======================================================================== The Secunia Weekly Advisory Summary 2003-11-06 - 2003-11-13 This week : 45 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: New Layout The Secunia Weekly Summary has been updated with a new layout. The new layout aids to give a better overview of security vulnerabilities and updates in the past week. Effective from this week, content in the Secunia Weekly Summary will be grouped, ordered and displayed with additional information such as: - Secunia Advisory ID - Critical Rating - Where - Impact - Short Description - Direct Link to Full Advisory More information about terms used can be found here: http://www.secunia.com/about_secunia_advisories/ All future summaries will also be archived online here: http://www.secunia.com/secunia_weekly_summary/ Feedback and comments to our new Secunia Weekly Summary are most welcome: support@private ======================================================================== 2) This Week in Brief: Microsoft has released their monthly security updates. Correcting vulnerabilities in Internet Explorer, Word/Excel, Frontpage Extensions and the Workstation service. Secunia has rated all four security bulletins from Microsoft as Highly Critical. Ref.: [SA10195], [SA10194], [SA10193] & [SA10192] Earlier this week, security researcher Liu Die Yu demonstrated how the combination of no less than 6 different vulnerabilities in Internet Explorer and FlashPlayer could lead to execution of arbitrary code on a victims system. Some of the vulnerabilities used in the example are already known, others are new. Ref.: [SA10157] & [SA10155] Multiple vulnerabilities were disclosed in Bugzilla, a widely used software development bug tracking system. Some of which could be abused to view information which the user is NOT privileged to see, such as non-fixed security issues. Ref.: [SA10149] ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10157] Microsoft Internet Explorer Local Zone Access 2. [SA10155] Microsoft Internet Explorer Exposure of Installed Components 3. [SA10194] Microsoft Word and Excel Execution of Arbitrary Code 4. [SA10192] Microsoft Internet Explorer Multiple Vulnerabilities 5. [SA10170] SCO OpenServer update for gwxlibs 6. [SA10180] Eudora From and Reply-To Buffer Overflow Vulnerability 7. [SA10193] Microsoft Windows Workstation Service Buffer Overflow 8. [SA10195] Microsoft Frontpage Server Extensions Remotely Exploitable Buffer Overflow 9. [SA10080] Chi Kien Uong Guestbook Cross Site Scripting Vulnerability 10. [SA10127] Citrix MetaFrame XP Error Page Cross-Site Scripting Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA10195] Microsoft Frontpage Server Extensions Remotely Exploitable Buffer Overflow [SA10194] Microsoft Word and Excel Execution of Arbitrary Code [SA10192] Microsoft Internet Explorer Multiple Vulnerabilities [SA10167] Cerberus FTP Server Unspecified Buffer Overflow Vulnerability [SA10193] Microsoft Windows Workstation Service Buffer Overflow [SA10189] tsworks Attachment Buffer Overflow Vulnerability [SA10183] tc.SimpleWebServer Directory Traversal Vulnerability [SA10180] Eudora From and Reply-To Buffer Overflow Vulnerability [SA10157] Microsoft Internet Explorer Local Zone Access [SA10163] UniChat Character Handling Denial of Service Vulnerability [SA10164] VieBoard Path Disclosure Vulnerability [SA10155] Microsoft Internet Explorer Exposure of Installed Components UNIX/Linux: [SA10170] SCO OpenServer update for gwxlibs [SA10200] Red Hat update for Ethereal [SA10184] Debian update for epic4 [SA10179] Red Hat update for Ethereal [SA10176] Conectiva update for thttpd [SA10174] Conectiva update for ethereal [SA10171] OpenLinux update for ethereal [SA10169] SCO OpenServer update for Apache [SA10160] HP-UX Java Classloader Applet Privilege Escalation Vulnerability [SA10187] Mandrake update for hylafax [SA10185] SuSE HylaFAX hfaxd Format String Vulnerability [SA10177] Conectiva update for net-snmp [SA10197] Nokia IPSO Network Voyager Log Cross Site Scripting [SA10168] OpenBSD ISAKMPd Multiple Security Issues [SA10202] Red Hat update for PostgreSQL [SA10175] Conectiva update for CUPS [SA10166] Ganglia gmond Denial of Service Vulnerability [SA10161] Debian update for PostgreSQL [SA10188] wmapm Privilege Escalation Vulnerability [SA10186] Sun Cobalt RaQ 550 UI Information Disclosure Vulnerability [SA10162] X-CD-Roast Insecure File Creation Vulnerability [SA10159] HP-UX "NLSPATH" Privilege Escalation Vulnerability [SA10158] HP-UX Software Distributor Privilege Escalation Vulnerability [SA10190] Debian update for omega-rpg [SA10178] Debian update for conquest Other: [SA10156] Foundry Networks IronWare OpenSSH Denial of Service Vulnerability Cross Platform: [SA10181] Online Arts DailyDose Directory Traversal Vulnerability [SA10198] Eudora Denial of Service and Information Disclosure Vulnerabilities [SA10172] PowerPortal Search Box Cross-Site Scripting Vulnerability [SA10165] Ralusp Sympoll Cross Site Scripting Vulnerability [SA10173] DB2 db2govd, db2start and db2stop Privilege Escalation Vulnerabilities [SA10196] Opera Browser Arbitrary File Placement Security Issue [SA10191] Gaim Exposure of Local User Name Security Issue ======================================================================== 5) Vulnerabilities Content Listing Windows: [SA10195] Microsoft Frontpage Server Extensions Remotely Exploitable Buffer Overflow Critical: Highly critical Where: From remote Impact: DoS, System access Microsoft has issued patches for Frontpage Server Extensions. These fix two vulnerabilities, which can allow malicious people to execute arbitrary code or cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10195/ -- [SA10194] Microsoft Word and Excel Execution of Arbitrary Code Critical: Highly critical Where: From remote Impact: System access Microsoft has issued patches for Microsoft Excel and Word. These fix two vulnerabilities allowing malicious people to execute