========================================================================
The Secunia Weekly Advisory Summary
2003-11-06 - 2003-11-13
This week : 45 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
New Layout
The Secunia Weekly Summary has been updated with a new layout. The new
layout aids to give a better overview of security vulnerabilities and
updates in the past week.
Effective from this week, content in the Secunia Weekly Summary will be
grouped, ordered and displayed with additional information such as:
- Secunia Advisory ID
- Critical Rating
- Where
- Impact
- Short Description
- Direct Link to Full Advisory
More information about terms used can be found here:
http://www.secunia.com/about_secunia_advisories/
All future summaries will also be archived online here:
http://www.secunia.com/secunia_weekly_summary/
Feedback and comments to our new Secunia Weekly Summary are most
welcome: support@private
========================================================================
2) This Week in Brief:
Microsoft has released their monthly security updates. Correcting
vulnerabilities in Internet Explorer, Word/Excel, Frontpage Extensions
and the Workstation service. Secunia has rated all four security
bulletins from Microsoft as Highly Critical.
Ref.: [SA10195], [SA10194], [SA10193] & [SA10192]
Earlier this week, security researcher Liu Die Yu demonstrated how the
combination of no less than 6 different vulnerabilities in Internet
Explorer and FlashPlayer could lead to execution of arbitrary code on a
victims system. Some of the vulnerabilities used in the example are
already known, others are new.
Ref.: [SA10157] & [SA10155]
Multiple vulnerabilities were disclosed in Bugzilla, a widely used
software development bug tracking system. Some of which could be abused
to view information which the user is NOT privileged to see, such as
non-fixed security issues.
Ref.: [SA10149]
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10157] Microsoft Internet Explorer Local Zone Access
2. [SA10155] Microsoft Internet Explorer Exposure of Installed
Components
3. [SA10194] Microsoft Word and Excel Execution of Arbitrary Code
4. [SA10192] Microsoft Internet Explorer Multiple Vulnerabilities
5. [SA10170] SCO OpenServer update for gwxlibs
6. [SA10180] Eudora From and Reply-To Buffer Overflow Vulnerability
7. [SA10193] Microsoft Windows Workstation Service Buffer Overflow
8. [SA10195] Microsoft Frontpage Server Extensions Remotely
Exploitable Buffer Overflow
9. [SA10080] Chi Kien Uong Guestbook Cross Site Scripting
Vulnerability
10. [SA10127] Citrix MetaFrame XP Error Page Cross-Site Scripting
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10195] Microsoft Frontpage Server Extensions Remotely Exploitable
Buffer Overflow
[SA10194] Microsoft Word and Excel Execution of Arbitrary Code
[SA10192] Microsoft Internet Explorer Multiple Vulnerabilities
[SA10167] Cerberus FTP Server Unspecified Buffer Overflow Vulnerability
[SA10193] Microsoft Windows Workstation Service Buffer Overflow
[SA10189] tsworks Attachment Buffer Overflow Vulnerability
[SA10183] tc.SimpleWebServer Directory Traversal Vulnerability
[SA10180] Eudora From and Reply-To Buffer Overflow Vulnerability
[SA10157] Microsoft Internet Explorer Local Zone Access
[SA10163] UniChat Character Handling Denial of Service Vulnerability
[SA10164] VieBoard Path Disclosure Vulnerability
[SA10155] Microsoft Internet Explorer Exposure of Installed Components
UNIX/Linux:
[SA10170] SCO OpenServer update for gwxlibs
[SA10200] Red Hat update for Ethereal
[SA10184] Debian update for epic4
[SA10179] Red Hat update for Ethereal
[SA10176] Conectiva update for thttpd
[SA10174] Conectiva update for ethereal
[SA10171] OpenLinux update for ethereal
[SA10169] SCO OpenServer update for Apache
[SA10160] HP-UX Java Classloader Applet Privilege Escalation
Vulnerability
[SA10187] Mandrake update for hylafax
[SA10185] SuSE HylaFAX hfaxd Format String Vulnerability
[SA10177] Conectiva update for net-snmp
[SA10197] Nokia IPSO Network Voyager Log Cross Site Scripting
[SA10168] OpenBSD ISAKMPd Multiple Security Issues
