======================================================================== The Secunia Weekly Advisory Summary 2004-01-15 - 2004-01-22 This week : 56 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia Advisory IDs Every advisory issued by Secunia has an unique identifier: The Secunia Advisory ID (SA ID). The SA IDs make it very easy to reference, identify, and find Secunia advisories. A Shortcut to Secunia Advisories Finding Secunia Advisories using SA IDs is easily done at the Secunia website; either by simply entering the SA ID in our search form placed on the right side of every Secunia web page, or by entering the SA ID directly after the domain when visiting the Secunia website e.g. http://secunia.com/SA10395 In the Secunia Weekly Summary SA IDs are displayed in brackets e.g. [SA10395] ======================================================================== 2) This Week in Brief: This week more products were reported to have vulnerable implementations of the H.323 protocol; among the vulnerable products were some from Sun and Avaya. While the vulnerability reported in Sun's product can be exploited to gain system access, the vulnerability reported in Avaya's products can only be used to cause a Denial of Service. Reference: [SA10665] & [SA10667] Three security researchers George Bakos, Jonathan Heusser, and Przemyslaw Frasunek have reported four vulnerabilities in the way tcpdump handles ISAKMP, L2TP, and RADIUS packets. A new version has been released which corrects these vulnerabilities. In addition several Linux distributions have also issued updated packages. Reference: [SA10636] TIP: Finding Secunia advisories is easily done through the Secunia web site. Simply enter the SA ID in the URL: http://secunia.com/SA10609 ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10395] Internet Explorer URL Spoofing Vulnerability 2. [SA10649] qmail Long SMTP Session Handling Vulnerability 3. [SA10609] Symantec Automatic LiveUpdate Privilege Escalation Vulnerability 4. [SA10636] tcpdump ISAKMP and RADIUS Packet Handling Vulnerabilities 5. [SA10532] Linux Kernel "mremap()" Privilege Escalation Vulnerability 6. [SA10289] Internet Explorer System Compromise Vulnerabilities 7. [SA10635] HP-UX calloc Buffer Size Miscalculation Vulnerability 8. [SA10523] Internet Explorer showHelp() Restriction Bypass Vulnerability 9. [SA10634] HP-UX update for dtterm 10. [SA10611] Microsoft ISA Server 2000 H.323 Protocol Filter Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA10687] DUware Products Admin Area Authentication Bypass Vulnerability [SA10679] GetWare Products Denial of Service Vulnerability [SA10659] Xtreme ASP Photo Gallery SQL Injection Vulnerability [SA10646] WWW File Share Pro Multiple Vulnerabilities [SA10650] RapidCache Server HTTP Request Handling Vulnerabilities [SA10663] Ultr@VNC Privilege Escalation Vulnerability [SA10660] Outpost Firewall Privilege Escalation Vulnerability [SA10661] Pablo FTP Server Allows Remote Detection of Local Files [SA10689] WebTrends Exposure of Installation Path UNIX/Linux: [SA10690] Sun Solaris update for IKE [SA10673] Sun Cobalt update for ProFTPD [SA10665] SunForum H.323 Protocol Implementation Vulnerabilities [SA10647] HP Tru64 UNIX IPsec and SSH Vulnerabilities [SA10685] Red Hat update for mc [SA10681] Conectiva update for kdepim [SA10668] EnGarde update for tcpdump [SA10664] OpenCA libCheckSignature Signature Validation Vulnerability [SA10654] OpenPKG update for tcpdump [SA10652] Debian update for tcpdump [SA10645] Debian update for mc [SA10644] Trustix update for tcpdump [SA10642] Debian update for ia64 kernel [SA10639] Red Hat update for tcpdump [SA10691] Sun Cluster OpenSSL Vulnerabilities [SA10643] Red Hat update for net-snmp [SA10692] HP-UX update for Mozilla [SA10684] Red Hat update for ethereal [SA10682] Conectiva update for cvs [SA10671] Sun Cobalt update for tcpdump [SA10651] BUGS Database Credentials Exposure Vulnerability [SA10637] SuSE update for tcpdump [SA10674] Sun Cobalt update for PostgreSQL [SA10680] Conectiva update for screen [SA10672] Sun Cobalt update for apache [SA10662] Debian update for netpbm-free [SA10658] Red Hat update for kernel [SA10657] HP-UX SharedX Unspecified File Access Vulnerability [SA10649] qmail Long SMTP Session Handling Vulnerability [SA10669] Sun Cobalt update for BIND [SA10686] Trustix update for slocate [SA10683] Debian update for slocate [SA10670] Sun Cobalt update for slocate Other: [SA10667] Avaya Security Gateways H.323 Protocol Implementation Vulnerabilities [SA10641] Radvision Products H.323 Protocol Implementation Vulnerabilities [SA10640] Nortel Products H.323 Protocol Implementation Vulnerabilities [SA10675] NetScreen-Security Manager Communication Disclosure [SA10648] nCipher payShield May Authorize Transactions With Wrong PIN [SA10688] NetCam Directory Traversal Vulnerability [SA10666] 2Wire HomePortal Directory Traversal Vulnerability Cross Platform: [SA10677] Mambo Arbitrary File Inclusion Vulnerability [SA10638] PhpDig "relative_script_path" Arbitrary File Inclusion Vulnerability [SA10678] GoAhead WebServer Denial of Service Vulnerability [SA10676] YaBB SE SQL Injection Vulnerability [SA10656] Metadot Portal Server Cross-Site Scripting and SQL Injection [SA10655] phpShop Multiple Vulnerabilities [SA10653] Novell iChain "url" Parameter Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA10687] DUware Products Admin Area Authentication Bypass