===========================================================================
The Secunia Weekly Advisory Summary
2003-09-18 - 2003-09-25
This week : 71 advisories
===========================================================================
On September 10th Microsoft released a patch against three new RPC
vulnerabilities. Several sources have reported that exploit code is in the
wild.
Make sure that your systems are patched and secure against a new series of
possible Blaster like worms.
Secunia has made an on-line test which quickly determines whether your
system is vulnerable or not:
http://www.secunia.com/MS03-039/
For more information see SA9692:
http://www.secunia.com/advisories/9692/
Secunia - Stay Secure
===========================================================================
============
2003-09-25
============
EnGarde WebTool-userpass Exposes Passwords
SA9841 - Less critical
http://www.secunia.com/advisories/9841/
--
OpenPKG update for OpenSSH
SA9839 - Highly critical
http://www.secunia.com/advisories/9839/
--
VMware ESX update for OpenSSH
SA9838 - Highly critical
http://www.secunia.com/advisories/9838/
============
2003-09-24
============
wodFTPServer FTP Command Buffer Overflow Vulnerability
SA9837 - Highly critical
http://www.secunia.com/advisories/9837/
--
mpg123 Audio Streaming Service Buffer Overflow
SA9836 - Moderately critical
http://www.secunia.com/advisories/9836/
--
WU-FTPD "MAIL_ADMIN" Buffer Overflow Vulnerability
SA9835 - Moderately critical
http://www.secunia.com/advisories/9835/
--
Microsoft PowerPoint Modify Protection Bypass
SA9834 - Not critical
http://www.secunia.com/advisories/9834/
--
Midnight Commander VFS symlink buffer overflow
SA9833 - Moderately critical
http://www.secunia.com/advisories/9833/
--
SCO OpenServer update for WU-FTPD
SA9832 - Highly critical
http://www.secunia.com/advisories/9832/
--
NetUP Multiple Vulnerabilities
SA9831 - Highly critical
http://www.secunia.com/advisories/9831/
--
Slackware update for ProFTPD
SA9830 - Highly critical
http://www.secunia.com/advisories/9830/
--
ProFTPD ASCII Mode File Transfer Buffer Overflow Vulnerability
SA9829 - Highly critical
http://www.secunia.com/advisories/9829/
--
Slackware update for WU-FTPD
SA9828 - Highly critical
http://www.secunia.com/advisories/9828/
--
Slackware update for OpenSSH
SA9827 - Highly critical
http://www.secunia.com/advisories/9827/
--
Gentoo update for OpenSSH
SA9826 - Highly critical
http://www.secunia.com/advisories/9826/
--
OpenSSH PAM implementation Vulnerability
SA9825 - Highly critical
http://www.secunia.com/advisories/9825/
--
Arkeia Large TCP Packet Buffer Overflow Vulnerability
SA9824 - Moderately critical
http://www.secunia.com/advisories/9824/
--
Powerslave SQL Statement Disclosure Vulnerability
SA9817 - Not critical
http://www.secunia.com/advisories/9817/
============
2003-09-23
============
Xitami Denial of Service
SA9823 - Moderately critical
http://www.secunia.com/advisories/9823/
--
IBM AIX update for Sendmail
SA9822 - Highly critical
http://www.secunia.com/advisories/9822/
--
HP-UX update for Secure Shell
SA9821 - Highly critical
http://www.secunia.com/advisories/9821/
--
HP-UX update for Sendmail
SA9820 - Highly critical
http://www.secunia.com/advisories/9820/
--
myPHPNuke SQL injection Vulnerability
SA9819 - Moderately critical
http://www.secunia.com/advisories/9819/
--
Conectiva update for wu-ftpd
SA9818 - Highly critical
http://www.secunia.com/advisories/9818/
--
Debian update for KDE
SA9816 - Less critical
http://www.secunia.com/advisories/9816/
--
SuSE update for sendmail
SA9815 - Highly critical
http://www.secunia.com/advisories/9815/
--
Mac OS X Multiple Vulnerabilities
SA9814 - Highly critical
http://www.secunia.com/advisories/9814/
--
Ingate Firewall and SIParator Denial of Service and Filter Bypass
SA9809 - Moderately critical
http://www.secunia.com/advisories/9809/
============
2003-09-22
============
Red Hat updates for Apache and mod_ssl
SA9813 - Less critical
http://www.secunia.com/advisories/9813/
--
Community Wizard User Authentication Bypass Vulnerability
SA9812 - Moderately critical
http://www.secunia.com/advisories/9812/
--
NetScreen-IDP OpenSSH Buffer Management Vulnerabilities
SA9811 - Highly critical
http://www.secunia.com/advisories/9811/
--
Blue Coat Systems OpenSSH Buffer Management Vulnerability
SA9810 - Highly critical
http://www.secunia.com/advisories/9810/
--
Sun Solaris Sendmail "prescan()" Buffer Overflow Vulnerability
SA9808 - Highly critical
http://www.secunia.com/advisories/9808/
