[ISN] Secunia Weekly Summary

From: InfoSec News (isn@private)
Date: Fri Sep 26 2003 - 01:21:15 PDT

  • Next message: InfoSec News: "Re: [ISN] State Department's warns visa-checking system crippled by computer virus"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
                              2003-09-18 - 2003-09-25
    
                             This week : 71 advisories
    
    ===========================================================================
    
    On September 10th Microsoft released a patch against three new RPC
    vulnerabilities. Several sources have reported that exploit code is in the
    wild.
    
    Make sure that your systems are patched and secure against a new series of
    possible Blaster like worms.
    
    Secunia has made an on-line test which quickly determines whether your
    system is vulnerable or not:
    http://www.secunia.com/MS03-039/
    
    For more information see SA9692:
    http://www.secunia.com/advisories/9692/
    
    
    Secunia - Stay Secure
    
    ===========================================================================
    
    ============
     2003-09-25
    ============
    
    EnGarde WebTool-userpass Exposes Passwords
    SA9841 - Less critical
    http://www.secunia.com/advisories/9841/
    
     -- 
    
    OpenPKG update for OpenSSH
    SA9839 - Highly critical
    http://www.secunia.com/advisories/9839/
    
     -- 
    
    VMware ESX update for OpenSSH
    SA9838 - Highly critical
    http://www.secunia.com/advisories/9838/
    
    
    ============
     2003-09-24
    ============
    
    wodFTPServer FTP Command Buffer Overflow Vulnerability
    SA9837 - Highly critical
    http://www.secunia.com/advisories/9837/
    
     -- 
    
    mpg123 Audio Streaming Service Buffer Overflow
    SA9836 - Moderately critical
    http://www.secunia.com/advisories/9836/
    
     -- 
    
    WU-FTPD "MAIL_ADMIN" Buffer Overflow Vulnerability
    SA9835 - Moderately critical
    http://www.secunia.com/advisories/9835/
    
     -- 
    
    Microsoft PowerPoint Modify Protection Bypass
    SA9834 - Not critical
    http://www.secunia.com/advisories/9834/
    
     -- 
    
    Midnight Commander VFS symlink buffer overflow
    SA9833 - Moderately critical
    http://www.secunia.com/advisories/9833/
    
     -- 
    
    SCO OpenServer update for WU-FTPD
    SA9832 - Highly critical
    http://www.secunia.com/advisories/9832/
    
     -- 
    
    NetUP Multiple Vulnerabilities
    SA9831 - Highly critical
    http://www.secunia.com/advisories/9831/
    
     -- 
    
    Slackware update for ProFTPD
    SA9830 - Highly critical
    http://www.secunia.com/advisories/9830/
    
     -- 
    
    ProFTPD ASCII Mode File Transfer Buffer Overflow Vulnerability
    SA9829 - Highly critical
    http://www.secunia.com/advisories/9829/
    
     -- 
    
    Slackware update for WU-FTPD
    SA9828 - Highly critical
    http://www.secunia.com/advisories/9828/
    
     -- 
    
    Slackware update for OpenSSH
    SA9827 - Highly critical
    http://www.secunia.com/advisories/9827/
    
     -- 
    
    Gentoo update for OpenSSH
    SA9826 - Highly critical
    http://www.secunia.com/advisories/9826/
    
     -- 
    
    OpenSSH PAM implementation Vulnerability
    SA9825 - Highly critical
    http://www.secunia.com/advisories/9825/
    
     -- 
    
    Arkeia Large TCP Packet Buffer Overflow Vulnerability
    SA9824 - Moderately critical
    http://www.secunia.com/advisories/9824/
    
     -- 
    
    Powerslave SQL Statement Disclosure Vulnerability
    SA9817 - Not critical
    http://www.secunia.com/advisories/9817/
    
    
    ============
     2003-09-23
    ============
    
    Xitami Denial of Service
    SA9823 - Moderately critical
    http://www.secunia.com/advisories/9823/
    