Vulnerability Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2004-01-21 frog-m@n has identified a vulnerability in multiple DUware products, allowing malicious people to gain administrative access. In DUpics it is also possible to upload arbitrary files. Full Advisory: http://www.secunia.com/advisories/10687/ -- [SA10679] GetWare Products Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-01-20 Luigi Auriemma has reported a vulnerability in WebCam Live and PhotoHost, allowing malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10679/ -- [SA10659] Xtreme ASP Photo Gallery SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-01-19 posidron and rushjo have reported a vulnerability in Xtreme ASP Photo Gallery, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10659/ -- [SA10646] WWW File Share Pro Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, DoS Released: 2004-01-16 Luigi Auriemma has identified multiple vulnerabilities in WWW File Share Pro, allowing malicious people to bypass restrictions or cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10646/ -- [SA10650] RapidCache Server HTTP Request Handling Vulnerabilities Critical: Less critical Where: From local network Impact: Exposure of sensitive information, DoS Released: 2004-01-17 Peter Winter-Smith has reported two vulnerabilities in RapidCache Server, allowing malicious people to view arbitrary files and cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10650/ -- [SA10663] Ultr@VNC Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-20 KF has discovered a vulnerability in Ultr@VNC, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10663/ -- [SA10660] Outpost Firewall Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-20 KF has discovered a vulnerability in Outpost Firewall, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10660/ -- [SA10661] Pablo FTP Server Allows Remote Detection of Local Files Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2004-01-19 Arnaud Jacques has identified a vulnerability in Pablo FTP Server, allowing malicious people to determine if a certain file exists on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10661/ -- [SA10689] WebTrends Exposure of Installation Path Critical: Not critical Where: From local network Impact: Exposure of system information Released: 2004-01-21 Oliver Karow has reported a vulnerability in WebTrends, allowing malicious people to determine the WebTrends installation path. Full Advisory: http://www.secunia.com/advisories/10689/ UNIX/Linux:-- [SA10690] Sun Solaris update for IKE Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-01-21 Sun has issued updated packages for IKE (which include code from SSH / OpenSSL). These fix various vulnerabilities, which can lead to a Denial of Service and potentially system access. Full Advisory: http://www.secunia.com/advisories/10690/ -- [SA10673] Sun Cobalt update for ProFTPD Critical: Highly critical Where: From remote Impact: System access Released: 2004-01-20 Sun has issued updated packages for ProFTPD. These fix a vulnerability, which can be exploited by some malicious users to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10673/ -- [SA10665] SunForum H.323 Protocol Implementation Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-01-19 Sun has acknowledged that SunForum is affected by the recently reported vulnerabilities in various products' H.323 protocol implementation. Full Advisory: http://www.secunia.com/advisories/10665/ -- [SA10647] HP Tru64 UNIX IPsec and SSH Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-01-16 HP has issued updates for SSH and IPsec. These fix some unspecified vulnerabilities, which reportedly may lead to system access or cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10647/ -- [SA10685] Red Hat update for mc Critical: Moderately critical Where: From remote Impact: System access Released: 2004-01-21 Red Hat has issued updated packages for mc. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10685/ -- [SA10681] Conectiva update for kdepim Critical: Moderately critical Where: From remote Impact: System access Released: 2004-01-20 Conectiva has issued updated packages for kdepim. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10681/ -- [SA10668] EnGarde update for tcpdump Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-01-20 Guardian Digital has issued updated packages for tcpdump. These fix multiple vulnerabilities, which can be exploited by malicious people to crash tcpdump and potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10668/ -- [SA10664] OpenCA libCheckSignature Signature Validation Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-01-20 A vulnerability has been identified in OpenCA, which may result in an incorrect signature being accepted. Full Advisory: http://www.secunia.com/advisories/10664/ -- [SA10654] OpenPKG update for tcpdump Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-01-17 OpenPKG has issued an updated package for tcpdump. This fixes multiple vulnerabilities, which can be exploited by malicious people to crash tcpdump and potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10654/ -- [SA10652] Debian update for tcpdump Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-01-17 Debian has issued updated packages for tcpdump. These fix multiple vulnerabilities, which can be exploited by malicious people to crash tcpdump and potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10652/ -- [SA10645] Debian update for mc Critical: Moderately critical Where: From remote Impact: System access Released: 2004-01-17 Debian has issued updated packages for mc. