========================================================================
The Secunia Weekly Advisory Summary
2004-01-22 - 2004-01-29
This week : 41 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia Advisory IDs
Every advisory issued by Secunia has an unique identifier: The Secunia
Advisory ID (SA ID). The SA IDs make it very easy to reference,
identify, and find Secunia advisories.
A Shortcut to Secunia Advisories
Finding Secunia Advisories using SA IDs is easily done at the Secunia
website; either by simply entering the SA ID in our search form placed
on the right side of every Secunia web page, or by entering the SA ID
directly after the domain when visiting the Secunia website e.g.
http://secunia.com/SA10736
In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.
[SA10736]
========================================================================
2) This Week in Brief:
Security researcher http-equiv has reported a vulnerability, which can
be exploited to spoof the "File name" field in Internet Explorer when
downloading files.
Secunia has made a simple demonstration of this vulnerability; a link
to the test can be found in the referenced Secunia Advisory.
Reference: [SA10736]
http-equiv has also demonstrated how it is possible to make a normal
looking "folder" in Windows XP contain arbitrary code, which will be
executed automatically on a users system when opened.
Reference: [SA10708]
Apple has issued a security update for Mac OS X. The update fixes
several vulnerabilities some of which are already known and others are
new.
Reference: [SA10723]
A vulnerability has been reported in the very popular FTP server
Serv-U, which can be exploited to execute arbitrary code on vulnerable
systems.
Reportedly, the vulnerability is addressed in version 5.0.
Reference: [SA10706]
TIP:
Finding Secunia advisories is easily done through the Secunia web site.
Simply enter the SA ID in the URL:
http://secunia.com/SA10736
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10736] Internet Explorer File Download Extension Spoofing
2. [SA10708] Windows XP Malicious Folder Automatic Code Execution
Vulnerability
3. [SA10395] Internet Explorer URL Spoofing Vulnerability
4. [SA10723] Mac OS X Security Update Fixes Multiple Vulnerabilities
5. [SA9580] Microsoft Internet Explorer Multiple Vulnerabilities
6. [SA9213] XBlockOut "-display" Privilege Escalation Vulnerability
7. [SA9223] Cisco Catalyst Switch Non-Standard TCP Flag Combination
DoS Vulnerability
8. [SA10700] Need for Speed Client Buffer Overflow Vulnerability
9. [SA10289] Internet Explorer System Compromise Vulnerabilities
10. [SA10523] Internet Explorer showHelp() Restriction Bypass
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10700] Need for Speed Client Buffer Overflow Vulnerability
[SA10736] Internet Explorer File Download Extension Spoofing
[SA10710] Mbedthis AppWeb HTTP Request Denial of Service
Vulnerabilities
[SA10708] Windows XP Malicious Folder Automatic Code Execution
Vulnerability
[SA10707] TinyServer Multiple Vulnerabilities
[SA10704] Q-Shop SQL Injection and Cross Site Scripting
Vulnerabilities
[SA10724] ProxyNow! HTTP Request Buffer Overflow Vulnerabilities
[SA10714] FinJan SurfinGate Proxy Access to Admin Functions
[SA10741] BRS WebWeaver "ISAPISkeleton.dll" Cross Site Scripting
Vulnerability
[SA10739] BlackICE PC Protection Privilege Escalation Vulnerability
UNIX/Linux:
[SA10738] Gentoo update for gaim
[SA10735] Gentoo update for mod_python
[SA10723] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA10721] Red Hat update for gaim
[SA10719] Slackware update for gaim
[SA10718] Mandrake update for tcpdump
[SA10717] Mandrake update for gaim
[SA10716] Mandrake update for mc
[SA10715] Debian update for gnupg
[SA10705] Gaim Multiple Buffer Overflow Vulnerabilities
[SA10696] Cisco Voice Products Director Agent Insecure Default
Installation
[SA10703] Mandrake update for jabber
[SA10701] Cherokee Error Page Cross-Site Scripting Vulnerability
[SA10722] Fedora update for slocate
[SA10720] Red Hat update for slocate
[SA10702] Mandrake update for slocate
[SA10698] Red Hat update for slocate
Other:
[SA10711] NetWare Enterprise Web Server Cross Site Scripting
Vulnerability
Cross Platform:
[SA10712] Gallery Arbitrary File Inclusion Vulnerability
[SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
Vulnerability
[SA10725] BEA WebLogic May Provide Access to Wrong Identity
[SA10713] Novell Groupwise Cross Site Scripting Vulnerability
[SA10709] IBM Net.Data Error Message Cross-Site Scripting
Vulnerability
[SA10737] IBM Informix Database Multiple Local Vulnerabilities
[SA10729] BEA WebLogic Boot Credentials Disclosure Vulnerability
[SA10728] BEA WebLogic Administrative Password Exposure Vulnerability
[SA10727] BEA WebLogic Exposure of Password to Operators
[SA10697] mod_perl File Descriptor Leakage Vulnerability
[SA10726] BEA WebLogic HTTP TRACE Response Cross-Site Scripting Issue
[SA10731] BremsServer Cross Site Scripting and Directory Traversal
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA10700] Need for Speed Client Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-01-23
Luigi Auriemma has reported a vulnerability in Need for Speed Hot
Pursuit 2, which potentially can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10700/
--
[SA10736] Internet Explorer File Download Extension Spoofing
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-01-28
http-equiv has identified a vulnerability in Internet Explorer,
allowing malicious web sites to spoof the file extension of
downloadable files.