[SA10202] Red Hat update for PostgreSQL
[SA10175] Conectiva update for CUPS
[SA10166] Ganglia gmond Denial of Service Vulnerability
[SA10161] Debian update for PostgreSQL
[SA10188] wmapm Privilege Escalation Vulnerability
[SA10186] Sun Cobalt RaQ 550 UI Information Disclosure Vulnerability
[SA10162] X-CD-Roast Insecure File Creation Vulnerability
[SA10159] HP-UX "NLSPATH" Privilege Escalation Vulnerability
[SA10158] HP-UX Software Distributor Privilege Escalation Vulnerability
[SA10190] Debian update for omega-rpg
[SA10178] Debian update for conquest
Other:
[SA10156] Foundry Networks IronWare OpenSSH Denial of Service
Vulnerability
Cross Platform:
[SA10181] Online Arts DailyDose Directory Traversal Vulnerability
[SA10198] Eudora Denial of Service and Information Disclosure
Vulnerabilities
[SA10172] PowerPortal Search Box Cross-Site Scripting Vulnerability
[SA10165] Ralusp Sympoll Cross Site Scripting Vulnerability
[SA10173] DB2 db2govd, db2start and db2stop Privilege Escalation
Vulnerabilities
[SA10196] Opera Browser Arbitrary File Placement Security Issue
[SA10191] Gaim Exposure of Local User Name Security Issue
========================================================================
5) Vulnerabilities Content Listing
Windows:
[SA10195] Microsoft Frontpage Server Extensions Remotely Exploitable
Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Microsoft has issued patches for Frontpage Server Extensions. These fix
two vulnerabilities, which can allow malicious people to execute
arbitrary code or cause a Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10195/
--
[SA10194] Microsoft Word and Excel Execution of Arbitrary Code
Critical: Highly critical
Where: From remote
Impact: System access
Microsoft has issued patches for Microsoft Excel and Word. These fix
two vulnerabilities allowing malicious people to execute arbitrary code
on a user's system.
Full Advisory:
http://www.secunia.com/advisories/10194/
--
[SA10192] Microsoft Internet Explorer Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Microsoft has issued a cumulative patch, which fixes multiple
vulnerabilities in Internet Explorer. These vulnerabilities can
potentially be exploited to bypass Internet Explorer security
restrictions and execute arbitrary code with the privileges of the
current user.
Full Advisory:
http://www.secunia.com/advisories/10192/
--
[SA10167] Cerberus FTP Server Unspecified Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
A vulnerability has been reported in Cerberus FTP Server, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10167/
--
[SA10193] Microsoft Windows Workstation Service Buffer Overflow
Critical: Highly critical
Where: From local network
Impact: System access
Microsoft has issued patches for Windows 2000 and XP. These fix a
vulnerability in the Workstation service, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10193/
--
[SA10189] tsworks Attachment Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
A vulnerability has been reported in tsworks, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10189/
--
[SA10183] tc.SimpleWebServer Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
A vulnerability has been reported in tc.SimpleWebServer allowing
malicious people to conduct directory traversal attacks.
Full Advisory:
http://www.secunia.com/advisories/10183/
--
[SA10180] Eudora From and Reply-To Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
A vulnerability has been reported in Eudora, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10180/
--
[SA10157] Microsoft Internet Explorer Local Zone Access
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Multiple vulnerabilities have been identified in Internet Explorer
allowing malicious HTML documents such as web sites to access resources
in the Local Zone.
Full Advisory:
http://www.secunia.com/advisories/10157/
--
[SA10163] UniChat Character Handling Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
A vulnerability has been reported in Unichat, which can be exploited by
malicious users to crash other user's clients.