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10645/ -- [SA10644] Trustix update for tcpdump Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-01-16 Trustix has issued updated packages for tcpdump. These fix three vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a system running tcpdump. Full Advisory: http://www.secunia.com/advisories/10644/ -- [SA10642] Debian update for ia64 kernel Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2004-01-16 Debian has issued updated packages for the kernel on ia64 processors. These fix multiple older issues ranging from remote Denial of Service to local privilege escalation vulnerabilities. Full Advisory: http://www.secunia.com/advisories/10642/ -- [SA10639] Red Hat update for tcpdump Critical: Moderately critical Where: From remote Impact: System access, DoS Released: 2004-01-15 Red Hat has issued updated packages for tcpdump. These fix three vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a system running tcpdump. Full Advisory: http://www.secunia.com/advisories/10639/ -- [SA10691] Sun Cluster OpenSSL Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2004-01-21 Sun has acknowledged that Sun Cluster is affected by certain OpenSSL vulnerabilities, which can lead to a Denial of Service and potentially system access. Full Advisory: http://www.secunia.com/advisories/10691/ -- [SA10643] Red Hat update for net-snmp Critical: Moderately critical Where: From local network Impact: Security Bypass Released: 2004-01-16 Red Hat has issued updated packages for net-snmp. These fix a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://www.secunia.com/advisories/10643/ -- [SA10692] HP-UX update for Mozilla Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2004-01-21 HP has issued an update for Mozilla. This fixes a vulnerability, allowing a malicious website to access the contents of other websites. Full Advisory: http://www.secunia.com/advisories/10692/ -- [SA10684] Red Hat update for ethereal Critical: Less critical Where: From remote Impact: DoS Released: 2004-01-21 Red Hat has issued updated packages for ethereal. These fix two vulnerabilities, which can be exploited by malicious people to crash the application. Full Advisory: http://www.secunia.com/advisories/10684/ -- [SA10682] Conectiva update for cvs Critical: Less critical Where: From remote Impact: Security Bypass Released: 2004-01-20 Conectiva has issued updated packages for cvs. These fix a vulnerability, which can be exploited by malicious users to create arbitrary folders and possibly files in the root of the host's file system. Full Advisory: http://www.secunia.com/advisories/10682/ -- [SA10671] Sun Cobalt update for tcpdump Critical: Less critical Where: From remote Impact: DoS Released: 2004-01-20 Sun has issued updated packages for tcpdump. These fix a vulnerability, allowing malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10671/ -- [SA10651] BUGS Database Credentials Exposure Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2004-01-17 A vulnerability has been identified in BUGS, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10651/ -- [SA10637] SuSE update for tcpdump Critical: Less critical Where: From remote Impact: DoS Released: 2004-01-15 SuSE has issued updated packages for tcpdump. These fix a vulnerability in the ISAKMP decoding routines, which can be exploited by malicious people to cause a DoS (Denial of Service) on tcpdump by making it enter an infinite loop. Full Advisory: http://www.secunia.com/advisories/10637/ -- [SA10674] Sun Cobalt update for PostgreSQL Critical: Less critical Where: From local network Impact: System access Released: 2004-01-20 Sun has issued an updated package for postgresql. This fixes some vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10674/ -- [SA10680] Conectiva update for screen Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-20 Conectiva has issued updated packages for screen. These fix a vulnerability, which potentially may allow malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10680/ -- [SA10672] Sun Cobalt update for apache Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2004-01-20 Sun has issued updated packages for httpd. These fix a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or escalate privileges. Full Advisory: http://www.secunia.com/advisories/10672/ -- [SA10662] Debian update for netpbm-free Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-19 Full Advisory: http://www.secunia.com/advisories/10662/ -- [SA10658] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-19 Red Hat has issued updated kernel packages. These fix a vulnerability, allowing malicious users to escalate their privileges through a vulnerability in the 32-bit ptrace emulation. Full Advisory: http://www.secunia.com/advisories/10658/ -- [SA10657] HP-UX SharedX Unspecified File Access Vulnerability Critical: Less critical Where: Local system Impact: DoS, Privilege escalation Released: 2004-01-17 HP has reported a vulnerability in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain unauthorised access. Full Advisory: http://www.secunia.com/advisories/10657/ -- [SA10649] qmail Long SMTP Session Handling Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2004-01-16 