======================================================================== The Secunia Weekly Advisory Summary 2003-11-27 - 2003-12-04 This week : 47 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia Advisory IDs Every advisory issued by Secunia has an unique identifier: the Secunia Advisory ID (SA ID). The SA IDs makes it very easy to reference, identify, and find Secunia advisories. A Shortcut to Secunia Advisories Finding Secunia Advisories using SA IDs is easily done at the Secunia website, either by simply entering the SA ID in our search form placed on the right side of every Secunia web page, or by entering the SA ID directly after the domain when visiting the Secunia website e.g.: http://secunia.com/SA10342 In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.: [SA10342] ======================================================================== 2) This Week in Brief: Security researcher Tri Huynh has found a buffer overflow vulnerability in the popular Yahoo! Messenger program. The vulnerability, which is in an ActiveX control installed on the user's system as part of the installation of Yahoo! Messenger, can be exploited to gain system access on a vulnerable system. Successful exploitation requires that a vulnerable user is tricked into visiting a web page or similar, which then invokes the vulnerable component. Ref.: [SA10342] The developers of GnuPG informed in an advisory that a weakness has been found in the handling of ElGamal type 20 keys in GnuPG; thus that all ElGamal type 20 keys should be considered compromised! GnuPG has released a new version which removes support for ElGamal type 20 keys. Ref.: [SA10304] A privilege escalation vulnerability in the Linux Kernel "do_brk()" system call has been identified, affecting almost all Linux distributions. Exploits are already available for this vulnerability, and reportedly this very same vulnerability was used in the compromise of several Debian project servers in November. Ref.: [SA10328] Sun has released information about the Sun ONE/iPlanet Web Server being vulnerable to a Denial of Service vulnerability. However, only very limited information was provided by Sun, who recommends administrators to upgrade their systems in order to eliminate this vulnerability. Ref.: [SA10345] ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10289] Internet Explorer System Compromise Vulnerabilities 2. [SA9711] Microsoft Internet Explorer Multiple Vulnerabilities 3. [SA10328] Linux Kernel "do_brk()" Privilege Escalation Vulnerability 4. [SA10252] Apple Safari Cookie Stealing Vulnerability 5. [SA10295] Mac OS X Insecure Default DHCP Packet Handling Vulnerability 6. [SA10310] GNU Screen Privilege Escalation Vulnerability 7. [SA10300] BIND Negative Cache Poisoning Vulnerability 8. [SA10192] Microsoft Internet Explorer Multiple Vulnerabilities 9. [SA9191] CCBill whereami.cgi Arbitrary Command Execution Vulnerability 10. [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow Vulnerability [SA10337] VP-ASP Shopping Cart SQL Injection Vulnerabilities [SA10347] IBM Tivoli Directory Server Cross-Site Scripting Vulnerability [SA10323] War FTP Daemon Multiple Connection Denial of Service UNIX/Linux: [SA10336] Jason Maloney Guestbook Arbitrary Command Execution Vulnerability [SA10327] Surfboard httpd Directory Traversal and Denial of Service [SA10324] OpenCA Signature Validation Vulnerabilities [SA10316] Mandrake update for gnupg [SA10304] GnuPG ElGamal Signing Weakness Expose Private Key [SA10343] Red Hat update for net-snmp [SA10331] Sun Cobalt update for nfs-utils [SA10338] Astaro update for Kernel [SA10352] HP Tru64 UNIX CDE libDtHelp Privilege Escalation Vulnerability [SA10351] XBoard Insecure Temporary File Creation Vulnerability [SA10346] Sun Solaris Xsun DGA Mode Vulnerability [SA10341] Slackware update for kernel [SA10339] HP-UX Shar Utility Insecure Temporary File Creation Vulnerability [SA10333] Debian update for Kernel [SA10330] Mandrake update for Kernel [SA10329] Red Hat update for Kernel [SA10328] Linux Kernel "do_brk()" Privilege Escalation Vulnerability [SA10314] OpenPKG update for screen [SA10312] Trustix update for stunnel [SA10310] GNU Screen Privilege Escalation Vulnerability [SA10340] IBM AIX update for bind [SA10334] HP Tru64 update for bind [SA10332] UnixWare update for bind [SA10317] FreeBSD update for bind [SA10315] SuSE update for bind [SA10313] Trustix update for BIND [SA10307] Solaris BIND Negative Cache Poisoning [SA10305] Immunix update for bind [SA10303] Engarde update for bind [SA10335] Fedora update for Kernel [SA10309] OpenBSD Local Denial of Service Vulnerabilities Other: [SA10344] Cisco Aironet AP Static WEP Key Disclosure Vulnerability [SA10326] Applied Watch Server Un-authenticated Access to Administrative Functions [SA10319] HP ProCurve 5300xl Series RPC Traffic Denial of Service Cross Platform: [SA10306] RNN Guestbook Lack of Authentication [SA10345] Sun ONE Web Server Unspecified Denial of Service Vulnerability [SA10325] Mod_python Denial of Service Vulnerability [SA10308] phpBB SQL Injection Vulnerability [SA10321] PieterPost Anonymous Email Sending Vulnerability [SA10320] IlohaMail Cross-Site Scripting Vulnerability [SA10318] MoinMoin Cross-Site Scripting Vulnerabilities [SA10311] Macromedia JRun JMC Interface Cross-Site Scripting Vulnerabilities [SA10322] CuteNews Debug Information Disclosure ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-12-03 A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10342/ -- [SA10337] VP-ASP Shopping Cart SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2003-12-02 Some vulnerabilities have been reported in VP-ASP Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10337/ -- [SA10347] IBM Tivoli Directory Server Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-03 