========================================================================
The Secunia Weekly Advisory Summary
2003-12-11 - 2003-12-18
This week : 45 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia Advisory IDs
Every advisory issued by Secunia has an unique identifier: The Secunia
Advisory ID (SA ID). The SA IDs make it very easy to reference,
identify, and find Secunia advisories.
A Shortcut to Secunia Advisories
Finding Secunia Advisories using SA IDs is easily done at the Secunia
website; either by simply entering the SA ID in our search form placed
on the right side of every Secunia web page, or by entering the SA ID
directly after the domain when visiting the Secunia website e.g.
http://secunia.com/SA10395
In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.
[SA10395]
========================================================================
2) This Week in Brief:
Our test for the Internet Explorer URL spoofing vulnerability revealed
a weakness in how Mozilla displays URLs in the status bar. The weakness
could allow an attacker to fully control content in the status bar.
For a demonstration of the weakness please view either of the
referenced Secunia Advisories.
Reference: [SA10419] & [SA10395]
In addition to the latest vulnerability in the Opera browser which was
discovered by Jouko Pynnönen. Security research group Operash has
revealed how it is possible to delete arbitrary files on a user's
system. In order for the vulnerability to be exploited, a user has to
visit a malicious web site. This vulnerability was corrected in the
latest version 7.23 of Opera, which was released when Jouko Pynnönen
discovered the first vulnerability.
Reference: [SA10425]
Cisco has released updated versions of their Cisco Firewall Services
Module and Cisco PIX. The updated versions correct remotely
exploitable Denial of Service vulnerabilities. Please refer to
referenced Secunia Advisories for information about non vulnerable
versions.
Reference: [SA10433] & [SA10434]
A security researcher named 'Max' has revealed a vulnerability in Mac
OS X, which potentially can be used to execute arbitrary code locally
with privileges as root.
Reference: [SA10440]
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10395] Internet Explorer URL Spoofing Vulnerability
2. [SA10440] Mac OS X cd9660.util Privilege Escalation Vulnerability
3. [SA10289] Internet Explorer System Compromise Vulnerabilities
4. [SA10419] Mozilla Status Bar Manipulation Weakness
5. [SA10353] rsync File Handling Integer Overflow Vulnerability
6. [SA10425] Opera Browser Arbitrary File Deletion Vulnerability
7. [SA9711] Microsoft Internet Explorer Multiple Vulnerabilities
8. [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow
Vulnerability
9. [SA10434] Cisco PIX SNMPv3 and VPNC Denial of Service
Vulnerabilities
10. [SA10328] Linux Kernel "do_brk()" Privilege Escalation
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10429] Dark Age of Camelot Weak Encryption Scheme
[SA10426] Xlight FTP Server Denial of Service and Directory Traversal
[SA10425] Opera Browser Arbitrary File Deletion Vulnerability
[SA10439] DameWare Mini Remote Control Buffer Overflow Vulnerability
[SA10452] WS_FTP Server Denial of Service Vulnerability
[SA10420] CA Unicenter Remote Control Privilege Escalation and Denial
of Service
[SA10438] Doro PDF Writer Privilege Escalation Vulnerability
[SA10449] Macromedia Flash Player Predictable Data Location Weakness
UNIX/Linux:
[SA10441] Cyrus IMSP Server Address Book Handling Buffer Overflow
Vulnerability
[SA10459] Gentoo update for net-ftp/lftp
[SA10454] OpenPKG update for lftp
[SA10447] Invision Power Top Site List SQL Injection Vulnerability
[SA10446] Invision Power Board SQL Injection Vulnerability
[SA10444] Red Hat update for lftp
[SA10437] Mandrake update for lftp
[SA10436] Sun Linux update for Ethereal
[SA10435] Sun update for Zebra
[SA10432] Fedora update for lftp
[SA10431] SuSE update for lftp
