The Secunia Weekly Advisory Summary

Discussion in 'other security issues & news' started by the mul, Sep 23, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    The Secunia Weekly Advisory Summary
    2004-09-16 - 2004-09-23

    This week : 70 advisories ========================================================================
    Table of Contents:

    1.....................................................Word From Secunia
    2....................................................This Week In Brief
    3...............................This Weeks Top Ten Most Read Advisories
    4.......................................Vulnerabilities Summary Listing
    5.......................................Vulnerabilities Content Listing

    ========================================================================
    1) Word From Secunia:

    Secunia has implemented new features at Secunia.com


    SECUNIA ADVISORIES NOW INCLUDE "Solution Status":
    In addition to the extensive information Secunia advisories already
    include, Secunia has added a new parameter: "Solution Status". This
    simply means that all Secunia advisories, including older advisories,
    now include the current "Solution Status" of a advisory, i.e. if the
    vendor has released a patch or not.


    IMPROVED PRODUCT PAGES:
    The improved product pages now include a detailed listing of all
    Secunia advisories affecting each product. The listings include a clear
    indication of the "Solution Status" each advisory has ("Unpatched",
    "Vendor patch", "Vendor workaround", or "Partial fix"). View the
    following for examples:

    Opera 7:
    http://secunia.com/product/761/

    Internet Explorer 6:
    http://secunia.com/product/11/

    Mozilla Firefox:
    http://secunia.com/product/3256/


    EXTRA STATISTICS:
    Each product page also includes a new pie graph, displaying the
    "Solution Status" for all Secunia advisories affecting each product in
    a given period. View the following for an example:

    Internet Explorer 6:
    http://secunia.com/product/11/#statistics_solution


    FEEDBACK SYSTEM:
    To make it easier to provide feedback to the Secunia staff, we have
    made an online feedback form. Enter your inquiry and it will
    immediately be sent to the appropriate Secunia department.

    Ideas, suggestions, and other feedback is most welcome

    Secunia Feedback Form:
    http://secunia.com/contact_form/


    ========================================================================
    2) This Week in Brief:


    ADVISORIES:

    Chris Evans has found several image related vulnerabilities in
    GdkPixbuf and libXpm, which can be exploited to compromise vulnerable
    systems.

    Many Linux distributions have already issued updated packages
    addressing these vulnerabilities.

    Please view secunia.com for information about updated packages.

    Reference:
    http://secunia.com/SA12549
    http://secunia.com/SA12542

    --

    Two vulnerabilities have been reported in PHP, which can be exploited
    to expose system information or to upload files in arbitrary locations.

    However, in order to upload files in arbitrary locations, PHP has to be
    used in a special way.

    Updated versions of PHP are available in the CVS repository. Please
    refer to the Secunia advisory below for details.

    Reference:
    http://secunia.com/SA12560

    --

    Apple has issued a security update for iChat, which addresses a
    vulnerability that can be exploited to compromise a vulnerable system.

    Please read Secunia advisory below for details about the update.

    Reference:
    http://secunia.com/SA12575


    VIRUS ALERTS:

    Secunia has not issued any virus alerts during the last week.


    ========================================================================
    3) This Weeks Top Ten Most Read Advisories:


    1. [SA12526] Mozilla Multiple Vulnerabilities
    2. [SA12528] Microsoft Multiple Products JPEG Processing Buffer
    Overflow Vulnerability
    3. [SA12304] Internet Explorer Address Bar Spoofing Vulnerability
    4. [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
    Vulnerability
    5. [SA12542] GdkPixbuf Multiple Image Decoding Vulnerabilities
    6. [SA12321] Microsoft Internet Explorer Drag and Drop Vulnerability
    7. [SA12581] Internet Explorer Cross-Domain Cookie Injection
    Vulnerability
    8. [SA12535] Netscape Multiple Vulnerabilities
    9. [SA11978] Multiple Browsers Frame Injection Vulnerability
    10. [SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability


    ========================================================================
    4) Vulnerabilities Summary Listing