Full Advisory:
http://www.secunia.com/advisories/10736/
--
[SA10710] Mbedthis AppWeb HTTP Request Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-01-26
Ziv Kamir has reported two vulnerabilities in Mbedthis AppWeb, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://www.secunia.com/advisories/10710/
--
[SA10708] Windows XP Malicious Folder Automatic Code Execution
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2004-01-26
http-equiv has reported a vulnerability in Windows XP, which can be
exploited by malicious people to compromise a user's system or gain
escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10708/
--
[SA10707] TinyServer Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
DoS
Released: 2004-01-26
Donato Ferrante has reported multiple vulnerabilities in TinyServer,
allowing malicious people to view sensitive information or cause a
Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10707/
--
[SA10704] Q-Shop SQL Injection and Cross Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2004-01-26
Nick Gudov has reported multiple vulnerabilities in Q-Shop, allowing
malicious people to conduct Cross Site Scripting or SQL injection
attacks.
Full Advisory:
http://www.secunia.com/advisories/10704/
--
[SA10724] ProxyNow! HTTP Request Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-01-27
Peter Winter-Smith has reported two vulnerabilities in ProxyNow!, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10724/
--
[SA10714] FinJan SurfinGate Proxy Access to Admin Functions
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, System access
Released: 2004-01-27
David Byrne has reported a vulnerability in Finjan SurfinGate, allowing
malicious people to access administrative functions.
Full Advisory:
http://www.secunia.com/advisories/10714/
--
[SA10741] BRS WebWeaver "ISAPISkeleton.dll" Cross Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-29
Oliver Karow has reported a vulnerability in BRS WebWeaver, allowing
malicious people to conduct Cross Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10741/
--
[SA10739] BlackICE PC Protection Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-28
KF has reported a privilege escalation vulnerability in BlackICE PC
Protection, allowing malicious users to gain SYSTEM privileges.
Full Advisory:
http://www.secunia.com/advisories/10739/
UNIX/Linux:--
[SA10738] Gentoo update for gaim
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-28
Gentoo has issued updated packages for gaim. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10738/
--
[SA10735] Gentoo update for mod_python
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-01-28
Gentoo has issued an update for mod_python. This fix a vulnerability,
which can be exploited by malicious people to cause a Denial of
Service.
Full Advisory:
http://www.secunia.com/advisories/10735/
--
[SA10723] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Privilege escalation, DoS
Released: 2004-01-27
Apple has issued a security update for Mac OS X, which fixes some
older, known vulnerabilities along with some new unspecified issues.
Full Advisory:
http://www.secunia.com/advisories/10723/
--
[SA10721] Red Hat update for gaim
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-27
Red Hat has issued updated packages for gaim. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10721/
--
[SA10719] Slackware update for gaim
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-27
Slackware has issued updated packages for gaim. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10719/
--
[SA10718] Mandrake update for tcpdump
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-01-27
MandrakeSoft has issued updated packages for tcpdump. These fix
multiple vulnerabilities, which can be exploited by malicious people to
crash tcpdump and potentially compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10718/
--
[SA10717] Mandrake update for gaim
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-27
MandrakeSoft has issued updated packages for gaim. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10717/
--
[SA10716] Mandrake update for mc
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-27
MandrakeSoft has issued updated packages for mc. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10716/
--
[SA10715] Debian update for gnupg
Critical: Moderately critical
Where: From remote
Impact: ID Spoofing, Exposure of sensitive information
Released: 2004-01-27
Debian has issued updated packages for gnupg. These fix a
vulnerability, which exposes the private key when using El-Gamal type
20 keys.