[SA10428] Slackware update for lftp
[SA10427] LFTP HTTP Directory Listing Buffer Overflow Vulnerabilities
[SA10418] Gentoo update for gnupg
[SA10423] Mandrake update for net-snmp
[SA10416] Slackware update for CVS
[SA10415] sipd IP Address Resolving Denial of Service Vulnerability
[SA10448] Red Hat update for httpd
[SA10442] CGINews and CGIForum May Expose Passwords to Local Users
[SA10440] Mac OS X cd9660.util Privilege Escalation Vulnerability
[SA10430] Sun Solaris Printing Unspecified Privilege Escalation
Vulnerabilities
[SA10411] Sun Solaris ed Text Editor Insecure Temporary File Creation
Vulnerability
[SA10450] NetBSD update for BIND
Other:
[SA10434] Cisco PIX SNMPv3 and VPNC Denial of Service Vulnerabilities
[SA10433] Cisco Firewall Services Module Denial of Service
Vulnerabilities
Cross Platform:
[SA10422] W-Agora Multiple Vulnerabilities
[SA10414] Hermes Unspecified File Inclusion Vulnerability
[SA10453] Aardvark Topsites PHP Information Disclosure and SQL
Injection
[SA10443] osCommerce SQL Injection Vulnerability
[SA10421] Cyclonic WebMail Allows Sending Emails Anonymously
[SA10417] Multiple Vendor SOAP Server DTD Parameter Denial of Service
[SA10413] Mambo Server SQL Injection Vulnerabilities
[SA10412] VisitorBook LE Multiple Vulnerabilities
[SA10424] Ethereal SMB and Q.931 Protocol Dissector Vulnerabilities
[SA10419] Mozilla Status Bar Manipulation Weakness
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA10429] Dark Age of Camelot Weak Encryption Scheme
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2003-12-15
A weakness has been reported in Dark Age of Camelot, which may expose
sensitive user information.
Full Advisory:
http://www.secunia.com/advisories/10429/
--
[SA10426] Xlight FTP Server Denial of Service and Directory Traversal
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2003-12-15
Two vulnerabilities have been identified in Xlight FTP Server, which
can be exploited by malicious, authenticated users to read arbitrary
files on a vulnerable system or cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10426/
--
[SA10425] Opera Browser Arbitrary File Deletion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2003-12-13
A vulnerability has been reported in Opera, which can be exploited by
malicious people to delete arbitrary files on a user's system.
Full Advisory:
http://www.secunia.com/advisories/10425/
--
[SA10439] DameWare Mini Remote Control Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2003-12-16
Wirepair has discovered a vulnerability in DameWare Mini Remote
Control, which can be exploited by malicious, unauthenticated people to
compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10439/
--
[SA10452] WS_FTP Server Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2003-12-17
Dr_insane has reported a vulnerability in WS_FTP Server, which can be
exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10452/
--
[SA10420] CA Unicenter Remote Control Privilege Escalation and Denial
of Service
Critical: Less critical
Where: From local network
Impact: Privilege escalation, DoS
Released: 2003-12-12
Two vulnerabilities have been identified in CA Unicenter Remote Control
and ControlIT, which can be exploited by malicious, local users to
escalate their privileges and by malicious people to cause a Denial of
Service.
Full Advisory:
http://www.secunia.com/advisories/10420/
--
[SA10438] Doro PDF Writer Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-16
Ramon Kukla has reported a privilege escalation vulnerability in Doro
PDF Writer, which can be exploited by malicious, local users to
escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10438/
--
[SA10449] Macromedia Flash Player Predictable Data Location Weakness
Critical: Not critical
Where: From remote
Impact:
Released: 2003-12-17
Macromedia has issued an updated version of the Flash Player to fix an
issue, which has been exploited in combination with known browser
vulnerabilities to access users' systems.