    Windows:
    [SA12616] Emulive Server4 Security Bypass and Denial of Service
    Vulnerabilities
    [SA12589] Lords of the Realm III Username Handling Denial of Service
    [SA12587] WebIntelligence Document Deletion and Cross-Site Scripting
    Vulnerabilities
    [SA12578] Whatsup Gold Reserved DOS Device Name HTTP Request Denial of
    Service
    [SA12611] VP-ASP Shopping Cart Database Connection Denial of Service
    [SA12595] DNS4Me Web Server Cross-Site Scripting and Denial of Service
    [SA12581] Internet Explorer Cross-Domain Cookie Injection
    Vulnerability
    [SA12612] Pop Messenger Invalid Character Denial of Service
    Vulnerability
    [SA12585] Pigeon Server Login Denial of Service Vulnerability

    UNIX/Linux:
    [SA12630] Conectiva update for qt3
    [SA12629] Gentoo update for xine-lib
    [SA12628] Mandrake update for mpg123
    [SA12625] Mandrake update for ImageMagick
    [SA12623] Debian update for imlib2
    [SA12615] Gentoo update for gtk+ / gdk-pixbuf
    [SA12608] Debian netkit-telnet-ssl Buffer Overflow Vulnerability
    [SA12607] Gentoo update for Mozilla/Firefox/Thunderbird/Epiphany
    [SA12602] xine-lib Multiple Buffer Overflow Vulnerabilities
    [SA12599] Sun Java Enterprise System NSS Library Vulnerability
    [SA12598] FreeBSD update for CVS
    [SA12588] SuSE update for gtk2 and gdk-pixbuf
    [SA12586] Debian update for gtk+2.0
    [SA12583] Mandrake update for XFree86
    [SA12579] SuSE update for XFree86
    [SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability
    [SA12574] OpenBSD update for Xpm
    [SA12573] Debian update for imlib
    [SA12568] Red Hat update for gtk2
    [SA12565] Gentoo update for mpg123
    [SA12564] Debian update for gdk-pixbuf
    [SA12563] Debian update for imagemagick
    [SA12619] Gentoo update for freeradius
    [SA12614] Debian update for lukemftpd
    [SA12592] Debian update for wv
    [SA12582] Gentoo update for snipsnap
    [SA12570] FreeRADIUS Multiple Unspecified Denial of Service
    Vulnerabilities
    [SA12562] Gentoo update for heimdal
    [SA12584] sdd Unspecified RMT Client Vulnerability
    [SA12624] Conectiva update for spamassassin
    [SA12577] Gentoo update for apache2 and mod_dav
    [SA12576] Gentoo update for phpGroupWare
    [SA12572] Fedora update for apr-util
    [SA12632] Red Hat redhat-config-nfs Incorrect Share Permissions
    Security Issue
    [SA12631] Red Hat update for samba
    [SA12626] Slackware update for CUPS
    [SA12617] OpenBSD Radius Authentication "login_radius" Security Bypass
    [SA12603] Gentoo update for CUPS
    [SA12571] Red Hat update for CUPS
    [SA12566] Debian update for cupsys
    [SA12627] Mandrake update for webmin
    [SA12610] Fedora update for foomatic
    [SA12600] RsyncX Privilege Escalation Vulnerabilities
    [SA12596] sudo Arbitrary File Reading Vulnerability
    [SA12594] getmail Privilege Escalation Vulnerability
    [SA12591] Gentoo update for foomatic
    [SA12567] Mandrake update for printer-drivers

    Other:
    [SA12601] SMC Broadband Routers Session Handling Security Bypass

    Cross Platform:
    [SA12633] Apache "Satisfy" Directive Access Control Bypass Security
    Issue
    [SA12606] TUTOS SQL Injection and Cross-Site Scripting Vulnerabilities
    [SA12597] ReMOSitory "filecatid" SQL Injection Vulnerability
    [SA12593] YaBB Cross-Site Scripting and Security Bypass
    Vulnerabilities
    [SA12590] Snitz Forums 2000 HTTP Response Splitting Vulnerability
    [SA12569] SnipSnap HTTP Response Splitting Vulnerability
    [SA12561] MyServer Directory Traversal Vulnerability
    [SA12560] PHP Memory Leak and Arbitrary File Location Upload
    Vulnerabilities
    [SA12621] Subversion "mod_authz_svn" Unreadable Path Information
    Disclosure
    [SA12609] YaBB Input Validation Vulnerabilities
    [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
    Vulnerability
    [SA12604] Symantec ON Command CCM Default Database Administrator
    Accounts
    [SA12620] CA UniCenter Management Portal Username Disclosure Weakness

    ========================================================================
    5) Vulnerabilities Content Listing

    Windows:--

    [SA12616] Emulive Server4 Security Bypass and Denial of Service
    Vulnerabilities

    Critical: Moderately critical
    Where: From remote
    Impact: Security Bypass, DoS
    Released: 2004-09-22

    James Bercegay has reported a vulnerability in Emulive Server4, which
    can be exploited by malicious people to bypass certain security
    restrictions and cause a DoS (Denial of Service).

