========================================================================
The Secunia Weekly Advisory Summary
2003-11-27 - 2003-12-04
This week : 47 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia Advisory IDs
Every advisory issued by Secunia has an unique identifier: the Secunia
Advisory ID (SA ID). The SA IDs makes it very easy to reference,
identify, and find Secunia advisories.
A Shortcut to Secunia Advisories
Finding Secunia Advisories using SA IDs is easily done at the Secunia
website, either by simply entering the SA ID in our search form placed
on the right side of every Secunia web page, or by entering the SA ID
directly after the domain when visiting the Secunia website e.g.:
http://secunia.com/SA10342
In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.:
[SA10342]
========================================================================
2) This Week in Brief:
Security researcher Tri Huynh has found a buffer overflow vulnerability
in the popular Yahoo! Messenger program. The vulnerability, which is in
an ActiveX control installed on the user's system as part of the
installation of Yahoo! Messenger, can be exploited to gain system
access on a vulnerable system. Successful exploitation requires that a
vulnerable user is tricked into visiting a web page or similar, which
then invokes the vulnerable component.
Ref.: [SA10342]
The developers of GnuPG informed in an advisory that a weakness has
been found in the handling of ElGamal type 20 keys in GnuPG; thus
that all ElGamal type 20 keys should be considered compromised!
GnuPG has released a new version which removes support for ElGamal
type 20 keys.
Ref.: [SA10304]
A privilege escalation vulnerability in the Linux Kernel "do_brk()"
system call has been identified, affecting almost all Linux
distributions. Exploits are already available for this vulnerability,
and reportedly this very same vulnerability was used in the compromise
of several Debian project servers in November.
Ref.: [SA10328]
Sun has released information about the Sun ONE/iPlanet Web Server being
vulnerable to a Denial of Service vulnerability. However, only very
limited information was provided by Sun, who recommends administrators
to upgrade their systems in order to eliminate this vulnerability.
Ref.: [SA10345]
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10289] Internet Explorer System Compromise Vulnerabilities
2. [SA9711] Microsoft Internet Explorer Multiple Vulnerabilities
3. [SA10328] Linux Kernel "do_brk()" Privilege Escalation
Vulnerability
4. [SA10252] Apple Safari Cookie Stealing Vulnerability
5. [SA10295] Mac OS X Insecure Default DHCP Packet Handling
Vulnerability
6. [SA10310] GNU Screen Privilege Escalation Vulnerability
7. [SA10300] BIND Negative Cache Poisoning Vulnerability
8. [SA10192] Microsoft Internet Explorer Multiple Vulnerabilities
9. [SA9191] CCBill whereami.cgi Arbitrary Command Execution
Vulnerability
10. [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow Vulnerability
[SA10337] VP-ASP Shopping Cart SQL Injection Vulnerabilities
[SA10347] IBM Tivoli Directory Server Cross-Site Scripting
Vulnerability
[SA10323] War FTP Daemon Multiple Connection Denial of Service
UNIX/Linux:
[SA10336] Jason Maloney Guestbook Arbitrary Command Execution
Vulnerability
[SA10327] Surfboard httpd Directory Traversal and Denial of Service
[SA10324] OpenCA Signature Validation Vulnerabilities
[SA10316] Mandrake update for gnupg
[SA10304] GnuPG ElGamal Signing Weakness Expose Private Key
[SA10343] Red Hat update for net-snmp
[SA10331] Sun Cobalt update for nfs-utils
[SA10338] Astaro update for Kernel
[SA10352] HP Tru64 UNIX CDE libDtHelp Privilege Escalation
Vulnerability
[SA10351] XBoard Insecure Temporary File Creation Vulnerability
[SA10346] Sun Solaris Xsun DGA Mode Vulnerability
[SA10341] Slackware update for kernel
[SA10339] HP-UX Shar Utility Insecure Temporary File Creation
Vulnerability
[SA10333] Debian update for Kernel
[SA10330] Mandrake update for Kernel
[SA10329] Red Hat update for Kernel
[SA10328] Linux Kernel "do_brk()" Privilege Escalation Vulnerability