Full Advisory:
http://www.secunia.com/advisories/10449/
UNIX/Linux:--
[SA10441] Cyrus IMSP Server Address Book Handling Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-16
Felix Lindner and Michael Guenther have reported a vulnerability in
Cyrus IMSP Server, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10441/
--
[SA10459] Gentoo update for net-ftp/lftp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-18
Gentoo has issued an updated package for net-ftp/lftp. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10459/
--
[SA10454] OpenPKG update for lftp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-17
OpenPKG has issued updated packages for lftp. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10454/
--
[SA10447] Invision Power Top Site List SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2003-12-16
JeiAr has reported a vulnerability in Invision Power Top Site List,
which potentially can be exploited by malicious people to manipulate
data through HTTP.
Full Advisory:
http://www.secunia.com/advisories/10447/
--
[SA10446] Invision Power Board SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2003-12-16
JeiAr has reported a vulnerability in Invision Power Board, which
potentially can be exploited by malicious people to manipulate data
through HTTP.
Full Advisory:
http://www.secunia.com/advisories/10446/
--
[SA10444] Red Hat update for lftp
Critical: Moderately critical
Where: From remote
Impact: System access, DoS
Released: 2003-12-16
Red Hat has issued updated packages for lftp. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10444/
--
[SA10437] Mandrake update for lftp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-16
MandrakeSoft has issued updated packages for lftp. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10437/
--
[SA10436] Sun Linux update for Ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-16
Sun has issued updated packages for Ethereal. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system running Ethereal.
Full Advisory:
http://www.secunia.com/advisories/10436/
--
[SA10435] Sun update for Zebra
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-16
Sun has issued updated packages for Zebra. These fix two
vulnerabilities allowing malicious people and local users to cause a
Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10435/
--
[SA10432] Fedora update for lftp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-15
Red Hat has issued updated packages for lftp. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10432/
--
[SA10431] SuSE update for lftp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-15
SuSE has issued updated packages for lftp. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10431/
--
[SA10428] Slackware update for lftp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-15
Slackware has issued updated packages for lftp. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10428/
--
[SA10427] LFTP HTTP Directory Listing Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-15
Two vulnerabilities have been identified in LFTP, which potentially can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10427/
--
[SA10418] Gentoo update for gnupg
Critical: Moderately critical
Where: From remote
Impact: ID Spoofing, Exposure of sensitive information, DoS,
System access
Released: 2003-12-12
Gentoo has issued updated packages for gnupg. These fix two
vulnerabilities, which may expose the private key when using El-Gamal
type 20 keys and allow malicious people to compromise systems using the
experimental HKP interface.
Full Advisory:
http://www.secunia.com/advisories/10418/
--
[SA10423] Mandrake update for net-snmp
Critical: Moderately critical
Where: From local network
Impact: Security Bypass
Released: 2003-12-12
MandrakeSoft has issued updated packages for net-snmp. These fix a
vulnerability, which can be exploited by malicious users to bypass
certain security restrictions.
Full Advisory:
http://www.secunia.com/advisories/10423/
--
[SA10416] Slackware update for CVS
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-12
Slackware has issued updated packages for cvs. These fix a
vulnerability, which can be exploited by malicious users to create
arbitrary folders and possibly files in the root of the host's file
system.
Full Advisory:
http://www.secunia.com/advisories/10416/
--
[SA10415] sipd IP Address Resolving Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2003-12-12
A vulnerability has been reported in sipd, which can be exploited by
malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10415/
--
[SA10448] Red Hat update for httpd
Critical: Less critical
Where: Local system
Impact: DoS, Privilege escalation
Released: 2003-12-17
Red Hat has issued updated packages for httpd. These fix some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) or escalate privileges.
Full Advisory:
http://www.secunia.com/advisories/10448/
--
[SA10442] CGINews and CGIForum May Expose Passwords to Local Users
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2003-12-16
JeiAr has reported a weakness in CGINews and CGIForum, which can be
exploited by malicious, local users to see passwords.