    Full Advisory:
    http://secunia.com/advisories/12616/

    --

    [SA12589] Lords of the Realm III Username Handling Denial of Service

    Critical: Moderately critical
    Where: From remote
    Impact: DoS
    Released: 2004-09-20

    Luigi Auriemma has reported a vulnerability in Lords of the Realm III,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).

    Full Advisory:
    http://secunia.com/advisories/12589/

    --

    [SA12587] WebIntelligence Document Deletion and Cross-Site Scripting
    Vulnerabilities

    Critical: Moderately critical
    Where: From remote
    Impact: Security Bypass, Cross Site Scripting
    Released: 2004-09-18

    Corsaire has reported two vulnerabilities in WebIntelligence, which can
    be exploited by malicious people to delete sensitive information and
    conduct cross-site scripting attacks.

    Full Advisory:
    http://secunia.com/advisories/12587/

    --

    [SA12578] Whatsup Gold Reserved DOS Device Name HTTP Request Denial of
    Service

    Critical: Moderately critical
    Where: From remote
    Impact: DoS
    Released: 2004-09-18

    A vulnerability has been reported in WhatsUp Gold, which can be
    exploited by malicious people to cause a DoS (Denial of Service).

    Full Advisory:
    http://secunia.com/advisories/12578/

    --

    [SA12611] VP-ASP Shopping Cart Database Connection Denial of Service

    Critical: Less critical
    Where: From remote
    Impact: DoS
    Released: 2004-09-22

    A vulnerability has been reported in VP-ASP, which can be exploited by
    malicious users to cause a DoS (Denial of Service).

    Full Advisory:
    http://secunia.com/advisories/12611/

    --

    [SA12595] DNS4Me Web Server Cross-Site Scripting and Denial of Service

    Critical: Less critical
    Where: From remote
    Impact: Cross Site Scripting, DoS
    Released: 2004-09-20

    James Bercegay has reported two vulnerabilities in DNS4Me Web Server,
    which can be exploited by malicious people to conduct cross-site
    scripting attacks and cause a DoS (Denial of Service).

    Full Advisory:
    http://secunia.com/advisories/12595/

    --

    [SA12581] Internet Explorer Cross-Domain Cookie Injection
    Vulnerability

    Critical: Less critical
    Where: From remote
    Impact: Hijacking
    Released: 2004-09-18

    WESTPOINT has reported a vulnerability in Internet Explorer, which
    potentially can be exploited by malicious people to conduct session
    fixation attacks.

    Full Advisory:
    http://secunia.com/advisories/12581/

    --

    [SA12612] Pop Messenger Invalid Character Denial of Service
    Vulnerability

    Critical: Less critical
    Where: From local network
    Impact: DoS
    Released: 2004-09-22

    Luigi Auriemma has reported a vulnerability in Pop Messenger, which can
    be exploited by malicious people to cause a DoS (Denial of Service).

    Full Advisory:
    http://secunia.com/advisories/12612/

    --

    [SA12585] Pigeon Server Login Denial of Service Vulnerability

    Critical: Less critical
    Where: From local network
    Impact: DoS
    Released: 2004-09-17

    Luigi Auriemma has reported a vulnerability in Pigeon Server, which can
    be exploited by malicious people to cause a DoS (Denial of Service).

    Full Advisory:
    http://secunia.com/advisories/12585/


    UNIX/Linux:--

    [SA12630] Conectiva update for qt3

    Critical: Highly critical
    Where: From remote
    Impact: DoS, System access
    Released: 2004-09-23

    Conectiva has issued an update for qt3. This fixes a vulnerability,
    which potentially can be exploited by malicious people to compromise a
    vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12630/

    --

    [SA12629] Gentoo update for xine-lib

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-23

    Gentoo has issued an update for xine-lib. This fixes some
    vulnerabilities, which can be exploited by malicious people to
    compromise a user's system.