[SA10314] OpenPKG update for screen
[SA10312] Trustix update for stunnel
[SA10310] GNU Screen Privilege Escalation Vulnerability
[SA10340] IBM AIX update for bind
[SA10334] HP Tru64 update for bind
[SA10332] UnixWare update for bind
[SA10317] FreeBSD update for bind
[SA10315] SuSE update for bind
[SA10313] Trustix update for BIND
[SA10307] Solaris BIND Negative Cache Poisoning
[SA10305] Immunix update for bind
[SA10303] Engarde update for bind
[SA10335] Fedora update for Kernel
[SA10309] OpenBSD Local Denial of Service Vulnerabilities
Other:
[SA10344] Cisco Aironet AP Static WEP Key Disclosure Vulnerability
[SA10326] Applied Watch Server Un-authenticated Access to
Administrative Functions
[SA10319] HP ProCurve 5300xl Series RPC Traffic Denial of Service
Cross Platform:
[SA10306] RNN Guestbook Lack of Authentication
[SA10345] Sun ONE Web Server Unspecified Denial of Service
Vulnerability
[SA10325] Mod_python Denial of Service Vulnerability
[SA10308] phpBB SQL Injection Vulnerability
[SA10321] PieterPost Anonymous Email Sending Vulnerability
[SA10320] IlohaMail Cross-Site Scripting Vulnerability
[SA10318] MoinMoin Cross-Site Scripting Vulnerabilities
[SA10311] Macromedia JRun JMC Interface Cross-Site Scripting
Vulnerabilities
[SA10322] CuteNews Debug Information Disclosure
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-03
A vulnerability has been reported in Yahoo! Messenger, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10342/
--
[SA10337] VP-ASP Shopping Cart SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2003-12-02
Some vulnerabilities have been reported in VP-ASP Shopping Cart, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10337/
--
[SA10347] IBM Tivoli Directory Server Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-03
A vulnerability has been reported in IBM Tivoli Directory Server, which
can be exploited by malicious people to conduct Cross-Site Scripting
attacks.
Full Advisory:
http://www.secunia.com/advisories/10347/
--
[SA10323] War FTP Daemon Multiple Connection Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2003-12-01
A vulnerability has been reported in War FTP Daemon, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10323/
UNIX/Linux:--
[SA10336] Jason Maloney Guestbook Arbitrary Command Execution
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-02
A vulnerability has been reported in Jason Maloney Guestbook, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10336/
--
[SA10327] Surfboard httpd Directory Traversal and Denial of Service
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2003-12-01
Two vulnerabilities have been reported in Surfboard httpd, which can be
exploited by malicious people to gain knowledge of sensitive
information and cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10327/
--
[SA10324] OpenCA Signature Validation Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-01
Multiple vulnerabilities have been reported in OpenCA, which can result
in revoked or expired certificates being accepted as valid.
Full Advisory:
http://www.secunia.com/advisories/10324/
--
[SA10316] Mandrake update for gnupg
Critical: Moderately critical
Where: From remote
Impact: ID Spoofing, Exposure of sensitive information
Released: 2003-12-01
MandrakeSoft has issued updated packages for gnupg. These fix a
vulnerability, which expose the private key when using El-Gamal type 20
keys.
Full Advisory:
http://www.secunia.com/advisories/10316/
--
[SA10304] GnuPG ElGamal Signing Weakness Expose Private Key
Critical: Moderately critical
Where: From remote
Impact: ID Spoofing, Exposure of sensitive information
Released: 2003-11-27
A weakness has been identified in the handling of ElGamal keys in
GnuPG, which exposes the private key.
Full Advisory:
http://www.secunia.com/advisories/10304/
--
[SA10343] Red Hat update for net-snmp
Critical: Moderately critical
Where: From local network
Impact: Security Bypass
Released: 2003-12-03
Red Hat has issued updated packages for net-snmp. These fix a
vulnerability, which can be exploited by malicious users to bypass
certain security restrictions.