Full Advisory:
http://www.secunia.com/advisories/10442/
--
[SA10440] Mac OS X cd9660.util Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-16
Max has reported a vulnerability in Mac OS X, which can be exploited by
malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10440/
--
[SA10430] Sun Solaris Printing Unspecified Privilege Escalation
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-15
Sun has reported some unspecified vulnerabilities in Solaris, which can
be exploited by malicious, local users to escalate their privileges on
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10430/
--
[SA10411] Sun Solaris ed Text Editor Insecure Temporary File Creation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-11
A vulnerability has been identified in Sun Solaris, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10411/
--
[SA10450] NetBSD update for BIND
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2003-12-17
NetBSD has issued updated packages for bind. These fix a vulnerability,
which can be exploited by malicious people to poison the DNS cache with
negative entries.
Full Advisory:
http://www.secunia.com/advisories/10450/
Other:--
[SA10434] Cisco PIX SNMPv3 and VPNC Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-15
Cisco has reported two vulnerabilities in the Cisco PIX firewall, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://www.secunia.com/advisories/10434/
--
[SA10433] Cisco Firewall Services Module Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-15
Cisco has reported two vulnerabilities in the Cisco Firewall Services
Module (FWSM) for Catalyst 6500 series and 7600 series, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10433/
Cross Platform:--
[SA10422] W-Agora Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2003-12-15
Some vulnerabilities have been reported in W-Agora, which may be
exploited by malicious people to conduct Cross-Site Scripting attacks
or include arbitrary files to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10422/
--
[SA10414] Hermes Unspecified File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-12
A vulnerability has been identified in Hermes, which potentially can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10414/
--
[SA10453] Aardvark Topsites PHP Information Disclosure and SQL
Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2003-12-17
JeiAr has reported some vulnerabilities in Aardvark Topsites PHP, which
can be exploited by malicious people to disclose information and
possibly manipulate SQL queries.
Full Advisory:
http://www.secunia.com/advisories/10453/
--
[SA10443] osCommerce SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2003-12-16
JeiAr has reported a vulnerability in osCommerce, which potentially can
be exploited by malicious people to manipulate data through HTTP.
Full Advisory:
http://www.secunia.com/advisories/10443/
--
[SA10421] Cyclonic WebMail Allows Sending Emails Anonymously
Critical: Moderately critical
Where: From remote
Impact: Hijacking, Security Bypass, ID Spoofing, Exposure of
sensitive information
Released: 2003-12-12
Multiple vulnerabilities have been reported in Cyclonic WebMail,
allowing malicious people to send SPAM anonymously and possibly view
sensitive data.
Full Advisory:
http://www.secunia.com/advisories/10421/
--
[SA10417] Multiple Vendor SOAP Server DTD Parameter Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-12
A vulnerability has been identified in various products, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10417/
--
[SA10413] Mambo Server SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2003-12-11
Two vulnerabilities have been reported in Mambo Server, which can be
exploited by malicious people to manipulate SQL queries.
Full Advisory:
http://www.secunia.com/advisories/10413/
--
[SA10412] VisitorBook LE Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2003-12-11
Multiple vulnerabilities have been identified in VisitorBook LE,
allowing malicious people to conduct Cross Site Scripting attacks or
send SPAM mails anonymously.
Full Advisory:
http://www.secunia.com/advisories/10412/
--
[SA10424] Ethereal SMB and Q.931 Protocol Dissector Vulnerabilities
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2003-12-13
Two vulnerabilities have been reported in Ethereal, which can be
exploited by malicious people to crash the application.
Full Advisory:
http://www.secunia.com/advisories/10424/
--
[SA10419] Mozilla Status Bar Manipulation Weakness
Critical: Not critical
Where: From remote
Impact: Security Bypass, ID Spoofing
Released: 2003-12-12
A weakness has been identified in Mozilla, which can be exploited by
malicious people to manipulate information displayed in the status
bar.
Full Advisory:
http://www.secunia.com/advisories/10419/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Subscribe:
http://www.secunia.com/secunia_weekly_summary/
Contact details:
Web : http://www.secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Dec 18 2003 - 06:01:20 PST