    Full Advisory:
    http://secunia.com/advisories/12629/

    --

    [SA12628] Mandrake update for mpg123

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-23

    MandrakeSoft has issued an update for mpg123. This fixes two
    vulnerabilities, which can be exploited by malicious people to
    compromise a user's system.

    Full Advisory:
    http://secunia.com/advisories/12628/

    --

    [SA12625] Mandrake update for ImageMagick

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-23

    MandrakeSoft has issued an update for ImageMagick. This fixes some
    vulnerabilities, which can be exploited by malicious people to
    compromise a user's system.

    Full Advisory:
    http://secunia.com/advisories/12625/

    --

    [SA12623] Debian update for imlib2

    Critical: Highly critical
    Where: From remote
    Impact: System access, DoS
    Released: 2004-09-23

    Debian has issued an update for imlib2. This fixes a vulnerability,
    which potentially can be exploited by malicious people to compromise a
    user's system.

    Full Advisory:
    http://secunia.com/advisories/12623/

    --

    [SA12615] Gentoo update for gtk+ / gdk-pixbuf

    Critical: Highly critical
    Where: From remote
    Impact: DoS, System access
    Released: 2004-09-22

    Gentoo has issued updates for gdk-pixbuf and gtk+. These fix multiple
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service) and potentially compromise a vulnerable
    system.

    Full Advisory:
    http://secunia.com/advisories/12615/

    --

    [SA12608] Debian netkit-telnet-ssl Buffer Overflow Vulnerability

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-21

    A very old vulnerability reportedly still affects the netkit-telnet-ssl
    package for Debian Linux, which can be exploited by malicious people to
    compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12608/

    --

    [SA12607] Gentoo update for Mozilla/Firefox/Thunderbird/Epiphany

    Critical: Highly critical
    Where: From remote
    Impact: Cross Site Scripting, Manipulation of data, Exposure of
    sensitive information, System access
    Released: 2004-09-21

    Gentoo has issued updates for Mozilla, Firefox, Thunderbird, and
    Epiphany. These fix multiple vulnerabilities, which potentially can be
    exploited by malicious people to conduct cross-site scripting attacks,
    access and modify sensitive information, and compromise a user's
    system.

    Full Advisory:
    http://secunia.com/advisories/12607/

    --

    [SA12602] xine-lib Multiple Buffer Overflow Vulnerabilities

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-20

    Multiple vulnerabilities have been reported in xine-lib, which can be
    exploited by malicious people to compromise a user's system.

    Full Advisory:
    http://secunia.com/advisories/12602/

    --

    [SA12599] Sun Java Enterprise System NSS Library Vulnerability

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-20

    Sun has acknowledged a vulnerability in the NSS library included with
    Sun Java Enterprise System, which can be exploited by malicious people
    to compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12599/

    --

    [SA12598] FreeBSD update for CVS

    Critical: Highly critical
    Where: From remote
    Impact: Exposure of system information, DoS, System access
    Released: 2004-09-21

    FreeBSD has issued an update for CVS. This fixes multiple
    vulnerabilities, which can be exploited by malicious users to cause a
    DoS (Denial of Service), compromise a vulnerable system, or gain
    knowledge of certain system information.

    Full Advisory:
    http://secunia.com/advisories/12598/

    --

    [SA12588] SuSE update for gtk2 and gdk-pixbuf

    Critical: Highly critical
    Where: From remote
    Impact: DoS, System access
    Released: 2004-09-17

    SuSE has issued updates for gdk-pixbuf and gtk2. These fix multiple
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service) and potentially compromise a vulnerable
    system.

    Full Advisory:
    http://secunia.com/advisories/12588/

    --

    [SA12586] Debian update for gtk+2.0

    Critical: Highly critical
    Where: From remote
    Impact: DoS, System access
    Released: 2004-09-17

    Debian has issued an update for gtk+2.0. This fixes multiple
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service) and potentially compromise a vulnerable
    system.