Full Advisory:
http://www.secunia.com/advisories/10715/
--
[SA10705] Gaim Multiple Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-27
Stefan Esser has identified multiple vulnerabilities in Gaim, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10705/
--
[SA10696] Cisco Voice Products Director Agent Insecure Default
Installation
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2004-01-22
Cisco has reported a vulnerability in multiple voice products on the
IBM platform, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10696/
--
[SA10703] Mandrake update for jabber
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-01-26
MandrakeSoft has issued updated packages for jabber. These fix a
vulnerability, which can be exploited by malicious people to cause a
Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10703/
--
[SA10701] Cherokee Error Page Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-26
César Fernández has identified a vulnerability in Cherokee, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://www.secunia.com/advisories/10701/
--
[SA10722] Fedora update for slocate
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-27
Red Hat has issued updated packages for slocate. These fix a
vulnerability, which can be exploited by malicious, local users to gain
"slocate" group privileges.
Full Advisory:
http://www.secunia.com/advisories/10722/
--
[SA10720] Red Hat update for slocate
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-27
Red Hat has issued updated packages for slocate. These fix a
vulnerability, which can be exploited by malicious, local users to gain
"slocate" group privileges.
Full Advisory:
http://www.secunia.com/advisories/10720/
--
[SA10702] Mandrake update for slocate
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-26
MandrakeSoft has issued updated packages for slocate. These fix a
vulnerability, which can be exploited by malicious, local users to gain
"slocate" group privileges.
Full Advisory:
http://www.secunia.com/advisories/10702/
--
[SA10698] Red Hat update for slocate
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-23
Red Hat has issued updated packages for slocate. These fix a
vulnerability, which can be exploited by malicious, local users to gain
"slocate" group privileges.
Full Advisory:
http://www.secunia.com/advisories/10698/
Other:--
[SA10711] NetWare Enterprise Web Server Cross Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information
Released: 2004-01-26
Rafel Ivgi has reported a vulnerability in Novell NetWare Enterprise
Web Server, allowing malicious people to conduct cross site scripting
attacks.
Full Advisory:
http://www.secunia.com/advisories/10711/
Cross Platform:--
[SA10712] Gallery Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-01-26
The Gallery Development Team has fixed a vulnerability in Gallery,
allowing malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10712/
--
[SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-26
kkqq has reported a vulnerability in Serv-U FTP Server, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10706/
--
[SA10725] BEA WebLogic May Provide Access to Wrong Identity
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-01-27
BEA has reported a security issue in WebLogic, which may provide users
access to the wrong profile.
Full Advisory:
http://www.secunia.com/advisories/10725/
--
[SA10713] Novell Groupwise Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-27
A vulnerability has been identified in Novell Groupwise WebAccess
allowing malicious people to conduct Cross Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10713/
--
[SA10709] IBM Net.Data Error Message Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-26
Secunia has identified a vulnerability in IBM Net.Data, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10709/
--
[SA10737] IBM Informix Database Multiple Local Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-28
IBM has issued updates for Informix. These fix multiple vulnerabilities
allowing malicious users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10737/
--
[SA10729] BEA WebLogic Boot Credentials Disclosure Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-01-27
BEA has reported a vulnerability in WebLogic Server and Express, which
may expose the boot credentials to a malicious user.
Full Advisory:
http://www.secunia.com/advisories/10729/
--
[SA10728] BEA WebLogic Administrative Password Exposure Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2004-01-27
BEA has reported a vulnerability in WebLogic, which possibly may expose
administrative passwords to users.
Full Advisory:
http://www.secunia.com/advisories/10728/
--
[SA10727] BEA WebLogic Exposure of Password to Operators
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-27
BEA has reported a vulnerability in WebLogic, which allows operators to
gain knowledge of passwords.
Full Advisory:
http://www.secunia.com/advisories/10727/
--
[SA10697] mod_perl File Descriptor Leakage Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-22
Steve Grubb has reported a vulnerability in mod_perl, which potentially
can be exploited by malicious, local users to hi-jack the HTTPS port.
Full Advisory:
http://www.secunia.com/advisories/10697/
--
[SA10726] BEA WebLogic HTTP TRACE Response Cross-Site Scripting Issue
Critical: Not critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-27
BEA has confirmed a problem in WebLogic Server and Express, which
potentially can be exploited to conduct cross-site scripting attacks
against users.
Full Advisory:
http://www.secunia.com/advisories/10726/
--
[SA10731] BremsServer Cross Site Scripting and Directory Traversal
Critical: Not critical
Where: From local network
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2004-01-28
Donato Ferrante has reported some issues in Der Herberlin BremsServer.
Allowing malicious people to conduct Cross Site Scripting and directory
traversal.
Full Advisory:
http://www.secunia.com/advisories/10731/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Subscribe:
http://www.secunia.com/secunia_weekly_summary/
Contact details:
Web : http://www.secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 29 2004 - 05:26:59 PST