=========================================================================== The Secunia Weekly Advisory Summary 2003-10-23 - 2003-10-30 This week : 38 advisories =========================================================================== Several new vulnerabilities have been identified in Apple Mac OS X, spanning from local DoS (Denial of Service) to privilege escalation vulnerabilities. Apple Mac OS X version 10.3 corrects 13 vulnerabilities. An additional security update issued on 28th October corrects an unspecified vulnerability in Quicktime Java, which can be exploited to gain system access. More information about these new Apple Mac OS X vulnerabilities can be found at: SA10086: http://secunia.com/advisories/10086/ SA10087: http://secunia.com/advisories/10087/ SA10089: http://secunia.com/advisories/10089/ Secunia - Stay Secure =========================================================================== ============ 2003-10-30 ============ Conectiva update for libnids SA10103 - Moderately critical http://www.secunia.com/advisories/10103/ -- Immunix update for Apache SA10102 - Less critical http://www.secunia.com/advisories/10102/ ============ 2003-10-29 ============ Fastream NetFile FTP/WebServer Cross-Site Scripting Vulnerability SA10099 - Less critical http://www.secunia.com/advisories/10099/ -- OpenPKG update for Apache SA10098 - Less critical http://www.secunia.com/advisories/10098/ -- Apache Vulnerabilities in Various Modules SA10096 - Less critical http://www.secunia.com/advisories/10096/ -- SGI IRIX NFS Unauthorised Resource Access Vulnerability SA10095 - Moderately critical http://www.secunia.com/advisories/10095/ -- Sun Solaris NFS Client Request Denial of Service Vulnerability SA10094 - Less critical http://www.secunia.com/advisories/10094/ -- Debian update for thttpd SA10093 - Highly critical http://www.secunia.com/advisories/10093/ -- thttpd "defang()" Buffer Overflow Vulnerability SA10092 - Highly critical http://www.secunia.com/advisories/10092/ -- VMware ESX and GSX update for OpenSSL SA10091 - Highly critical http://www.secunia.com/advisories/10091/ -- Mac OS X Screen Lock Bypass Vulnerability SA10089 - Less critical http://www.secunia.com/advisories/10089/ -- Oracle Collaboration Suite May Expose Restricted Files SA10088 - Less critical http://www.secunia.com/advisories/10088/ -- Mac OS X Unspecified Quicktime Java System Compromise SA10087 - Moderately critical http://www.secunia.com/advisories/10087/ -- Mac OS X Updated Version Addresses Thirteen Vulnerabilities SA10086 - Moderately critical http://www.secunia.com/advisories/10086/ -- mod_security Server Output Buffer Overflow SA10085 - Less critical http://www.secunia.com/advisories/10085/ -- FirstClass "/Search" Exposes Web Root Contents SA10084 - Less critical http://www.secunia.com/advisories/10084/ -- Nokia IPSO Cluster Unspecified Denial of Service Vulnerability SA10083 - Moderately critical http://www.secunia.com/advisories/10083/ -- byteHoard "files.inc.php" Directory Traversal Vulnerability SA10082 - Less critical http://www.secunia.com/advisories/10082/ ============ 2003-10-28 ============ sh-httpd Directory Traversal Vulnerability SA10081 - Moderately critical http://www.secunia.com/advisories/10081/ -- Chi Kien Uong Guestbook Cross Site Scripting Vulnerability SA10080 - Less critical http://www.secunia.com/advisories/10080/ -- Les Visiteurs Arbitrary File Inclusion Vulnerability SA10079 - Highly critical http://www.secunia.com/advisories/10079/ -- WebTide Directory Content Disclosure Vulnerability SA10078 - Not critical http://www.secunia.com/advisories/10078/ -- WU-FTPD S/KEY Authentication Buffer Overflow Vulnerability SA10077 - Highly critical http://www.secunia.com/advisories/10077/ -- Libnids TCP Reassembly Buffer Overflow Vulnerability SA10076 - Moderately critical http://www.secunia.com/advisories/10076/ -- Yahoo! Messenger File Transfer Denial of Service Vulnerability SA10075 - Not critical http://www.secunia.com/advisories/10075/ -- Slackware update for gdm SA10074 - Not critical http://www.secunia.com/advisories/10074/ -- Slackware update for fetchmail SA10073 - Less critical http://www.secunia.com/advisories/10073/ -- Norton Internet Security Blocked Site Cross-Site Scripting Vulnerability SA10067 - Less critical http://www.secunia.com/advisories/10067/ ============ 2003-10-27 ============ Mandrake update for apache2 SA10072 - Not critical http://www.secunia.com/advisories/10072/ -- SiteKiosk Base URL Restriction Bypass SA10071 - Less critical http://www.secunia.com/advisories/10071/ -- HP Tru64 dtprintinfo Unspecified Vulnerability SA10070 - Moderately critical http://www.secunia.com/advisories/10070/ -- Conectiva update for anonftp SA10069 - Less critical http://www.secunia.com/advisories/10069/ -- Advanced Poll Execution of Arbitrary Code SA10068 - Highly critical http://www.secunia.com/advisories/10068/ -- Microsoft HTML Help Control Privilege Escalation Vulnerability SA10066 - Less critical http://www.secunia.com/advisories/10066/ ============ 2003-10-24 ============ CensorNet "DENIEDURL" Cross-Site Scripting Vulnerability SA10065 - Less critical http://www.secunia.com/advisories/10065/ -- Apache Cocoon Directory Traversal Vulnerability SA10064 - Less critical http://www.secunia.com/advisories/10064/ -- Sun Solstice X.25 Denial of Service and System Compromise SA10063 - Moderately critical http://www.secunia.com/advisories/10063/ -- Insight Manager Unspecified Vulnerability in Web Agent SA10062 - Moderately critical http://www.secunia.com/advisories/10062/ =========================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +44 (0) 20 7016 2693 Fax : +44 (0) 20 7637 0419 =========================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 31 2003 - 04:37:21 PST