--
Macromedia ColdFusion Default Error Handlers Cross-Site Scripting
SA9807 - Less critical
http://www.secunia.com/advisories/9807/
--
Sun Solaris Secure Shell Buffer Management Vulnerability
SA9806 - Highly critical
http://www.secunia.com/advisories/9806/
--
LSH Error Checking Heap Overflow Vulnerability
SA9805 - Highly critical
http://www.secunia.com/advisories/9805/
--
Conectiva update for KDE
SA9804 - Moderately critical
http://www.secunia.com/advisories/9804/
--
Debian ipmasq Insecure Filtering Rules
SA9803 - Moderately critical
http://www.secunia.com/advisories/9803/
--
MondoSearch Unspecified Server Access Vulnerability
SA9802 - Highly critical
http://www.secunia.com/advisories/9802/
--
OpenPKG update for sendmail
SA9801 - Highly critical
http://www.secunia.com/advisories/9801/
--
Microsoft BizTalk Server Insecure Permissions
SA9800 - Moderately critical
http://www.secunia.com/advisories/9800/
--
Microsoft Windows TCP Packet Information Disclosure
SA9799 - Not critical
http://www.secunia.com/advisories/9799/
--
StoneGate OpenSSH Buffer Management Vulnerability
SA9798 - Highly critical
http://www.secunia.com/advisories/9798/
============
2003-09-19
============
Sun Java JAXP Nested Entity Definitions Denial of Service
SA9797 - Less critical
http://www.secunia.com/advisories/9797/
--
Mambo SQL Injection Vulnerabilities
SA9796 - Highly critical
http://www.secunia.com/advisories/9796/
--
DB2 Discovery Service Denial of Service Vulnerability
SA9795 - Less critical
http://www.secunia.com/advisories/9795/
--
Immunix update for OpenSSH
SA9794 - Highly critical
http://www.secunia.com/advisories/9794/
--
Debian update for libmailtools-perl
SA9793 - Highly critical
http://www.secunia.com/advisories/9793/
--
Debian update for hztty
SA9792 - Less critical
http://www.secunia.com/advisories/9792/
--
Debian update for gopher
SA9791 - Highly critical
http://www.secunia.com/advisories/9791/
--
WinRAR Directory Traversal Vulnerability
SA9790 - Less critical
http://www.secunia.com/advisories/9790/
--
IBM AIX tsm Format String Vulnerability
SA9789 - Moderately critical
http://www.secunia.com/advisories/9789/
--
IBM AIX lpd Privilege Escalation Vulnerability
SA9788 - Less critical
http://www.secunia.com/advisories/9788/
--
EnGarde update for MySQL
SA9787 - Not critical
http://www.secunia.com/advisories/9787/
--
Immunix update for sendmail
SA9786 - Highly critical
http://www.secunia.com/advisories/9786/
--
Mandrake update for gtkhtml
SA9785 - Less critical
http://www.secunia.com/advisories/9785/
--
Sun Java XSL Template Parsing Denial of Service
SA9784 - Less critical
http://www.secunia.com/advisories/9784/
--
Mandrake update for MySQL
SA9783 - Not critical
http://www.secunia.com/advisories/9783/
--
Conectiva update for sendmail
SA9782 - Highly critical
http://www.secunia.com/advisories/9782/
--
Conectiva update for MySQL
SA9781 - Less critical
http://www.secunia.com/advisories/9781/
============
2003-09-18
============
HP Tru64 NFS AdvFS Memory Corruption
SA9780 - Less critical
http://www.secunia.com/advisories/9780/
--
DB2 db2licm and db2dart Privilege Escalation
SA9779 - Not critical
http://www.secunia.com/advisories/9779/
--
Plug and Play Web Server Directory Traversal and Buffer Overflow
SA9778 - Highly critical
http://www.secunia.com/advisories/9778/
--
Debian update for sendmail
SA9777 - Highly critical
http://www.secunia.com/advisories/9777/
--
TM-POP3 Server User Credential Disclosure Vulnerability
SA9776 - Less critical
http://www.secunia.com/advisories/9776/
--
Liquid War "HOME" Environment Variable Privilege Escalation
SA9775 - Not critical
http://www.secunia.com/advisories/9775/
--
Conectiva update for OpenSSH
SA9774 - Highly critical
http://www.secunia.com/advisories/9774/
--
Trustix update for OpenSSH
SA9773 - Highly critical
http://www.secunia.com/advisories/9773/
--
Trustix update for MySQL
SA9772 - Not critical
http://www.secunia.com/advisories/9772/
--
NetBSD update for OpenSSH
SA9771 - Highly critical
http://www.secunia.com/advisories/9771/
--
NetBSD Insufficient sysctl Argument Handling
SA9770 - Less critical
http://www.secunia.com/advisories/9770/
===========================================================================
Secunia recommends that you verify all advisories you receive, by clicking
the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : support@private
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
===========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 26 2003 - 03:56:01 PDT