Full Advisory:
http://www.secunia.com/advisories/10343/
--
[SA10331] Sun Cobalt update for nfs-utils
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2003-12-02
Sun has issued updated packages for nfs-utils. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10331/
--
[SA10338] Astaro update for Kernel
Critical: Less critical
Where: From remote
Impact: Privilege escalation
Released: 2003-12-02
Astaro has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://www.secunia.com/advisories/10338/
--
[SA10352] HP Tru64 UNIX CDE libDtHelp Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-04
HP has acknowledged a vulnerability in CDE (Common Desktop
Environment), which can be exploited by malicious, local users to
escalate their privileges on a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10352/
--
[SA10351] XBoard Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-04
A vulnerability has been identified in XBoard, which can be exploited
by malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10351/
--
[SA10346] Sun Solaris Xsun DGA Mode Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2003-12-03
Sun has reported a vulnerability in Solaris, which can be exploited by
malicious, local users to escalate their privileges or cause a DoS
(Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10346/
--
[SA10341] Slackware update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-03
Slackware has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://www.secunia.com/advisories/10341/
--
[SA10339] HP-UX Shar Utility Insecure Temporary File Creation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-02
A vulnerability has been identified in HP-UX, which can be exploited by
malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10339/
--
[SA10333] Debian update for Kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-02
Debian has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://www.secunia.com/advisories/10333/
--
[SA10330] Mandrake update for Kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-02
MandrakeSoft has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://www.secunia.com/advisories/10330/
--
[SA10329] Red Hat update for Kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-02
Red Hat has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://www.secunia.com/advisories/10329/
--
[SA10328] Linux Kernel "do_brk()" Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-02
A vulnerability has been identified in the Linux kernel 2.4, which can
be exploited by malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10328/
--
[SA10314] OpenPKG update for screen
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-01
OpenPKG has issued updated packages for screen. These fix a
vulnerability, which potentially may allow users to escalate their
privileges.
Full Advisory:
http://www.secunia.com/advisories/10314/
--
[SA10312] Trustix update for stunnel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-01
Trustix has issued updated packages for stunnel. These fix a
vulnerability, which can be exploited by malicious users to hijack the
service.
Full Advisory:
http://www.secunia.com/advisories/10312/
--
[SA10310] GNU Screen Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-11-28
A vulnerability has been reported in GNU Screen, which potentially can
be exploited by malicious, local users to escalate their privileges on
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10310/
--
[SA10340] IBM AIX update for bind
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-12-03
IBM has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache with
negative entries.
Full Advisory:
http://www.secunia.com/advisories/10340/
--
[SA10334] HP Tru64 update for bind
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-12-02
HP has issued updated packages for bind. These fix a vulnerability,
which can be exploited to poison the DNS cache with negative entries.
Full Advisory:
http://www.secunia.com/advisories/10334/
--
[SA10332] UnixWare update for bind
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-12-02
SCO has issued an update for bind. This fix a vulnerability, which can
be exploited to poison the DNS cache with negative entries.
Full Advisory:
http://www.secunia.com/advisories/10332/
--
[SA10317] FreeBSD update for bind
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-12-01
FreeBSD has issued updated packages for bind. These fix a
vulnerability, which can be exploited to poison the DNS cache with
negative entries.
Full Advisory:
http://www.secunia.com/advisories/10317/
--
[SA10315] SuSE update for bind
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-12-01
SuSE has issued updated packages for bind. These fix a vulnerability,
which can be exploited to poison the DNS cache with negative entries.
Full Advisory:
http://www.secunia.com/advisories/10315/
--
[SA10313] Trustix update for BIND
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-11-28
Trustix has issued updated packages for bind. These fix a
vulnerability, which can be exploited to poison the DNS cache with
negative entries.