Full Advisory:
http://www.secunia.com/advisories/10163/
--
[SA10164] VieBoard Path Disclosure Vulnerability
Critical: Not critical
Where: From remote
Impact: Exposure of system information
A vulnerability has been identified in VieBoard allowing malicious
people to see the installation path.
Full Advisory:
http://www.secunia.com/advisories/10164/
--
[SA10155] Microsoft Internet Explorer Exposure of Installed Components
Critical: Not critical
Where: From remote
Impact: Exposure of system information
A vulnerability has been identified in Internet Explorer allowing
malicious HTML documents such as web sites to see which components are
installed.
Full Advisory:
http://www.secunia.com/advisories/10155/
UNIX/Linux:
[SA10170] SCO OpenServer update for gwxlibs
Critical: Highly critical
Where: From remote
Impact: System access, DoS
SCO has issued updated packages for gwxlibs. These fix some
vulnerabilities in OpenSSL, which can be exploited by malicious people
to cause a DoS (Denial of Service) on a vulnerable system and
potentially compromise it.
Full Advisory:
http://www.secunia.com/advisories/10170/
--
[SA10200] Red Hat update for Ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Red Hat has issued updated packages for Ethereal. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system running Ethereal.
Full Advisory:
http://www.secunia.com/advisories/10200/
--
[SA10184] Debian update for epic4
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Debian has issued updated packages for epic4. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10184/
--
[SA10179] Red Hat update for Ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Red Hat has issued updated packages for Ethereal. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system running Ethereal.
Full Advisory:
http://www.secunia.com/advisories/10179/
--
[SA10176] Conectiva update for thttpd
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Conectiva has issued updated packages for thttpd. These fix three older
vulnerabilities, which can be exploited by malicious people to conduct
Cross-Site Scripting attacks and gain knowledge of sensitive
information.
Full Advisory:
http://www.secunia.com/advisories/10176/
--
[SA10174] Conectiva update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Conectiva has issued updated packages for Ethereal. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10174/
--
[SA10171] OpenLinux update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
SCO has issued updated packages for ethereal. These fix some older
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) on a vulnerable system or potentially compromise it.
Full Advisory:
http://www.secunia.com/advisories/10171/
--
[SA10169] SCO OpenServer update for Apache
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
Privilege escalation, DoS, System access
SCO has issued updated packages, which fix some older vulnerabilities
in Apache and PHP.
Full Advisory:
http://www.secunia.com/advisories/10169/
--
[SA10160] HP-UX Java Classloader Applet Privilege Escalation
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
HP has confirmed a vulnerability in HP-UX, which can be exploited by
malicious, untrusted applets to escalate their privileges on a
vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10160/
--
[SA10187] Mandrake update for hylafax
Critical: Moderately critical
Where: From local network
Impact: System access
MandrakeSoft has issued updated packages for hylafax. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10187/
--
[SA10185] SuSE HylaFAX hfaxd Format String Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
SuSE has reported a vulnerability in HylaFAX, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10185/
--
[SA10177] Conectiva update for net-snmp
Critical: Moderately critical
Where: From local network
Impact: Security Bypass
Conectiva has issued updated packages for net-snmp. These fix a
vulnerability, which can be exploited by malicious users to bypass
certain security restrictions.
Full Advisory:
http://www.secunia.com/advisories/10177/
--
[SA10197] Nokia IPSO Network Voyager Log Cross Site Scripting
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
A vulnerability has been reported in Nokia IPSO Network Voyager
allowing malicious people to inject HTML and script.
Full Advisory:
http://www.secunia.com/advisories/10197/
--
[SA10168] OpenBSD ISAKMPd Multiple Security Issues
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Multiple security issues have been reported in OpenBSD ISAKMPd, which
potentially can be exploited by malicious people to gain knowledge of
sensitive information or delete SAs (Security Associations).