     -- 
    
    IBM AIX update for Sendmail
    SA9822 - Highly critical
    http://www.secunia.com/advisories/9822/
    
     -- 
    
    HP-UX update for Secure Shell
    SA9821 - Highly critical
    http://www.secunia.com/advisories/9821/
    
     -- 
    
    HP-UX update for Sendmail
    SA9820 - Highly critical
    http://www.secunia.com/advisories/9820/
    
     -- 
    
    myPHPNuke SQL injection Vulnerability
    SA9819 - Moderately critical
    http://www.secunia.com/advisories/9819/
    
     -- 
    
    Conectiva update for wu-ftpd
    SA9818 - Highly critical
    http://www.secunia.com/advisories/9818/
    
     -- 
    
    Debian update for KDE
    SA9816 - Less critical
    http://www.secunia.com/advisories/9816/
    
     -- 
    
    SuSE update for sendmail
    SA9815 - Highly critical
    http://www.secunia.com/advisories/9815/
    
     -- 
    
    Mac OS X Multiple Vulnerabilities
    SA9814 - Highly critical
    http://www.secunia.com/advisories/9814/
    
     -- 
    
    Ingate Firewall and SIParator Denial of Service and Filter Bypass
    SA9809 - Moderately critical
    http://www.secunia.com/advisories/9809/
    
    
    ============
     2003-09-22
    ============
    
    Red Hat updates for Apache and mod_ssl
    SA9813 - Less critical
    http://www.secunia.com/advisories/9813/
    
     -- 
    
    Community Wizard User Authentication Bypass Vulnerability
    SA9812 - Moderately critical
    http://www.secunia.com/advisories/9812/
    
     -- 
    
    NetScreen-IDP OpenSSH Buffer Management Vulnerabilities
    SA9811 - Highly critical
    http://www.secunia.com/advisories/9811/
    
     -- 
    
    Blue Coat Systems OpenSSH Buffer Management Vulnerability
    SA9810 - Highly critical
    http://www.secunia.com/advisories/9810/
    
     -- 
    
    Sun Solaris Sendmail "prescan()" Buffer Overflow Vulnerability
    SA9808 - Highly critical
    http://www.secunia.com/advisories/9808/
    
     -- 
    
    Macromedia ColdFusion Default Error Handlers Cross-Site Scripting
    SA9807 - Less critical
    http://www.secunia.com/advisories/9807/
    
     -- 
    
    Sun Solaris Secure Shell Buffer Management Vulnerability
    SA9806 - Highly critical
    http://www.secunia.com/advisories/9806/
    
     -- 
    
    LSH Error Checking Heap Overflow Vulnerability
    SA9805 - Highly critical
    http://www.secunia.com/advisories/9805/
    
     -- 
    
    Conectiva update for KDE
    SA9804 - Moderately critical
    http://www.secunia.com/advisories/9804/
    
     -- 
    
    Debian ipmasq Insecure Filtering Rules
    SA9803 - Moderately critical
    http://www.secunia.com/advisories/9803/
    
     -- 
    
    MondoSearch Unspecified Server Access Vulnerability
    SA9802 - Highly critical
    http://www.secunia.com/advisories/9802/
    
     -- 
    
    OpenPKG update for sendmail
    SA9801 - Highly critical
    http://www.secunia.com/advisories/9801/
    
     -- 
    
    Microsoft BizTalk Server Insecure Permissions
    SA9800 - Moderately critical
    http://www.secunia.com/advisories/9800/
    
     -- 
    
    Microsoft Windows TCP Packet Information Disclosure
    SA9799 - Not critical
    http://www.secunia.com/advisories/9799/
    
     -- 
    
    StoneGate OpenSSH Buffer Management Vulnerability
    SA9798 - Highly critical
    http://www.secunia.com/advisories/9798/
    
    
    ============
     2003-09-19
    ============
    
    Sun Java JAXP Nested Entity Definitions Denial of Service
    SA9797 - Less critical
    http://www.secunia.com/advisories/9797/
    