A vulnerability has been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10347/ -- [SA10323] War FTP Daemon Multiple Connection Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2003-12-01 A vulnerability has been reported in War FTP Daemon, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10323/ UNIX/Linux:-- [SA10336] Jason Maloney Guestbook Arbitrary Command Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-12-02 A vulnerability has been reported in Jason Maloney Guestbook, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10336/ -- [SA10327] Surfboard httpd Directory Traversal and Denial of Service Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, DoS Released: 2003-12-01 Two vulnerabilities have been reported in Surfboard httpd, which can be exploited by malicious people to gain knowledge of sensitive information and cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10327/ -- [SA10324] OpenCA Signature Validation Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2003-12-01 Multiple vulnerabilities have been reported in OpenCA, which can result in revoked or expired certificates being accepted as valid. Full Advisory: http://www.secunia.com/advisories/10324/ -- [SA10316] Mandrake update for gnupg Critical: Moderately critical Where: From remote Impact: ID Spoofing, Exposure of sensitive information Released: 2003-12-01 MandrakeSoft has issued updated packages for gnupg. These fix a vulnerability, which expose the private key when using El-Gamal type 20 keys. Full Advisory: http://www.secunia.com/advisories/10316/ -- [SA10304] GnuPG ElGamal Signing Weakness Expose Private Key Critical: Moderately critical Where: From remote Impact: ID Spoofing, Exposure of sensitive information Released: 2003-11-27 A weakness has been identified in the handling of ElGamal keys in GnuPG, which exposes the private key. Full Advisory: http://www.secunia.com/advisories/10304/ -- [SA10343] Red Hat update for net-snmp Critical: Moderately critical Where: From local network Impact: Security Bypass Released: 2003-12-03 Red Hat has issued updated packages for net-snmp. These fix a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://www.secunia.com/advisories/10343/ -- [SA10331] Sun Cobalt update for nfs-utils Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2003-12-02 Sun has issued updated packages for nfs-utils. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10331/ -- [SA10338] Astaro update for Kernel Critical: Less critical Where: From remote Impact: Privilege escalation Released: 2003-12-02 Astaro has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10338/ -- [SA10352] HP Tru64 UNIX CDE libDtHelp Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-04 HP has acknowledged a vulnerability in CDE (Common Desktop Environment), which can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10352/ -- [SA10351] XBoard Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-04 A vulnerability has been identified in XBoard, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10351/ -- [SA10346] Sun Solaris Xsun DGA Mode Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2003-12-03 Sun has reported a vulnerability in Solaris, which can be exploited by malicious, local users to escalate their privileges or cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10346/ -- [SA10341] Slackware update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-03 Slackware has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10341/ -- [SA10339] HP-UX Shar Utility Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-02 A vulnerability has been identified in HP-UX, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10339/ -- [SA10333] Debian update for Kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-02 Debian has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10333/ -- [SA10330] Mandrake update for Kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-02 MandrakeSoft has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10330/ -- [SA10329] Red Hat update for Kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-02 Red Hat has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10329/ -- [SA10328] Linux Kernel "do_brk()" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-02 A vulnerability has been identified in the Linux kernel 2.4, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10328/ -- [SA10314] OpenPKG update for screen Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-01 OpenPKG has issued updated packages for screen. These fix a vulnerability, which potentially may allow users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10314/ -- [SA10312] Trustix update for stunnel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-01 Trustix has issued updated packages for stunnel. These fix a vulnerability, which can be exploited by malicious users to hijack the service. Full Advisory: http://www.secunia.com/advisories/10312/ -- [SA10310] GNU Screen Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-11-28 A vulnerability has been reported in GNU Screen, which potentially can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10310/ -- [SA10340] IBM AIX update for bind Critical: Not critical Where: From local network Impact: DoS Released: 2003-12-03 IBM has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10340/ -- [SA10334] HP Tru64 update for bind Critical: Not critical Where: From local network Impact: DoS Released: 2003-12-02 HP has issued updated packages for bind. These fix a vulnerability, which can be exploited to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10334/ -- [SA10332] UnixWare update for bind Critical: Not critical Where: From local network Impact: DoS Released: 2003-12-02 SCO has issued