Full Advisory:
http://www.secunia.com/advisories/10168/
--
[SA10202] Red Hat update for PostgreSQL
Critical: Less critical
Where: From local network
Impact: System access
Red Hat has issued updated packages for postgresql. These fix some
vulnerabilities, which potentially can be exploited by malicious users
to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10202/
--
[SA10175] Conectiva update for CUPS
Critical: Less critical
Where: From local network
Impact: DoS
Conectiva has issued updated packages for cups. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10175/
--
[SA10166] Ganglia gmond Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
A vulnerability has been reported in Ganglia, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10166/
--
[SA10161] Debian update for PostgreSQL
Critical: Less critical
Where: From local network
Impact: System access
Debian has issued updated packages for postgresql. These fix some
vulnerabilities, which potentially can be exploited by malicious users
to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10161/
--
[SA10188] wmapm Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
A vulnerability has been identified in wmapm, which potentially can be
exploited by malicious, local users to escalate their privileges on a
vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10188/
--
[SA10186] Sun Cobalt RaQ 550 UI Information Disclosure Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Sun has reported a vulnerability in Sun Cobalt RaQ 550, which can be
exploited by malicious users to gain knowledge of sensitive
information.
Full Advisory:
http://www.secunia.com/advisories/10186/
--
[SA10162] X-CD-Roast Insecure File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
A vulnerability has been reported in X-CD-Roast, which can be exploited
by malicious, local users to overwrite arbitrary files with escalated
privileges.
Full Advisory:
http://www.secunia.com/advisories/10162/
--
[SA10159] HP-UX "NLSPATH" Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10159/
--
[SA10158] HP-UX Software Distributor Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10158/
--
[SA10190] Debian update for omega-rpg
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Debian has issued updated packages for omega-rpg. These fix a
vulnerability, which can be exploited by malicious, local users to
escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10190/
--
[SA10178] Debian update for conquest
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Debian has issued updated packages for conquest. These fix a
vulnerability, which can be exploited by malicious, local users to
escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10178/
Other:
[SA10156] Foundry Networks IronWare OpenSSH Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Foundry Networks has reported that their products are affected by a
vulnerability in OpenSSH, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10156/
Cross Platform:
[SA10181] Online Arts DailyDose Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
A vulnerability has been reported in DailyDose, which can be exploited
by malicious people to read arbitrary files.
Full Advisory:
http://www.secunia.com/advisories/10181/
--
[SA10198] Eudora Denial of Service and Information Disclosure
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Qualcomm has issued a new version of Eudora. This fixes two
vulnerabilities, which can be exploited by malicious people to crash
the program or local users to see sensitive information.
Full Advisory:
http://www.secunia.com/advisories/10198/
--
[SA10172] PowerPortal Search Box Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
A vulnerability has been identified in PowerPortal, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10172/
--
[SA10165] Ralusp Sympoll Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
A vulnerability has been reported in Sympoll allowing malicious people
to conduct Cross Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10165/
--
[SA10173] DB2 db2govd, db2start and db2stop Privilege Escalation
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Some vulnerabilities have been reported in DB2, which can be exploited
by malicious users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10173/
--
[SA10196] Opera Browser Arbitrary File Placement Security Issue
Critical: Not critical
Where: From remote
Impact: Security Bypass
A security issue has been identified in the Opera browser, which can be
exploited by malicious people to place arbitrary files on a user's
system in certain known locations.
Full Advisory:
http://www.secunia.com/advisories/10196/
--
[SA10191] Gaim Exposure of Local User Name Security Issue
Critical: Not critical
Where: From remote
Impact: Exposure of sensitive information
A security issue has been reported in Gaim, which allows malicious
people to see a user's local user name on a system.
Full Advisory:
http://www.secunia.com/advisories/10191/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Subscribe:
http://www.secunia.com/secunia_weekly_summary/
Contact details:
Web : http://www.secunia.com/
E-mail : support@private
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 13 2003 - 10:06:43 PST