    Full Advisory:
    http://secunia.com/advisories/12586/

    --

    [SA12583] Mandrake update for XFree86

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-17

    MandrakeSoft has issued an update for XFree86. This fixes multiple
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12583/

    --

    [SA12579] SuSE update for XFree86

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-18

    SuSE has issued an update for XFree86. This fixes multiple
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12579/

    --

    [SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-17

    Apple has issued a security update for Mac OS X iChat client. This
    fixes a vulnerability, which can be exploited by malicious people to
    compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12575/

    --

    [SA12574] OpenBSD update for Xpm

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-17

    OpenBSD has issued an update for Xpm. This fixes multiple
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12574/

    --

    [SA12573] Debian update for imlib

    Critical: Highly critical
    Where: From remote
    Impact: DoS, System access
    Released: 2004-09-16

    Debian has issued an update for imlib. This fixes a vulnerability,
    which potentially can be exploited by malicious people to compromise a
    user's system.

    Full Advisory:
    http://secunia.com/advisories/12573/

    --

    [SA12568] Red Hat update for gtk2

    Critical: Highly critical
    Where: From remote
    Impact: DoS, System access
    Released: 2004-09-16

    Red Hat has issued an update for gtk2. This fixes multiple
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service) and potentially compromise a vulnerable
    system.

    Full Advisory:
    http://secunia.com/advisories/12568/

    --

    [SA12565] Gentoo update for mpg123

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-16

    Gentoo has issued an update for mpg123. This fixes a vulnerability,
    which can be exploited by malicious people to compromise a user's
    system.

    Full Advisory:
    http://secunia.com/advisories/12565/

    --

    [SA12564] Debian update for gdk-pixbuf

    Critical: Highly critical
    Where: From remote
    Impact: System access, DoS
    Released: 2004-09-16

    Debian has issued an update for gdk-pixbuf. This fixes multiple
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service) and potentially compromise a vulnerable
    system.

    Full Advisory:
    http://secunia.com/advisories/12564/

    --

    [SA12563] Debian update for imagemagick

    Critical: Highly critical
    Where: From remote
    Impact: System access
    Released: 2004-09-20

    Debian has issued an update for ImageMagick. This fixes a
    vulnerability, which potentially can be exploited by malicious people
    to compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12563/

    --

    [SA12619] Gentoo update for freeradius

    Critical: Moderately critical
    Where: From remote
    Impact: DoS
    Released: 2004-09-23

    Gentoo has issued an update for freeradius. This fixes multiple
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service).

    Full Advisory:
    http://secunia.com/advisories/12619/

    --

    [SA12614] Debian update for lukemftpd

    Critical: Moderately critical
    Where: From remote
    Impact: Privilege escalation, System access
    Released: 2004-09-22

    Debian has issued an update for lukemftpd. This fixes some
    vulnerabilities, which potentially can be exploited by malicious users
    to gain escalated privileges or compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12614/

    --

    [SA12592] Debian update for wv

    Critical: Moderately critical
    Where: From remote
    Impact: System access
    Released: 2004-09-21

    Debian has issued an update for wv. This fixes a vulnerability, which
    potentially can be exploited by malicious people to compromise a user's
    system.

    Full Advisory:
    http://secunia.com/advisories/12592/

    --

    [SA12582] Gentoo update for snipsnap

    Critical: Moderately critical
    Where: From remote
    Impact: Cross Site Scripting
    Released: 2004-09-20

    Gentoo has issued an update for snipsnap. This fixes a vulnerability,
    which can be exploited by malicious people to conduct script insertion
    and cross-site scripting attacks.

    Full Advisory:
    http://secunia.com/advisories/12582/

    --

    [SA12570] FreeRADIUS Multiple Unspecified Denial of Service
    Vulnerabilities

    Critical: Moderately critical
    Where: From remote
    Impact: DoS
    Released: 2004-09-20

    Multiple unspecified vulnerabilities have been reported in FreeRADIUS,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).

    Full Advisory:
    http://secunia.com/advisories/12570/

    --

    [SA12562] Gentoo update for heimdal

    Critical: Moderately critical
    Where: From remote
    Impact: System access, Privilege escalation
    Released: 2004-09-16

    Gentoo has issued an update for heimdal. This fixes some
    vulnerabilities, which potentially can be exploited by malicious users
    to gain escalated privileges or compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12562/

    --

    [SA12584] sdd Unspecified RMT Client Vulnerability

    Critical: Moderately critical
    Where: From local network
    Impact: Unknown
    Released: 2004-09-18

    A vulnerability with an unknown impact has been reported in sdd.

