32/Netsky-K (03-08-04) * W32/Randex-AA (03-08-04) * W32/Agobot-DT (03-08-04) * Troj/LDPinch-F (03-08-04) * Troj/Clickslt-A (03-08-04) * W32/Agobot-DR (03-08-04) * Troj/Small-DW (03-08-04) * Troj/Mitglied-N (03-08-04) * Dial/Freese-B (03-08-04) * W32/Roca-A (03-08-04) * W32/Netsky-I (03-07-04) * W32/Cissi-B (03-05-04) * W32/Agobot-DS (03-05-04) * W32/Dumaru-AE (03-05-04) * VBS/Sling-A (03-05-04) * Troj/HacDef-100 (03-05-04) * W32/Doomjuice-C (03-05-04) * Troj/SdBot-GG (03-05-04) * W32/Francette-G (03-05-04) * Troj/Romanat-A (03-05-04) * Troj/LegMir-J (03-05-04) * Troj/WindFind-B (03-05-04) * W32/Netsky-H (03-05-04) * W32/Hiton-A (03-04-04) * W32/Netsky-G (03-04-04) * Troj/Ranck-K (03-04-04) * Troj/AdClick-Q (03-04-04) * Troj/Spybot-AW (03-04-04) * W32/Spybot-BR (03-04-04) * W32/Agobot-DN (03-04-04) * W32/Reur-L (03-04-04) * Troj/Reur-L (03-04-04) * W32/Reur-M (03-04-04) * Troj/Reur-M (03-04-04) * W32/Agobot-DG (03-03-04) * W32/Agobot-DH (03-03-04) * W32/Agobot-DI (03-03-04) * W32/Agobot-DJ (03-03-04) * W32/Agobot-DK (03-03-04) * W32/Agobot-DL (03-03-04) * W32/Agobot-DM (03-03-04) * W32/MyDoom-G (03-03-04) Symantec * W32.Netsky.N@mm (03-16-04) * W32.HLLW.RedDw@mm (03-15-04) * W32.Beagle.N@mm (03-15-04) * W32.Tuoba.Trojan (03-15-04) * W32.Cone.F@mm (03-14-04) * Trojan.Mitglieder.E (03-13-04) * Trojan.Mitglieder.D (03-13-04) * W32.Beagle.M@mm (03-13-04) * W32.HLLW.Citor (03-13-04) * W32.HLLW.Annil@mm (03-12-04) * W32.Cone.E@mm (03-12-04) * PWSteal.Irftp (03-12-04) * Trojan.Etsur (03-12-04) * Trojan.Noupdate (03-11-04) * Trojan.Gipma (03-10-04) * W32.Cone.D@mm (03-10-04) * W32.Netsky.M@mm (03-10-04) * Trojan.Simcss.B (03-10-04) * W97M.Trug.B (03-09-04) * W32.Netsky.L@mm (03-09-04) * W32.Cone.C@mm (03-09-04) * W32.Netsky.K@mm (03-08-04) * W32.Keco@mm (03-08-04) * W32.Netsky.J@mm (03-08-04) * W32.Sober.D@mm (03-07-04) * W32.Netsky.I@mm (03-07-04) * Trojan.Reur.B (03-05-04) * W32.HLLW.Reur.B (03-05-04) * W32.HLLW.Heycheck (03-05-04) * PWSteal.Banpaes.C (03-05-04) * W32.Netsky.H@mm (03-05-04) * W32.Netsky.G@mm (03-04-04) * X97M.Kbase (03-03-04) * W32.Mydoom.H@mm (03-03-04) * W32.Beagle.K@mm (03-03-04) * W32.Netsky.F@mm (03-03-03) Trend Micro * WORM_NETSKY.N (03-16-04) * PE_BAGLE.P (03-15-04) * WORM_AGOBOT.JP (03-14-04) * WORM_AGOBOT.DU (03-14-04) * PE_BAGLE.N (03-13-04) * WORM_NACHI.E (03-13-04) * WORM_CONE.B (03-12-04) * WORM_CONE.C (03-12-04) * WORM_AGOBOT.VP (03-12-04) * WORM_CONE.D (03-11-04) * WORM_NETSKY.M (03-10-04) * WORM_NETSKY.L (03-10-04) * WORM_BAGLE.L (03-10-04) * WORM_AGOBOT.PY (03-09-04) * MS04-010_MICROSOFT_MSN_MESSENGER (03-09-04) * MS04-009_MICROSOFT_OUTLOOK_2002 (03-09-04) * MS04-008_WINDOWS_MEDIA_SERVICES (03-09-04) * WORM_NETSKY.K (03-08-04) * WORM_SOBER.D (03-08-04) * WORM_NACHI.F (03-08-04) * WORM_NETSKY.J (03-08-04) * WORM_AGOBOT.GA (03-08-04) * WORM_NETSKY.I (03-07-04) * WORM_KECO.A (03-07-04) * WORM_CISSI.B (03-06-04) * WORM_NETSKY.H (03-05-04) * WORM_NETSKY.G (03-04-04) * WORM_MYDOOM.H (03-03-04) * WORM_BAGLE.K (03-03-04) * WORM_NETSKY.F (03-03-04) UNIRAS * NGSSoftware Security Bulletin: IBM DB2 Remote Command Execution Privilege Upgrade (03-16-04) * iDEFENSE Security Bulletin: Microsoft Outlook mailto Parameter Passing Vulnerability (03-16-04) * Macromedia Security Bulletins: 1. Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS. 2. Potential Security Risk with Macromedia E-Licensing Client Activation Code (03-16-04) * HP Web-enabled Management Software certificate compromise using HP HTTP Server (03-15-04) * HP Web-enabled Management Software certificate compromise using HP HTTP Server (03-15-04) * Two Debian Security Advisories: 1. New xitalk packages fix local group utmp exploit 2. New samba packages fix privilege escalation in smbmnt (03-15-04) * Two Red Hat Security Advisories: 1. Updated gdk-pixbuf packages fix denial of service vulnerability 2. Updated sysstat packages fix security vulnerabilities (03-15-04) * Debian Security Advisory DSA 461-1:New calife packages fix buffer overflow (03-12-04) * Two Sun Microsystems Security Advisories: 1. ASN.1 Parsing Issue May Lead to Denial-of-Service Condition in Sun Java System Web Server and Sun Java System Application Server 2. Multiple Buffer Overflows in /usr/bin/uucp May Allow Unauthorized uucp(1C) User ID Access (03-12-04) * Microsoft Outlook mailto URL Handling Vulnerability (03-11-04) * Three Red Hat Security Briefings: 1. Updated kdelibs packages resolve cookie security issue 2. Updated sysstat packages that fix various bugs and a minor security issue are now available 3. Updated gdk-pixbuf packages fix denial of service vulnerability (03-11-04) * Three Debian Security Advisories: 1. New python2.2 packages fix buffer overflow 2. New kdelibs, kdelibs-crypto packages fix cookie traversal bug 3. New sysstat packages fix insecure temporary file creation (03-11-04) * Four Mandrake Security Advisories: 1. Buffer overflow in python 2.2's getaddrinfo() 2. Updated gdk-pixbuf packages fix BMP-handling vulnerability 3. Updated mozilla packages fix multiple vulnerabilities 4. Updated kdelibs packages fix cookie theft vulnerability (03-11-04) * Multiple vendor HTTP user agent cookie path traversal issue (03-10-04) * Microsoft Security Bulletins: 1. Vulnerability in Windows Media Services Could Allow a Denial of Service 2. Vulnerability in Microsoft Outlook Could Allow Code Execution (828040) 3. Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343) 4. Vulnerability in MSN Messenger Could Allow Information Disclosure (838512) (03-10-04) * Red Hat Security Bulletin: Updated wu-ftpd package fixes security issues (03-10-04) * Debian Security Bulletin: New wu-ftpd packages fix multiple vulnerabilities (03-10-04) * CIAC Security Bulletin: Oracle9i Database Buffer Overflow Vulnerabilities (03-09-04) * NGSSoftware Security Bulletin: Buffer Overflow Vulnerabilities in SLWebMail and SLMail Pro Supervisor Report Center (03-09-04) * Malicious Software Report: NetSky variant and W32/Sober.D (03-08-04) * New libxml packages fix arbitrary code execution (03-05-04) * Tru64 UNIX IPsec/IKE Potential Remote Unauthorized Access (03-05-04) * Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability (03-05-04) * Malicious Software Report concerning variants of Bagle and Netsky (03-04-04) * NGSSoftware Insight Security Research Advisory NISR03022004 (03-04-04) * Updated libxml2 packages fix security vulnerability (03-04-04) * FreeBSD-SA-04:04.tcp many out-of-sequence TCP packets denial-of-service (03-04-04) * Squid-2.5.STABLE5 fixes and features for URL encoding tricks (03-03-04) * DSA 451-1: New xboing packages fix buffer overflows. DSA 452-1: New libapache-mod-python packages fix denial of service (03-03-04) * New Linux 2.2.22 and 2.2.20 packages fix local root exploit (03-03-04) _________________________________________________________________ Copyright 2004 Carnegie Mellon University. This document is available at and in PDF format at Terms of use, see -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAWPDsXlvNRxAkFWARAm1tAJ9BErJpsDvD1xqlXtJf/EMCTmla+ACdGBcX nA3mXY1h1bWCo2LmcewQ1rw= =E9+j -----END PGP SIGNATURE-----