======================================================================== The Secunia Weekly Advisory Summary 2003-11-13 - 2003-11-20 This week : 51 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia Advisory IDs Every advisory issued by Secunia has an unique identifier: the Secunia Advisory ID (SA ID). The SA IDs makes it very easy to reference, identify, and find Secunia advisories. A Shortcut to Secunia Advisories Finding Secunia Advisories using SA IDs is easily done at the Secunia website, either by simply entering the SA ID in our search form placed on the right side of every Secunia web page, or by entering the SA ID directly after the domain when visiting the Secunia website e.g.: http://secunia.com/SA10222 In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.: [SA10222] ======================================================================== 2) This Week in Brief: Two privilege escalation vulnerabilities have been published in Symantec's remote administration tool pcAnywhere. Symantec has issued patches for one of the vulnerabilities; the other was reported in version 9.x, which is no longer supported by Symantec. Ref.: [SA10238] & [SA10222] OpenBSD released a patch, which fixes a vulnerability that could be used to escalate privileges on OpenBSD 3.3. However, on OpenBSD 3.4 such an attack will detected by ProPolice and only result in a local DoS. Ref.: [SA10246] Again this week, several PHP scripts have been proven vulnerable to remote file inclusion vulnerabilities, which can lead to a full system compromise. Secunia highly recommends that you perform a comprehensive source review and also look at the security track history of such products before taking them into use. It is in general a very good idea to search the Secunia database for vulnerabilities before installing new products on a production system. Ref.: [SA10249], [SA10231] & [SA10231] ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10192] Microsoft Internet Explorer Multiple Vulnerabilities 2. [SA10238] Symantec pcAnywhere Chat Session Privilege Escalation Vulnerability 3. [SA10194] Microsoft Word and Excel Execution of Arbitrary Code 4. [SA10222] Symantec pcAnywhere Privilege Escalation Vulnerability 5. [SA10193] Microsoft Windows Workstation Service Buffer Overflow 6. [SA10218] BEA WebLogic Multiple Vulnerabilities 7. [SA10225] PeopleSoft PeopleTools Multiple Vulnerabilities 8. [SA10226] Sun Solaris CDE DtHelp Library Privilege Escalation Vulnerability 9. [SA8742] Microsoft Windows Media Player skin download vulnerability 10. [SA10224] HP-UX Partition Manager Certificate Validation Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA10253] NetServe Web Server Directory Traversal Vulnerability [SA10225] PeopleSoft PeopleTools Multiple Vulnerabilities [SA10227] PostMaster Proxy Service Cross-Site Scripting Vulnerability [SA10221] Web Wiz Forums Cross Site Scripting Vulnerability [SA10238] Symantec pcAnywhere Chat Session Privilege Escalation Vulnerability [SA10222] Symantec pcAnywhere Privilege Escalation Vulnerability UNIX/Linux: [SA10241] OpenLinux update for webmin [SA10240] OpenLinux update for sendmail [SA10234] Debian update for Minimalist [SA10233] Minimalist Unspecified Command Execution Vulnerability [SA10213] Clam AntiVirus clamav-milter Format String Vulnerability [SA10216] Conectiva update for mpg123 [SA10242] Red Hat update for EPIC [SA10239] OpenLinux update for nfs-utils [SA10232] Debian update for HylaFAX [SA10224] HP-UX Partition Manager Certificate Validation Vulnerability [SA10214] Conectiva update for hylafax [SA10243] Trustix update for fileutils [SA10237] Sun ONE Web Server Log Entry Manipulation Vulnerability [SA10236] monopd Denial of Service Vulnerability [SA10215] Conectiva update for xinetd [SA10212] OpenLinux update for unzip [SA10211] Mandrake update for fileutils/coreutils [SA10258] HP-UX Unspecified DCE Denial of Service Vulnerability [SA10256] Red Hat update for XFree86 [SA10254] SuSE update for sane [SA10245] Trustix update for postgresql [SA10223] Conectiva update for postgresql [SA10208] Red Hat update for XFree86 [SA10257] HP-UX dtmailpr Privilege Escalation Vulnerability [SA10247] HP-UX libDtHelp Privilege Escalation Vulnerability [SA10246] OpenBSD compat_ibcs2 Buffer Overflow Vulnerability [SA10244] Trustix update for apache [SA10226] Sun Solaris CDE DtHelp Library Privilege Escalation Vulnerability [SA10217] Open UNIX / UnixWare procfs Privilege Escalation Vulnerability [SA10207] Red Hat update for stunnel [SA10255] Mandrake update for glibc [SA10248] Sun Cobalt update for MySQL [SA10229] Red Hat update for glibc [SA10219] Red Hat update for Quagga [SA10209] Red Hat update for glibc Other: [SA10235] Blue Coat OpenSSL ASN.1 Parsing Denial of Service Vulnerability Cross Platform: [SA10249] Rolis GuestBook Arbitrary File Inclusion Vulnerability [SA10231] MediaWiki Arbitrary File Inclusion Vulnerability [SA10228] phplist Arbitrary File Inclusion Vulnerability [SA10251] SAP DB Multiple Vulnerabilities [SA10250] PHP Web FileManager Directory Traversal Vulnerability [SA10218] BEA WebLogic Multiple Vulnerabilities [SA10210] PHP-CoolFile Logic Error Vulnerability [SA10230] Auto Directory Index Cross Site Scripting Vulnerability [SA10220] WebWasher Error Message Cross Site Scripting ======================================================================== 5) Vulnerabilities Content Listing Windows: [SA10253] NetServe Web Server Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2003-11-18 A vulnerability has been identified in NetServe Web Server allowing malicious people to conduct directory traversal attacks. Full Advisory: http://www.secunia.com/advisories/10253/ -- [SA10225] PeopleSoft PeopleTools Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information, DoS Released: 2003-11-14 Multiple vulnerabilities have been identified in PeopleTools, which can be exploited by malicious people to conduct Cross-Site Scripting attacks, gain knowledge of sensitive information, or cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10225/ -- [SA10227] PostMaster Proxy Service Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-11-17 A vulnerability has been reported in PostMaster, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10227/ -- [SA10221] Web Wiz Forums Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-11-14 A vulnerability has been reported in Web Wiz Forums allowing malicious users to conduct Cross Site Scripting. Full Advisory: http://www.secunia.com/advisories/10221/ -- [SA10238] Symantec pcAnywhere Chat Session Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-11-17 A vulnerability has been reported in Symantec pcAnywhere, which can be exploited by malicious users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10238/ -- [SA10222] Symantec pcAnywhere Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-11-14 A vulnerability has been identified in Symantec pcAnywhere allowing malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10222/ UNIX/Linux: [SA10241] OpenLinux update for webmin Critical: Highly critical Where: From remote Impact: Security Bypass Released: 2003-11-18 SCO has issued updated packages for webmin. These fix a vulnerability, which allows malicious people to bypass the authentication process. Full Advisory: http://www.secunia.com/advisories/10241/ -- [SA10240] OpenLinux update for sendmail Critical: Highly critical Where: From remote Impact: System access Released: 2003-11-18 SCO has acknowledged a vulnerability in sendmail, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10240/ -- [SA10234] Debian update for Minimalist Critical: Highly critical Where: From remote Impact: System access Released: 2003-11-17 Debian has issued updated packages for Minimalist. These fix a vulnerability, which can be exploited by malicious users to execute certain commands on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10234/ -- [SA10233] Minimalist Unspecified Command Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-11-17 A vulnerability has been identified in Minimalist, which can be exploited by malicious users to execute certain commands on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10233/ -- [SA10213] Clam AntiVirus clamav-milter Format String Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2003-11-13 A vulnerability has been reported in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10213/ -- [SA10216] Conectiva update for mpg123 Critical: Moderately critical Where: From remote Impact: System access Released: 2003-11-13 Conectiva has issued updated packages for mpg123. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10216/ -- [SA10242] Red Hat update for EPIC Critical: Moderately critical Where: From local network Impact: System access Released: 2003-11-18 Red Hat has issued updated packages for epic4. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10242/ -- [SA10239] OpenLinux update for nfs-utils Critical: Moderately critical Where: From local network Impact: System access, DoS Released: 2003-11-18 SCO has issued updated packages for nfs-utils. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10239/ -- [SA10232] Debian update for HylaFAX Critical: Moderately critical Where: From local network Impact: System access Released: 2003-11-17 Debian has issued updated packages for hylafax. These fix a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10232/ -- [SA10224] HP-UX Partition Manager Certificate Validation Vulnerability Critical: Moderately critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2003-11-14 A vulnerability has been identified in HP-UX, which according to HP can be exploited by malicious people to gain knowledge of sensitive information or compromise a system. Full Advisory: http://www.secunia.com/advisories/10224/ -- [SA10214] Conectiva update for