    Full Advisory:
    http://secunia.com/advisories/12584/

    --

    [SA12624] Conectiva update for spamassassin

    Critical: Less critical
    Where: From remote
    Impact: DoS
    Released: 2004-09-23

    Connectiva has issued an update for spamassassin. This fixes a
    vulnerability, which can be exploited by malicious people to cause a
    DoS (Denial of Service).

    Full Advisory:
    http://secunia.com/advisories/12624/

    --

    [SA12577] Gentoo update for apache2 and mod_dav

    Critical: Less critical
    Where: From remote
    Impact: Privilege escalation, DoS
    Released: 2004-09-17

    Gentoo has issued updates for apache2 and mod_dav. These fix multiple
    vulnerabilities, which can be exploited to cause a DoS (Denial of
    Service) or gain escalated privileges.

    Full Advisory:
    http://secunia.com/advisories/12577/

    --

    [SA12576] Gentoo update for phpGroupWare

    Critical: Less critical
    Where: From remote
    Impact: Cross Site Scripting
    Released: 2004-09-17

    Gentoo has issued an update for phpGroupWare. This fixes a
    vulnerability, which can be exploited by malicious people to conduct
    cross-site scripting attacks.

    Full Advisory:
    http://secunia.com/advisories/12576/

    --

    [SA12572] Fedora update for apr-util

    Critical: Less critical
    Where: From remote
    Impact: DoS
    Released: 2004-09-16

    Fedora has issued an update for apr-util. This fixes a vulnerability
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).

    Full Advisory:
    http://secunia.com/advisories/12572/

    --

    [SA12632] Red Hat redhat-config-nfs Incorrect Share Permissions
    Security Issue

    Critical: Less critical
    Where: From local network
    Impact: Security Bypass
    Released: 2004-09-23

    John Buswell has reported a security issue in redhat-config-nfs, which
    may result in users having more permissions than expected on exported
    resources.

    Full Advisory:
    http://secunia.com/advisories/12632/

    --

    [SA12631] Red Hat update for samba

    Critical: Less critical
    Where: From local network
    Impact: DoS
    Released: 2004-09-23

    Red Hat has issued an update for samba. This fixes two vulnerabilities,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).

    Full Advisory:
    http://secunia.com/advisories/12631/

    --

    [SA12626] Slackware update for CUPS

    Critical: Less critical
    Where: From local network
    Impact: DoS
    Released: 2004-09-23

    Slackware has issued an update for CUPS. This fixes a vulnerability,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).

    Full Advisory:
    http://secunia.com/advisories/12626/

    --

    [SA12617] OpenBSD Radius Authentication "login_radius" Security Bypass

    Critical: Less critical
    Where: From local network
    Impact: Security Bypass
    Released: 2004-09-22

    Eilko Bos has reported a vulnerability in OpenBSD, which can be
    exploited by malicious people to bypass certain security restrictions.

    Full Advisory:
    http://secunia.com/advisories/12617/

    --

    [SA12603] Gentoo update for CUPS

    Critical: Less critical
    Where: From local network
    Impact: DoS
    Released: 2004-09-21

    Gentoo has issued an update for CUPS. This fixes a vulnerability, which
    can be exploited by malicious people to cause a DoS (Denial of
    Service).

    Full Advisory:
    http://secunia.com/advisories/12603/

    --

    [SA12571] Red Hat update for CUPS

    Critical: Less critical
    Where: From local network
    Impact: DoS
    Released: 2004-09-16

    Red Hat has issued an update for CUPS. This fixes a vulnerability,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).

    Full Advisory:
    http://secunia.com/advisories/12571/

    --

    [SA12566] Debian update for cupsys

    Critical: Less critical
    Where: From local network
    Impact: DoS
    Released: 2004-09-16

    Debian has issued an update for cupsys. This fixes a vulnerability,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).

    Full Advisory:
    http://secunia.com/advisories/12566/

    --

    [SA12627] Mandrake update for webmin

    Critical: Less critical
    Where: Local system
    Impact: Privilege escalation
    Released: 2004-09-23

    MandrakeSoft has issued an update for webmin. This fixes a
    vulnerability, which potentially can be exploited by malicious, local
    user to perform certain actions on a system with escalated privileges.