an update for bind. This fix a vulnerability, which can be exploited to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10332/ -- [SA10317] FreeBSD update for bind Critical: Not critical Where: From local network Impact: DoS Released: 2003-12-01 FreeBSD has issued updated packages for bind. These fix a vulnerability, which can be exploited to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10317/ -- [SA10315] SuSE update for bind Critical: Not critical Where: From local network Impact: DoS Released: 2003-12-01 SuSE has issued updated packages for bind. These fix a vulnerability, which can be exploited to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10315/ -- [SA10313] Trustix update for BIND Critical: Not critical Where: From local network Impact: DoS Released: 2003-11-28 Trustix has issued updated packages for bind. These fix a vulnerability, which can be exploited to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10313/ -- [SA10307] Solaris BIND Negative Cache Poisoning Critical: Not critical Where: From local network Impact: DoS Released: 2003-11-28 Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10307/ -- [SA10305] Immunix update for bind Critical: Not critical Where: From local network Impact: DoS Released: 2003-11-28 Immunix has issued updated packages for bind. These fix a vulnerability, which can be exploited to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10305/ -- [SA10303] Engarde update for bind Critical: Not critical Where: From local network Impact: DoS Released: 2003-11-27 Guardian Digital has issued updated packages for bind. These fix a vulnerability, which can be exploited to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10303/ -- [SA10335] Fedora update for Kernel Critical: Not critical Where: Local system Impact: DoS Released: 2003-12-03 Red Hat has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10335/ -- [SA10309] OpenBSD Local Denial of Service Vulnerabilities Critical: Not critical Where: Local system Impact: DoS Released: 2003-11-28 Some vulnerabilities have been identified in OpenBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10309/ Other:-- [SA10344] Cisco Aironet AP Static WEP Key Disclosure Vulnerability Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2003-12-03 Cisco has reported a vulnerability in various Cisco Aironet Access Points (AP) running Cisco IOS software, which can be exploited by malicious people to gain knowledge of any static Wired Equivalent Privacy (WEP) keys. Full Advisory: http://www.secunia.com/advisories/10344/ -- [SA10326] Applied Watch Server Un-authenticated Access to Administrative Functions Critical: Less critical Where: From local network Impact: Security Bypass Released: 2003-12-01 A vulnerability has been identified in Applied Watch Server, allowing malicious people to add users and manipulate rules. Full Advisory: http://www.secunia.com/advisories/10326/ -- [SA10319] HP ProCurve 5300xl Series RPC Traffic Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2003-12-01 HP has reported a vulnerability in ProCurve 5300xl series switches, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10319/ Cross Platform:-- [SA10306] RNN Guestbook Lack of Authentication Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2003-11-28 A vulnerability has been identified in RNN Guestbook, allowing malicious people to access the administrative interface and execute arbitrary commands. Full Advisory: http://www.secunia.com/advisories/10306/ -- [SA10345] Sun ONE Web Server Unspecified Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2003-12-03 Sun has reported an unspecified vulnerability in Sun ONE Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10345/ -- [SA10325] Mod_python Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2003-12-01 The Apache Software Foundation has reported an unspecified vulnerability in Mod_python, allowing malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10325/ -- [SA10308] phpBB SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2003-11-28 A vulnerability has been reported in phpBB, which can be exploited by malicious people to inject arbitrary SQL code. Full Advisory: http://www.secunia.com/advisories/10308/ -- [SA10321] PieterPost Anonymous Email Sending Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2003-12-01 A vulnerability has been identified in PieterPost, allowing malicious people to access certain pages and functions without being authenticated. Full Advisory: http://www.secunia.com/advisories/10321/ -- [SA10320] IlohaMail Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-01 A vulnerability has been reported in IlohaMail, which can be exploited by malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10320/ -- [SA10318] MoinMoin Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-01 Two vulnerabilities have been identified in MoinMoin, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10318/ -- [SA10311] Macromedia JRun JMC Interface Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-11-28 Some vulnerabilities have been identified in Macromedia JRun, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10311/ -- [SA10322] CuteNews Debug Information Disclosure Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2003-12-01 A security issues has been reported in CuteNews, which can be exploited by malicious people to gain knowledge of various system information. Full Advisory: http://www.secunia.com/advisories/10322/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://www.secunia.com/about_secunia_advisories/ Subscribe: http://www.secunia.com/secunia_weekly_summary/ Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ===================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Dec 05 2003 - 03:39:21 PST