hylafax Critical: Moderately critical Where: From local network Impact: System access Released: 2003-11-13 Conectiva has issued updated packages for hylafax. These fix a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10214/ -- [SA10243] Trustix update for fileutils Critical: Less critical Where: From remote Impact: DoS Released: 2003-11-18 Trustix has issued updated packages for fileutils. These fix two vulnerabilities in the "ls" program, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10243/ -- [SA10237] Sun ONE Web Server Log Entry Manipulation Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass, ID Spoofing Released: 2003-11-18 Sun has acknowledged a vulnerability in Sun One Web Server, which can be exploited by malicious people to manipulate log entries. Full Advisory: http://www.secunia.com/advisories/10237/ -- [SA10236] monopd Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2003-11-17 A vulnerability has been reported in monopd, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10236/ -- [SA10215] Conectiva update for xinetd Critical: Less critical Where: From remote Impact: DoS Released: 2003-11-13 Conectiva has issued updated packages for xinetd. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10215/ -- [SA10212] OpenLinux update for unzip Critical: Less critical Where: From remote Impact: System access Released: 2003-11-13 SCO has issued updated packages for unzip. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system by overwriting arbitrary files on it. Full Advisory: http://www.secunia.com/advisories/10212/ -- [SA10211] Mandrake update for fileutils/coreutils Critical: Less critical Where: From remote Impact: DoS Released: 2003-11-13 MandrakeSoft has issued updated packages for fileutils/coreutils. These fix two vulnerabilities in the "ls" program, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10211/ -- [SA10258] HP-UX Unspecified DCE Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2003-11-19 HP has reported an unspecified vulnerability in DCE for HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10258/ -- [SA10256] Red Hat update for XFree86 Critical: Less critical Where: From local network Impact: Privilege escalation, System access Released: 2003-11-19 Red Hat has issued updated packages for XFree86. These fix multiple vulnerabilities, which potentially can be exploited by malicious users to escalate their privileges on a vulnerable system or compromise it. Full Advisory: http://www.secunia.com/advisories/10256/ -- [SA10254] SuSE update for sane Critical: Less critical Where: From local network Impact: DoS Released: 2003-11-18 SuSE has issued updated packages for sane. These fix several vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10254/ -- [SA10245] Trustix update for postgresql Critical: Less critical Where: From local network Impact: System access Released: 2003-11-18 Trustix has issued updated packages for postgresql. These fix some vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10245/ -- [SA10223] Conectiva update for postgresql Critical: Less critical Where: From local network Impact: System access Released: 2003-11-14 Conectiva has issued updated packages for postgresql. These fix some vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10223/ -- [SA10208] Red Hat update for XFree86 Critical: Less critical Where: From local network Impact: System access, Privilege escalation Released: 2003-11-13 Red Hat has issued updated packages for XFree86. These fix multiple vulnerabilities, which potentially can be exploited by malicious users to escalate their privileges on a vulnerable system or compromise it. Full Advisory: http://www.secunia.com/advisories/10208/ -- [SA10257] HP-UX dtmailpr Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-11-19 A vulnerability has been identified in HP-UX, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10257/ -- [SA10247] HP-UX libDtHelp Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-11-18 HP has acknowledged a vulnerability in CDE (Common Desktop Environment) for HP-UX, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10247/ -- [SA10246] OpenBSD compat_ibcs2 Buffer Overflow Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2003-11-18 A vulnerability has been reported in OpenBSD, which can be exploited by malicious, local users to escalate their privileges or cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10246/ -- [SA10244] Trustix update for apache Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2003-11-18 Trustix has issued updated packages for apache. These fix some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or escalate privileges. Full Advisory: http://www.secunia.com/advisories/10244/ -- [SA10226] Sun Solaris CDE DtHelp Library Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-11-14 Sun has acknowledged a vulnerability in the CDE DtHelp Library for