    Full Advisory:
    http://secunia.com/advisories/12627/

    --

    [SA12610] Fedora update for foomatic

    Critical: Less critical
    Where: Local system
    Impact: Privilege escalation
    Released: 2004-09-22

    Fedora has issued an update for foomatic. This fixes a vulnerability,
    which can be exploited by malicious, local users to gain escalated
    privileges.

    Full Advisory:
    http://secunia.com/advisories/12610/

    --

    [SA12600] RsyncX Privilege Escalation Vulnerabilities

    Critical: Less critical
    Where: Local system
    Impact: Privilege escalation
    Released: 2004-09-20

    Matt Johnston has reported two vulnerabilities in RsyncX, which can be
    exploited by malicious, local users to gain escalated privileges.

    Full Advisory:
    http://secunia.com/advisories/12600/

    --

    [SA12596] sudo Arbitrary File Reading Vulnerability

    Critical: Less critical
    Where: Local system
    Impact: Exposure of sensitive information
    Released: 2004-09-20

    Reznic Valery has reported a vulnerability in sudo, which can be
    exploited by malicious, local users to read arbitrary files.

    Full Advisory:
    http://secunia.com/advisories/12596/

    --

    [SA12594] getmail Privilege Escalation Vulnerability

    Critical: Less critical
    Where: Local system
    Impact: Privilege escalation
    Released: 2004-09-20

    David Watson has reported a vulnerability in getmail, which can be
    exploited by malicious, local users to gain escalated privileges.

    Full Advisory:
    http://secunia.com/advisories/12594/

    --

    [SA12591] Gentoo update for foomatic

    Critical: Less critical
    Where: Local system
    Impact: Privilege escalation
    Released: 2004-09-21

    Gentoo has issued an update for foomatic. This fixes a vulnerability,
    which can be exploited by malicious, local users to gain escalated
    privileges.

    Full Advisory:
    http://secunia.com/advisories/12591/

    --

    [SA12567] Mandrake update for printer-drivers

    Critical: Less critical
    Where: Local system
    Impact: Privilege escalation
    Released: 2004-09-16

    MandrakeSoft has issued an update for printer-drivers. This fixes a
    vulnerability, which can be exploited by malicious, local users to gain
    escalated privileges.

    Full Advisory:
    http://secunia.com/advisories/12567/


    Other:--

    [SA12601] SMC Broadband Routers Session Handling Security Bypass

    Critical: Less critical
    Where: From local network
    Impact: Security Bypass
    Released: 2004-09-20

    Jimmy Scott has reported a vulnerability in SMC broadband routers,
    which can be exploited by malicious people to bypass certain security
    restrictions.

    Full Advisory:
    http://secunia.com/advisories/12601/


    Cross Platform:--

    [SA12633] Apache "Satisfy" Directive Access Control Bypass Security
    Issue

    Critical: Moderately critical
    Where: From remote
    Impact: Security Bypass
    Released: 2004-09-23

    A security issue has been reported in Apache, which may allow malicious
    people to bypass configured access controls.

    Full Advisory:
    http://secunia.com/advisories/12633/

    --

    [SA12606] TUTOS SQL Injection and Cross-Site Scripting Vulnerabilities

    Critical: Moderately critical
    Where: From remote
    Impact: Cross Site Scripting, Manipulation of data
    Released: 2004-09-21

    Joxean Koret has reported some vulnerabilities, which can be exploited
    to conduct SQL injection and cross-site scripting attacks.

    Full Advisory:
    http://secunia.com/advisories/12606/

    --

    [SA12597] ReMOSitory "filecatid" SQL Injection Vulnerability

    Critical: Moderately critical
    Where: From remote
    Impact: Manipulation of data
    Released: 2004-09-20

    khoai has reported a vulnerability in the ReMOSitory add-on for Mambo,
    which can be exploited by malicious people to conduct SQL injection
    attacks.

    Full Advisory:
    http://secunia.com/advisories/12597/

    --

    [SA12593] YaBB Cross-Site Scripting and Security Bypass
    Vulnerabilities

    Critical: Moderately critical
    Where: From remote
    Impact: Security Bypass, Cross Site Scripting
    Released: 2004-09-21

    GulfTech Security has discovered two vulnerabilities in YaBB, which can
    be exploited by malicious people to conduct cross-site scripting attacks
    and bypass certain security restrictions.