     -- 
    
    Mambo SQL Injection Vulnerabilities
    SA9796 - Highly critical
    http://www.secunia.com/advisories/9796/
    
     -- 
    
    DB2 Discovery Service Denial of Service Vulnerability
    SA9795 - Less critical
    http://www.secunia.com/advisories/9795/
    
     -- 
    
    Immunix update for OpenSSH
    SA9794 - Highly critical
    http://www.secunia.com/advisories/9794/
    
     -- 
    
    Debian update for libmailtools-perl
    SA9793 - Highly critical
    http://www.secunia.com/advisories/9793/
    
     -- 
    
    Debian update for hztty
    SA9792 - Less critical
    http://www.secunia.com/advisories/9792/
    
     -- 
    
    Debian update for gopher
    SA9791 - Highly critical
    http://www.secunia.com/advisories/9791/
    
     -- 
    
    WinRAR Directory Traversal Vulnerability
    SA9790 - Less critical
    http://www.secunia.com/advisories/9790/
    
     -- 
    
    IBM AIX tsm Format String Vulnerability
    SA9789 - Moderately critical
    http://www.secunia.com/advisories/9789/
    
     -- 
    
    IBM AIX lpd Privilege Escalation Vulnerability
    SA9788 - Less critical
    http://www.secunia.com/advisories/9788/
    
     -- 
    
    EnGarde update for MySQL
    SA9787 - Not critical
    http://www.secunia.com/advisories/9787/
    
     -- 
    
    Immunix update for sendmail
    SA9786 - Highly critical
    http://www.secunia.com/advisories/9786/
    
     -- 
    
    Mandrake update for gtkhtml
    SA9785 - Less critical
    http://www.secunia.com/advisories/9785/
    
     -- 
    
    Sun Java XSL Template Parsing Denial of Service
    SA9784 - Less critical
    http://www.secunia.com/advisories/9784/
    
     -- 
    
    Mandrake update for MySQL
    SA9783 - Not critical
    http://www.secunia.com/advisories/9783/
    
     -- 
    
    Conectiva update for sendmail
    SA9782 - Highly critical
    http://www.secunia.com/advisories/9782/
    
     -- 
    
    Conectiva update for MySQL
    SA9781 - Less critical
    http://www.secunia.com/advisories/9781/
    
    
    ============
     2003-09-18
    ============
    
    HP Tru64 NFS AdvFS Memory Corruption
    SA9780 - Less critical
    http://www.secunia.com/advisories/9780/
    
     -- 
    
    DB2 db2licm and db2dart Privilege Escalation
    SA9779 - Not critical
    http://www.secunia.com/advisories/9779/
    
     -- 
    
    Plug and Play Web Server Directory Traversal and Buffer Overflow
    SA9778 - Highly critical
    http://www.secunia.com/advisories/9778/
    
     -- 
    
    Debian update for sendmail
    SA9777 - Highly critical
    http://www.secunia.com/advisories/9777/
    
     -- 
    
    TM-POP3 Server User Credential Disclosure Vulnerability
    SA9776 - Less critical
    http://www.secunia.com/advisories/9776/
    
     -- 
    
    Liquid War "HOME" Environment Variable Privilege Escalation
    SA9775 - Not critical
    http://www.secunia.com/advisories/9775/
    
     -- 
    
    Conectiva update for OpenSSH
    SA9774 - Highly critical
    http://www.secunia.com/advisories/9774/
    
     -- 
    
    Trustix update for OpenSSH
    SA9773 - Highly critical
    http://www.secunia.com/advisories/9773/
    
     -- 
    
    Trustix update for MySQL
    SA9772 - Not critical
    http://www.secunia.com/advisories/9772/
    
     -- 
    
    NetBSD update for OpenSSH
    SA9771 - Highly critical
    http://www.secunia.com/advisories/9771/
    
     -- 
    
    NetBSD Insufficient sysctl Argument Handling
    SA9770 - Less critical
    http://www.secunia.com/advisories/9770/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by clicking
    the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: support@private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Sep 26 2003 - 03:56:01 PDT