Solaris, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10226/ -- [SA10217] Open UNIX / UnixWare procfs Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-11-14 A vulnerability has been identified in UnixWare and Open UNIX, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10217/ -- [SA10207] Red Hat update for stunnel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-11-13 Red Hat has issued updated packages for stunnel. These fix a vulnerability, which can be exploited by malicious users to hijack the service. Full Advisory: http://www.secunia.com/advisories/10207/ -- [SA10255] Mandrake update for glibc Critical: Not critical Where: Local system Impact: DoS Released: 2003-11-19 MandrakeSoft has issued updated packages for glibc. These fix a vulnerability allowing malicious users to spoof message sent to the kernel netlink interface. Full Advisory: http://www.secunia.com/advisories/10255/ -- [SA10248] Sun Cobalt update for MySQL Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2003-11-18 Sun has issued an updated package for Sun Cobalt RaQ 550. This fixes a vulnerability in MySQL, which can be exploited by malicious users to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10248/ -- [SA10229] Red Hat update for glibc Critical: Not critical Where: Local system Impact: DoS Released: 2003-11-17 Red Hat has issued updated packages for glibc. These fix a vulnerability allowing malicious users to cause a Denial of Service against certain applications. Full Advisory: http://www.secunia.com/advisories/10229/ -- [SA10219] Red Hat update for Quagga Critical: Not critical Where: Local system Impact: DoS Released: 2003-11-13 Red Hat has issued updated packages for Quagga. These fix a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10219/ -- [SA10209] Red Hat update for glibc Critical: Not critical Where: Local system Impact: DoS Released: 2003-11-13 Red Hat has issued updated packages for glibc. These fix a vulnerability allowing malicious users to spoof message sent to the kernel netlink interface. Full Advisory: http://www.secunia.com/advisories/10209/ Other: [SA10235] Blue Coat OpenSSL ASN.1 Parsing Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2003-11-17 Blue Coat Systems has confirmed an OpenSSL vulnerability in some of their products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10235/ Cross Platform: [SA10249] Rolis GuestBook Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-11-18 A vulnerability has been reported in Rolis Guestbook, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10249/ -- [SA10231] MediaWiki Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-11-17 A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10231/ -- [SA10228] phplist Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-11-17 A vulnerability has been identified in phplist allowing malicious people to gain system access. Full Advisory: http://www.secunia.com/advisories/10228/ -- [SA10251] SAP DB Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Hijacking, Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation Released: 2003-11-18 Multiple vulnerabilities have been reported in SAP DB, which can be exploited by malicious users to perform a variety of attacks. Full Advisory: http://www.secunia.com/advisories/10251/ -- [SA10250] PHP Web FileManager Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2003-11-18 A vulnerability has been reported in PHP Web FileManager, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10250/ -- [SA10218] BEA WebLogic Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2003-11-13 BEA has issued patches for BEA WebLogic Server and Express. These fix 5 different vulnerabilities, which can be exploited to cause a Denial of Service or expose sensitive information. Full Advisory: http://www.secunia.com/advisories/10218/ -- [SA10210] PHP-CoolFile Logic Error Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2003-11-13 A vulnerability has been reported in PHP-Coolfile allowing malicious people to view the contents of files including the configuration file with the administrative username and password. Full Advisory: http://www.secunia.com/advisories/10210/ -- [SA10230] Auto Directory Index Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-11-17 A vulnerability has been identified in Auto Directory Index allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10230/ -- [SA10220] WebWasher Error Message Cross Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-11-14 A vulnerability has been reported in WebWasher Classic allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10220/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://www.secunia.com/about_secunia_advisories/ Subscribe: http://www.secunia.com/secunia_weekly_summary/ Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +44 (0) 20 7016 2693 Fax : +44 (0) 20 7637 0419 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 21 2003 - 02:12:24 PST