[ISN] Secunia Weekly Summary

From: InfoSec News (isn@private)
Date: Fri Oct 31 2003 - 01:07:19 PST

  • Next message: InfoSec News: "Re: [ISN] E-Vote Software Leaked Online"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
                              2003-10-23 - 2003-10-30
    
                             This week : 38 advisories
    
    ===========================================================================
    
    Several new vulnerabilities have been identified in Apple Mac OS X,
    spanning from local DoS (Denial of Service) to privilege escalation
    vulnerabilities.
    
    Apple Mac OS X version 10.3 corrects 13 vulnerabilities. An additional
    security update issued on 28th October corrects an unspecified
    vulnerability in Quicktime Java, which can be exploited to gain system
    access.
    
    More information about these new Apple Mac OS X vulnerabilities can be
    found at:
    
    SA10086:
    http://secunia.com/advisories/10086/
    
    SA10087:
    http://secunia.com/advisories/10087/
    
    SA10089:
    http://secunia.com/advisories/10089/
    
    
    Secunia - Stay Secure
    
    ===========================================================================
    
    ============
     2003-10-30
    ============
    
    Conectiva update for libnids
    SA10103 - Moderately critical
    http://www.secunia.com/advisories/10103/
    
     -- 
    
    Immunix update for Apache
    SA10102 - Less critical
    http://www.secunia.com/advisories/10102/
    
    
    ============
     2003-10-29
    ============
    
    Fastream NetFile FTP/WebServer Cross-Site Scripting Vulnerability
    SA10099 - Less critical
    http://www.secunia.com/advisories/10099/
    
     -- 
    
    OpenPKG update for Apache
    SA10098 - Less critical
    http://www.secunia.com/advisories/10098/
    
     -- 
    
    Apache Vulnerabilities in Various Modules
    SA10096 - Less critical
    http://www.secunia.com/advisories/10096/
    
     -- 
    
    SGI IRIX NFS Unauthorised Resource Access Vulnerability
    SA10095 - Moderately critical
    http://www.secunia.com/advisories/10095/
    
     -- 
    
    Sun Solaris NFS Client Request Denial of Service Vulnerability
    SA10094 - Less critical
    http://www.secunia.com/advisories/10094/
    
     -- 
    
    Debian update for thttpd
    SA10093 - Highly critical
    http://www.secunia.com/advisories/10093/
    
     -- 
    
    thttpd "defang()" Buffer Overflow Vulnerability
    SA10092 - Highly critical
    http://www.secunia.com/advisories/10092/
    
     -- 
    
    VMware ESX and GSX update for OpenSSL
    SA10091 - Highly critical
    http://www.secunia.com/advisories/10091/
    
     -- 
    
    Mac OS X Screen Lock Bypass Vulnerability
    SA10089 - Less critical
    http://www.secunia.com/advisories/10089/
    
     -- 
    
    Oracle Collaboration Suite May Expose Restricted Files
    SA10088 - Less critical
    http://www.secunia.com/advisories/10088/
    
     -- 
    
    Mac OS X Unspecified Quicktime Java System Compromise
    SA10087 - Moderately critical
    http://www.secunia.com/advisories/10087/
    
     -- 
    
    Mac OS X Updated Version Addresses Thirteen Vulnerabilities
    SA10086 - Moderately critical
    http://www.secunia.com/advisories/10086/
    
     -- 
    
    mod_security Server Output Buffer Overflow
    SA10085 - Less critical
    http://www.secunia.com/advisories/10085/
    
     -- 
    
    FirstClass "/Search" Exposes Web Root Contents
    SA10084 - Less critical
    http://www.secunia.com/advisories/10084/
    
     -- 
    
    Nokia IPSO Cluster Unspecified Denial of Service Vulnerability
    SA10083 - Moderately critical
    http://www.secunia.com/advisories/10083/
    
     -- 
    
    byteHoard "files.inc.php" Directory Traversal Vulnerability
    SA10082 - Less critical
    http://www.secunia.com/advisories/10082/
    
    
    ============
     2003-10-28
    ============
    
    sh-httpd Directory Traversal Vulnerability
    SA10081 - Moderately critical
    http://www.secunia.com/advisories/10081/
    
     -- 
    
    Chi Kien Uong Guestbook Cross Site Scripting Vulnerability
    SA10080 - Less critical
    http://www.secunia.com/advisories/10080/
    
     -- 
    
    Les Visiteurs Arbitrary File Inclusion Vulnerability
    SA10079 - Highly critical
    http://www.secunia.com/advisories/10079/
    
     -- 
    
    WebTide Directory Content Disclosure Vulnerability
    SA10078 - Not critical
    http://www.secunia.com/advisories/10078/
    
     -- 
    
    WU-FTPD S/KEY Authentication Buffer Overflow Vulnerability
    SA10077 - Highly critical
    http://www.secunia.com/advisories/10077/
    
     -- 
    
    Libnids TCP Reassembly Buffer Overflow Vulnerability
    SA10076 - Moderately critical
    http://www.secunia.com/advisories/10076/
    
     -- 
    
    Yahoo! Messenger File Transfer Denial of Service Vulnerability
    SA10075 - Not critical
    http://www.secunia.com/advisories/10075/
    
     -- 
    
    Slackware update for gdm
    SA10074 - Not critical
    http://www.secunia.com/advisories/10074/
    
     -- 
    
    Slackware update for fetchmail
    SA10073 - Less critical
    http://www.secunia.com/advisories/10073/
    
     -- 
    
    Norton Internet Security Blocked Site Cross-Site Scripting Vulnerability
    SA10067 - Less critical
    http://www.secunia.com/advisories/10067/
    
    
    ============
     2003-10-27
    ============
    
    Mandrake update for apache2
    SA10072 - Not critical
    http://www.secunia.com/advisories/10072/
    
     -- 
    
    SiteKiosk Base URL Restriction Bypass
    SA10071 - Less critical
    http://www.secunia.com/advisories/10071/
    
     -- 
    
    HP Tru64 dtprintinfo Unspecified Vulnerability
    SA10070 - Moderately critical
    http://www.secunia.com/advisories/10070/
    
     -- 
    
    Conectiva update for anonftp
    SA10069 - Less critical
    http://www.secunia.com/advisories/10069/
    
     -- 
    
    Advanced Poll Execution of Arbitrary Code
    SA10068 - Highly critical
    http://www.secunia.com/advisories/10068/
    
     -- 
    
    Microsoft HTML Help Control Privilege Escalation Vulnerability
    SA10066 - Less critical
    http://www.secunia.com/advisories/10066/
    
    
    ============
     2003-10-24
    ============
    
    CensorNet "DENIEDURL" Cross-Site Scripting Vulnerability
    SA10065 - Less critical
    http://www.secunia.com/advisories/10065/
    
     -- 
    
    Apache Cocoon Directory Traversal Vulnerability
    SA10064 - Less critical
    http://www.secunia.com/advisories/10064/
    
     -- 
    
    Sun Solstice X.25 Denial of Service and System Compromise
    SA10063 - Moderately critical
    http://www.secunia.com/advisories/10063/
    
     -- 
    
    Insight Manager Unspecified Vulnerability in Web Agent
    SA10062 - Moderately critical
    http://www.secunia.com/advisories/10062/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by clicking
    the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: support@private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 31 2003 - 04:37:21 PST