    Full Advisory:
    http://secunia.com/advisories/12593/

    --

    [SA12590] Snitz Forums 2000 HTTP Response Splitting Vulnerability

    Critical: Moderately critical
    Where: From remote
    Impact: Cross Site Scripting
    Released: 2004-09-20

    Maestro has reported a vulnerability in Snitz Forums 2000, which can be
    exploited by malicious people to conduct script insertion and cross-site
    scripting attacks.

    Full Advisory:
    http://secunia.com/advisories/12590/

    --

    [SA12569] SnipSnap HTTP Response Splitting Vulnerability

    Critical: Moderately critical
    Where: From remote
    Impact: Cross Site Scripting
    Released: 2004-09-20

    Maestro De-Seguridad has reported a vulnerability has been reported in
    SnipSnap, which can be exploited by malicious people to conduct script
    insertion and cross-site scripting attacks.

    Full Advisory:
    http://secunia.com/advisories/12569/

    --

    [SA12561] MyServer Directory Traversal Vulnerability

    Critical: Moderately critical
    Where: From remote
    Impact: Exposure of system information, Exposure of sensitive
    information
    Released: 2004-09-16

    Arnaud Jacques has reported a vulnerability in MyServer, which can be
    exploited by malicious people to access sensitive information.

    Full Advisory:
    http://secunia.com/advisories/12561/

    --

    [SA12560] PHP Memory Leak and Arbitrary File Location Upload
    Vulnerabilities

    Critical: Moderately critical
    Where: From remote
    Impact: Exposure of sensitive information, System access
    Released: 2004-09-18

    Two vulnerabilities have been reported in PHP, which can be exploited
    by malicious people to disclose sensitive information or potentially
    compromise a vulnerable system.

    Full Advisory:
    http://secunia.com/advisories/12560/

    --

    [SA12621] Subversion "mod_authz_svn" Unreadable Path Information
    Disclosure

    Critical: Less critical
    Where: From remote
    Impact: Exposure of system information, Exposure of sensitive
    information
    Released: 2004-09-23

    A security issue has been reported in Subversion, which can be
    exploited by malicious people to disclose potentially sensitive
    information.

    Full Advisory:
    http://secunia.com/advisories/12621/

    --

    [SA12609] YaBB Input Validation Vulnerabilities

    Critical: Less critical
    Where: From remote
    Impact: Cross Site Scripting, Manipulation of data
    Released: 2004-09-22

    Two vulnerabilities have been reported in YaBB, which can be exploited
    to conduct cross-site scripting attacks and manipulate certain files.

    Full Advisory:
    http://secunia.com/advisories/12609/

    --

    [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
    Vulnerability

    Critical: Less critical
    Where: From remote
    Impact: Hijacking
    Released: 2004-09-18

    WESTPOINT has reported a vulnerability in Mozilla / Mozilla Firefox,
    which potentially can be exploited by malicious people to conduct
    session fixation attacks.

    Full Advisory:
    http://secunia.com/advisories/12580/

    --

    [SA12604] Symantec ON Command CCM Default Database Administrator
    Accounts

    Critical: Less critical
    Where: From local network
    Impact: Security Bypass
    Released: 2004-09-22

    Jonas Olsson has reported a security issue in ON Command CCM, which can
    be exploited by malicious people to access sensitive information.

    Full Advisory:
    http://secunia.com/advisories/12604/

    --

    [SA12620] CA UniCenter Management Portal Username Disclosure Weakness

    Critical: Not critical
    Where: From local network
    Impact: Exposure of system information
    Released: 2004-09-22

    Thomas Adams has reported a weakness in UniCenter Management Portal,
    which can be exploited by malicious people to disclose system
    information.

    Full Advisory:
    http://secunia.com/advisories/12620/



    ========================================================================

    Secunia recommends that you verify all advisories you receive,
    by clicking the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.

    Definitions: (Criticality, Where etc.)
    http://secunia.com/about_secunia_advisories/

    Subscribe:
    http://secunia.com/secunia_weekly_summary/

    Contact details:
    Web : http://secunia.com/
    E-mail : support@secunia.com
    Tel : +45 70 20 51 44
    Fax : +45 70 20 51 45


    THE MUL
     
Loading...
Thread Status:
Not open for further replies.