Georgi Guninski has reported a vulnerability in qmail, which can be exploited to crash the current SMTP session. Full Advisory: http://www.secunia.com/advisories/10649/ -- [SA10669] Sun Cobalt update for BIND Critical: Not critical Where: From local network Impact: DoS Released: 2004-01-20 Sun has issued updated packages for bind. These fix a vulnerability, which can be exploited by malicious people to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10669/ -- [SA10686] Trustix update for slocate Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-01-21 Trustix has issued updated packages for slocate. These fix a vulnerability, which can be exploited by malicious, local users to gain "slocate" group privileges. Full Advisory: http://www.secunia.com/advisories/10686/ -- [SA10683] Debian update for slocate Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-01-21 Debian has issued updated packages for slocate. These fix a vulnerability, which can be exploited by malicious, local users to gain "slocate" group privileges. Full Advisory: http://www.secunia.com/advisories/10683/ -- [SA10670] Sun Cobalt update for slocate Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-01-20 Sun has issued updated packages for slocate. These fix a vulnerability, which can be exploited by malicious, local users to gain "slocate" group privileges. Full Advisory: http://www.secunia.com/advisories/10670/ Other:-- [SA10667] Avaya Security Gateways H.323 Protocol Implementation Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-01-20 Avaya has acknowledged that some products are affected by the recently reported vulnerabilities in various vendors' H.323 protocol implementations. Full Advisory: http://www.secunia.com/advisories/10667/ -- [SA10641] Radvision Products H.323 Protocol Implementation Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-01-15 Radvision has confirmed that certain of their products have vulnerabilities in their implementation of the H.323 protocol. Full Advisory: http://www.secunia.com/advisories/10641/ -- [SA10640] Nortel Products H.323 Protocol Implementation Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-01-15 Nortel has confirmed that certain of their products have vulnerabilities in their implementation of the H.323 protocol. Full Advisory: http://www.secunia.com/advisories/10640/ -- [SA10675] NetScreen-Security Manager Communication Disclosure Critical: Moderately critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2004-01-20 A vulnerability has been reported in NetScreen-Security Manager, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10675/ -- [SA10648] nCipher payShield May Authorize Transactions With Wrong PIN Critical: Less critical Where: From remote Impact: Security Bypass Released: 2004-01-16 nCipher has reported a vulnerability in payShield, possibly allowing malicious people to make unauthorised purchases. Full Advisory: http://www.secunia.com/advisories/10648/ -- [SA10688] NetCam Directory Traversal Vulnerability Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2004-01-21 Rafel Ivgi has reported a vulnerability in NetCam, allowing malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10688/ -- [SA10666] 2Wire HomePortal Directory Traversal Vulnerability Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2004-01-21 Rafel Ivgi has reported a vulnerability in 2Wire routers, allowing malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10666/ Cross Platform:-- [SA10677] Mambo Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-01-20 FraMe has reported a vulnerability in Mambo server, allowing malicious people to execute arbitrary code on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10677/ -- [SA10638] PhpDig "relative_script_path" Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-01-15 FraMe has reported a vulnerability in PhpDig, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10638/ -- [SA10678] GoAhead WebServer Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2004-01-20 Luigi Auriemma has reported a vulnerability in GoAhead WebServer, allowing malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10678/ -- [SA10676] YaBB SE SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2004-01-20 BackSpace has identified a vulnerability in YaBB SE, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10676/ -- [SA10656] Metadot Portal Server Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-01-17 JeiAr has reported multiple vulnerabilities in Metadot Portal Server, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10656/ -- [SA10655] phpShop Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-01-17 JeiAr has reported multiple vulnerabilities in phpShop, which can be exploited by malicious people to gain knowledge of sensitive information and conduct cross-site scripting and SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10655/ -- [SA10653] Novell iChain "url" Parameter Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-01-17 A vulnerability has been identified in Novell iChain, which can be exploited by malicious people to conduct cross-site scripting attacks against users. Full Advisory: http://www.secunia.com/advisories/10653/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://www.secunia.com/about_secunia_advisories/ Subscribe: http://www.secunia.com/secunia_weekly_summary/ Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Jan 23 2004 - 11:02:27 PST