arbitrary code on a user's system. Full Advisory: http://www.secunia.com/advisories/10194/ -- [SA10192] Microsoft Internet Explorer Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Microsoft has issued a cumulative patch, which fixes multiple vulnerabilities in Internet Explorer. These vulnerabilities can potentially be exploited to bypass Internet Explorer security restrictions and execute arbitrary code with the privileges of the current user. Full Advisory: http://www.secunia.com/advisories/10192/ -- [SA10167] Cerberus FTP Server Unspecified Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access A vulnerability has been reported in Cerberus FTP Server, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10167/ -- [SA10193] Microsoft Windows Workstation Service Buffer Overflow Critical: Highly critical Where: From local network Impact: System access Microsoft has issued patches for Windows 2000 and XP. These fix a vulnerability in the Workstation service, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10193/ -- [SA10189] tsworks Attachment Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access A vulnerability has been reported in tsworks, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10189/ -- [SA10183] tc.SimpleWebServer Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information A vulnerability has been reported in tc.SimpleWebServer allowing malicious people to conduct directory traversal attacks. Full Advisory: http://www.secunia.com/advisories/10183/ -- [SA10180] Eudora From and Reply-To Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access A vulnerability has been reported in Eudora, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10180/ -- [SA10157] Microsoft Internet Explorer Local Zone Access Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Multiple vulnerabilities have been identified in Internet Explorer allowing malicious HTML documents such as web sites to access resources in the Local Zone. Full Advisory: http://www.secunia.com/advisories/10157/ -- [SA10163] UniChat Character Handling Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS A vulnerability has been reported in Unichat, which can be exploited by malicious users to crash other user's clients. Full Advisory: http://www.secunia.com/advisories/10163/ -- [SA10164] VieBoard Path Disclosure Vulnerability Critical: Not critical Where: From remote Impact: Exposure of system information A vulnerability has been identified in VieBoard allowing malicious people to see the installation path. Full Advisory: http://www.secunia.com/advisories/10164/ -- [SA10155] Microsoft Internet Explorer Exposure of Installed Components Critical: Not critical Where: From remote Impact: Exposure of system information A vulnerability has been identified in Internet Explorer allowing malicious HTML documents such as web sites to see which components are installed. Full Advisory: http://www.secunia.com/advisories/10155/ UNIX/Linux: [SA10170] SCO OpenServer update for gwxlibs Critical: Highly critical Where: From remote Impact: System access, DoS SCO has issued updated packages for gwxlibs. These fix some vulnerabilities in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system and potentially compromise it. Full Advisory: http://www.secunia.com/advisories/10170/ -- [SA10200] Red Hat update for Ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access Red Hat has issued updated packages for Ethereal. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system running Ethereal. Full Advisory: http://www.secunia.com/advisories/10200/ -- [SA10184] Debian update for epic4 Critical: Moderately critical Where: From remote Impact: DoS, System access Debian has issued updated packages for epic4. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10184/ -- [SA10179] Red Hat update for Ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access Red Hat has issued updated packages for Ethereal. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system running Ethereal. Full Advisory: http://www.secunia.com/advisories/10179/ -- [SA10176] Conectiva update for thttpd Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Conectiva has issued updated packages for thttpd. These fix three older vulnerabilities, which can be exploited by malicious people to conduct Cross-Site Scripting attacks and gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10176/ -- [SA10174] Conectiva update for ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access Conectiva has issued updated packages for Ethereal. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10174/ -- [SA10171] OpenLinux update for ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access SCO has issued updated packages for ethereal. These fix some older vulnerabilities, which can be exploited to cause a DoS (Denial of Service) on a vulnerable system or potentially compromise it. Full Advisory: http://www.secunia.com/advisories/10171/ -- [SA10169] SCO OpenServer update for Apache Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information, Privilege escalation, DoS, System access SCO has issued updated packages, which fix some older vulnerabilities in Apache and PHP. Full Advisory: http://www.secunia.com/advisories/10169/ -- [SA10160] HP-UX Java Classloader Applet Privilege Escalation Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass HP has confirmed a vulnerability in HP-UX, which can be exploited by malicious, untrusted applets to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10160/ -- [SA10187] Mandrake update for hylafax Critical: Moderately critical Where: From local network Impact: System access MandrakeSoft has issued updated packages for hylafax. These fix a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10187/ -- [SA10185] SuSE HylaFAX hfaxd Format String Vulnerability Critical: Moderately critical Where: From local network Impact: System access SuSE has reported a vulnerability in HylaFAX, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10185/ -- [SA10177] Conectiva update for net-snmp Critical: Moderately critical Where: From local network Impact: Security Bypass Conectiva has issued updated packages for net-snmp. These fix a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://www.secunia.com/advisories/10177/ -- [SA10197] Nokia IPSO Network Voyager Log Cross Site Scripting Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting A vulnerability has been reported in Nokia IPSO Network Voyager allowing malicious people to inject HTML and script. Full Advisory: http://www.secunia.com/advisories/10197/ -- [SA10168] OpenBSD ISAKMPd Multiple Security Issues Critical: Less critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Multiple security issues have been reported in OpenBSD ISAKMPd, which potentially can be exploited by malicious people to gain knowledge of sensitive information or delete SAs (Security Associations). Full Advisory: http://www.secunia.com/advisories/10168/ -- [SA10202] Red Hat update for PostgreSQL Critical: Less critical Where: From local network Impact: System access Red Hat has issued updated packages for postgresql. These fix some vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10202/ -- [SA10175] Conectiva update for CUPS Critical: Less critical Where: From local network Impact: DoS Conectiva has issued updated packages for cups. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10175/ -- [SA10166] Ganglia gmond Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS A vulnerability has been reported in Ganglia, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10166/ -- [SA10161] Debian update for PostgreSQL Critical: Less critical Where: From local network Impact: System access Debian has issued updated packages for postgresql. These fix some vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10161/ -- [SA10188] wmapm Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation A vulnerability has been identified in wmapm, which potentially can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10188/ -- [SA10186] Sun Cobalt RaQ 550 UI Information Disclosure Vulnerability Critical: Less critical Where: Local system Impact: Exposure of sensitive information Sun has reported a vulnerability in Sun Cobalt RaQ 550, which can be exploited by malicious users to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10186/ -- [SA10162] X-CD-Roast Insecure File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation A vulnerability has been reported in X-CD-Roast, which can be exploited by malicious, local users to overwrite arbitrary files with escalated privileges. Full Advisory: http://www.secunia.com/advisories/10162/ -- [SA10159] HP-UX "NLSPATH" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10159/ -- [SA10158] HP-UX Software Distributor Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10158/ -- [SA10190] Debian update for omega-rpg Critical: Not critical Where: Local system Impact: Privilege escalation Debian has issued updated packages for omega-rpg. These fix a vulnerability, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10190/ -- [SA10178] Debian update for conquest Critical: Not critical Where: Local system Impact: Privilege escalation Debian has issued updated packages for conquest. These fix a vulnerability, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10178/ Other: [SA10156] Foundry Networks IronWare OpenSSH Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Foundry Networks has reported that their products are affected by a vulnerability in OpenSSH, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10156/ Cross Platform: [SA10181] Online Arts DailyDose Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information A vulnerability has been reported in DailyDose, which can be exploited by malicious people to read arbitrary files. Full Advisory: http://www.secunia.com/advisories/10181/ -- [SA10198] Eudora Denial of Service and Information Disclosure Vulnerabilities Critical: Less critical Where: From remote Impact: Exposure of sensitive information, DoS Qualcomm has issued a new version of Eudora. This fixes two vulnerabilities, which can be exploited by malicious people to crash the program or local users to see sensitive information. Full Advisory: http://www.secunia.com/advisories/10198/ -- [SA10172] PowerPortal Search Box Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting A vulnerability has been identified in PowerPortal, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10172/ -- [SA10165] Ralusp Sympoll Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting A vulnerability has been reported in Sympoll allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10165/ -- [SA10173] DB2 db2govd, db2start and db2stop Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Some vulnerabilities have been reported in DB2, which can be exploited by malicious users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10173/ -- [SA10196] Opera Browser Arbitrary File Placement Security Issue Critical: Not critical Where: From remote Impact: Security Bypass A security issue has been identified in the Opera browser, which can be exploited by malicious people to place arbitrary files on a user's system in certain known locations. Full Advisory: http://www.secunia.com/advisories/10196/ -- [SA10191] Gaim Exposure of Local User Name Security Issue Critical: Not critical Where: From remote Impact: Exposure of sensitive information A security issue has been reported in Gaim, which allows malicious people to see a user's local user name on a system. Full Advisory: http://www.secunia.com/advisories/10191/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://www.secunia.com/about_secunia_advisories/ Subscribe: http://www.secunia.com/secunia_weekly_summary/ Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +44 (0) 20 7016 2693 Fax : +44 (0) 20 7637 0419 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 13 2003 - 10:06:43 PST