Full Advisory:
http://www.secunia.com/advisories/10313/
--
[SA10307] Solaris BIND Negative Cache Poisoning
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-11-28
Sun has acknowledged a vulnerability in Solaris, which can be exploited
by malicious people to poison the DNS cache with negative entries.
Full Advisory:
http://www.secunia.com/advisories/10307/
--
[SA10305] Immunix update for bind
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-11-28
Immunix has issued updated packages for bind. These fix a
vulnerability, which can be exploited to poison the DNS cache with
negative entries.
Full Advisory:
http://www.secunia.com/advisories/10305/
--
[SA10303] Engarde update for bind
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-11-27
Guardian Digital has issued updated packages for bind. These fix a
vulnerability, which can be exploited to poison the DNS cache with
negative entries.
Full Advisory:
http://www.secunia.com/advisories/10303/
--
[SA10335] Fedora update for Kernel
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2003-12-03
Red Hat has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10335/
--
[SA10309] OpenBSD Local Denial of Service Vulnerabilities
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2003-11-28
Some vulnerabilities have been identified in OpenBSD, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://www.secunia.com/advisories/10309/
Other:--
[SA10344] Cisco Aironet AP Static WEP Key Disclosure Vulnerability
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2003-12-03
Cisco has reported a vulnerability in various Cisco Aironet Access
Points (AP) running Cisco IOS software, which can be exploited by
malicious people to gain knowledge of any static Wired Equivalent
Privacy (WEP) keys.
Full Advisory:
http://www.secunia.com/advisories/10344/
--
[SA10326] Applied Watch Server Un-authenticated Access to
Administrative Functions
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2003-12-01
A vulnerability has been identified in Applied Watch Server, allowing
malicious people to add users and manipulate rules.
Full Advisory:
http://www.secunia.com/advisories/10326/
--
[SA10319] HP ProCurve 5300xl Series RPC Traffic Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2003-12-01
HP has reported a vulnerability in ProCurve 5300xl series switches,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://www.secunia.com/advisories/10319/
Cross Platform:--
[SA10306] RNN Guestbook Lack of Authentication
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2003-11-28
A vulnerability has been identified in RNN Guestbook, allowing
malicious people to access the administrative interface and execute
arbitrary commands.
Full Advisory:
http://www.secunia.com/advisories/10306/
--
[SA10345] Sun ONE Web Server Unspecified Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-03
Sun has reported an unspecified vulnerability in Sun ONE Web Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://www.secunia.com/advisories/10345/
--
[SA10325] Mod_python Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-01
The Apache Software Foundation has reported an unspecified
vulnerability in Mod_python, allowing malicious people to cause a
Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10325/
--
[SA10308] phpBB SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2003-11-28
A vulnerability has been reported in phpBB, which can be exploited by
malicious people to inject arbitrary SQL code.
Full Advisory:
http://www.secunia.com/advisories/10308/
--
[SA10321] PieterPost Anonymous Email Sending Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-01
A vulnerability has been identified in PieterPost, allowing malicious
people to access certain pages and functions without being
authenticated.
Full Advisory:
http://www.secunia.com/advisories/10321/
--
[SA10320] IlohaMail Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-01
A vulnerability has been reported in IlohaMail, which can be exploited
by malicious people to conduct Cross Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10320/
--
[SA10318] MoinMoin Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-01
Two vulnerabilities have been identified in MoinMoin, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10318/
--
[SA10311] Macromedia JRun JMC Interface Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-11-28
Some vulnerabilities have been identified in Macromedia JRun, which can
be exploited by malicious people to conduct Cross-Site Scripting
attacks.
Full Advisory:
http://www.secunia.com/advisories/10311/
--
[SA10322] CuteNews Debug Information Disclosure
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2003-12-01
A security issues has been reported in CuteNews, which can be exploited
by malicious people to gain knowledge of various system information.
Full Advisory:
http://www.secunia.com/advisories/10322/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Subscribe:
http://www.secunia.com/secunia_weekly_summary/
Contact details:
Web : http://www.secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
=====================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Dec 05 2003 - 03:39:21 PST