======================================================================== The Secunia Weekly Advisory Summary 2004-01-29 - 2004-02-05 This week : 52 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia Advisory IDs Every advisory issued by Secunia has an unique identifier: The Secunia Advisory ID (SA ID). The SA IDs make it very easy to reference, identify, and find Secunia advisories. A Shortcut to Secunia Advisories Finding Secunia Advisories using SA IDs is easily done at the Secunia website; either by simply entering the SA ID in our search form placed on the right side of every Secunia web page, or by entering the SA ID directly after the domain when visiting the Secunia website e.g. http://secunia.com/SA10736 In the Secunia Weekly Summary SA IDs are displayed in brackets e.g. [SA10736] ======================================================================== 2) This Week in Brief: Microsoft has issued patches for Internet Explorer one week prior to the scheduled release date. These fix three known vulnerabilities including the URL spoofing vulnerability, which has been actively exploited on the Internet the past 1˝ month. Reference: [SA10289], [SA10395] & [SA10765] A hole in the wall. Check Point has issued patches for FireWall-1, which fix serious vulnerabilities in the HTTP application proxy functionality. These can be exploited by malicious people to compromise a vulnerable firewall. Reference: [SA10794] RealNetworks has published patches for RealOne Player and RealPlayer, which fix multiple vulnerabilities. The most serious of these can be exploited by malicious people to compromise a user's system. Reference: [SA10796] TIP: Finding Secunia advisories is easily done through the Secunia web site. Simply enter the SA ID in the URL: http://secunia.com/SA10736 ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10736] Internet Explorer File Download Extension Spoofing 2. [SA10395] Internet Explorer URL Spoofing Vulnerability 3. [SA10708] Windows XP Malicious Folder Automatic Code Execution Vulnerability 4. [SA9580] Microsoft Internet Explorer Multiple Vulnerabilities 5. [SA10765] Internet Explorer Travel Log Arbitrary Script Execution Vulnerability 6. [SA10289] Internet Explorer System Compromise Vulnerabilities 7. [SA10523] Internet Explorer showHelp() Restriction Bypass Vulnerability 8. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow Vulnerability 9. [SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability 10. [SA10746] Kerio Personal Firewall Privilege Escalation Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities [SA10765] Internet Explorer Travel Log Arbitrary Script Execution Vulnerability [SA10781] Web Crossing "Content-Length" Header Denial of Service Vulnerability [SA10764] FirstClass Client File Extensions Restriction Bypass [SA10747] DotNetNuke Multiple Vulnerabilities [SA10793] RxGoogle Cross-Site Scripting Vulnerability [SA10762] Application Access Server Long HTTP Request Denial of Service [SA10761] BaSoMail Server Multiple Connection Denial of Service Vulnerability [SA10758] SurgeFTP Web Interface URL Decoding Denial of Service Vulnerability [SA10746] Kerio Personal Firewall Privilege Escalation Vulnerability [SA10778] Crob FTP Server Directory Listing Vulnerability UNIX/Linux: [SA10801] OpenBSD IPv6 Traffic Handling Denial of Service Vulnerability [SA10791] Fedora update for mod_python [SA10750] SGI IRIX Multiple Vulnerabilities [SA10748] SuSE update for gaim [SA10800] Red Hat update for mailman [SA10792] Mandrake update for glibc [SA10799] GNU Radius Denial of Service Vulnerability [SA10798] Red Hat update for NetPBM [SA10784] Red Hat update for kernel [SA10782] Linux Kernel R128 Direct Render Infrastructure Privilege Escalation [SA10777] GNU libtool Insecure Temporary Directory Creation Vulnerability [SA10771] Red Hat update for NetPBM [SA10756] FreeBSD mksnap_ffs Filesystem Flag Clearing Security Issue [SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability [SA10752] inlook Insecure Default Permissions [SA10774] HP TCP/IP Services for OpenVMS BIND Vulnerability [SA10790] Debian update for crawl [SA10788] Linley's Dungeon Crawl Environment Variable Handling Buffer Overflows [SA10773] Red Hat util-linux Login Program Information Leakage Other: [SA10780] Cisco 6000/6500/7600 Series Denial of Service Vulnerability Cross Platform: [SA10795] Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability [SA10794] Check Point FireWall-1 HTTP Parsing Format String Vulnerabilities [SA10783] X-Cart Multiple Vulnerabilities [SA10776] Web Blog Arbitrary Command Execution Vulnerability [SA10754] Kietu Arbitrary File Inclusion Vulnerability [SA10753] PhpGedView Arbitrary File Inclusion Vulnerabilities [SA10768] Les Commentaires Arbitrary File Inclusion Vulnerability [SA10797] PHPX Multiple Vulnerabilities [SA10786] ReviewPost PHP Pro SQL Injection Vulnerability [SA10779] Aprox PHP Portal Arbitrary Local File Inclusion Vulnerability [SA10775] ChatterBox Invalid Request Handling Denial of Service Vulnerability [SA10770] Tunez Unspecified SQL Injection Vulnerabilities [SA10769] phpMyAdmin "export.php" Directory Traversal Vulnerability [SA10766] PhotoPost PHP Pro SQL Injection Vulnerability [SA10763] Caravan Business Server Directory Traversal Vulnerability [SA10757] PHP-Nuke SQL Injection Vulnerabilities [SA10789] Apache mod_digest Cross Realm Replay Security Issue [SA10785] BugPort Sensitive Information Exposure [SA10749] Bodington Uploaded File Exposure Vulnerability [SA10751] WWW::Form Potential Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2004-02-05 Multiple vulnerabilities have been discovered in RealOne Player and RealPlayer, where the most serious potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10796/ -- [SA10765] Internet Explorer Travel Log Arbitrary Script Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-02 Microsoft has issued patches for Internet Explorer, which fix three vulnerabilities. One of these can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10765/ -- [SA10781] Web Crossing "Content-Length" Header Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-04 Peter Winter-Smith has reported a vulnerability in Web Crossing, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10781/ -- [SA10764] FirstClass Client File Extensions Restriction Bypass Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-05 Richard Maudsley has reported a vulnerability in FirstClass Client allowing malicious users to construct filenames, which can bypass certain restrictions. Full Advisory: http://www.secunia.com/advisories/10764/ -- [SA10747] DotNetNuke Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2004-01-29 Ferruh Mavituna has reported multiple vulnerabilities in DotNetNuke, allowing malicious people to see database credentials, and conduct Cross Site Scripting and SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10747/ -- [SA10793] RxGoogle Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-02-05 Shaun Colley has reported a vulnerability in RxGoogle, allowing malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10793/ -- [SA10762] Application Access Server Long HTTP Request Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2004-02-02 Dr_insane has reported a vulnerability in A-A-S Application Access Server allowing malicious, authenticated users to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10762/ -- [SA10761] BaSoMail Server Multiple Connection Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-02-02 Dr_insane has reported a vulnerability in BaSoMail Server, allowing malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10761/ -- [SA10758] SurgeFTP Web Interface URL Decoding Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-02-02 Dr_insane has discovered a vulnerability in SurgeFTP, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10758/ -- [SA10746] Kerio Personal Firewall Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-29 Tuneld.com has reported a vulnerability in Kerio Personal Firewall, allowing malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10746/ -- [SA10778] Crob FTP Server Directory Listing Vulnerability Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2004-02-04 Zero_X has reported a vulnerability in Crob FTP Server, which can be exploited by malicious users to disclose directory information. Full Advisory: http://www.secunia.com/advisories/10778/ UNIX/Linux:-- [SA10801] OpenBSD IPv6 Traffic Handling Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-05 Georgi Guninski has reported a vulnerability in OpenBSD, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10801/ -- [SA10791] Fedora update for mod_python Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-04 Red Hat has issued updated packages for mod_python. These fix a vulnerability, which can be exploited by malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10791/ -- [SA10750] SGI IRIX Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Privilege escalation, System access Released: 2004-01-30 SGI has acknowledged multiple, older vulnerabilities in IRIX. These can be exploited by malicious users to compromise a vulnerable system or escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10750/ -- [SA10748] SuSE update for gaim Critical: Moderately critical Where: From remote Impact: System access Released: 2004-01-29 SuSE has issued updated packages for gaim. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10748/ -- [SA10800] Red Hat update for mailman Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-02-05 Red Hat has issued updated packages for mailman. These fix two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10800/ -- [SA10792] Mandrake update for glibc Critical: Less critical Where: From remote Impact: DoS Released: 2004-02-05 MandrakeSoft has released an updated package for glibc. This fixes an old vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10792/ -- [SA10799] GNU Radius Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-02-05 iDEFENSE has reported a vulnerability in GNU Radius, allowing malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10799/ -- [SA10798] Red Hat update for NetPBM Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-05 Red Hat has issued updated packages for netpbm. These fix a vulnerability, allowing malicious users to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10798/ -- [SA10784] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-04 Red Hat has issued updated packages for the kernel. These fix various vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10784/ -- [SA10782] Linux Kernel R128 Direct Render Infrastructure Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-04 Alan Cox has discovered a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10782/ -- [SA10777] GNU libtool Insecure Temporary Directory Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-03 Stefan Nordhausen has reported a vulnerability in libtool, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10777/ -- [SA10771] Red Hat update for NetPBM Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-03 Red Hat has issued updated packages for netpbm. These fix a vulnerability, allowing malicious users to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10771/ -- [SA10756] FreeBSD mksnap_ffs Filesystem Flag Clearing Security Issue Critical: Less critical Where: Local system Impact: Security Bypass Released: 2004-02-02 Kimura Fuyuki and Wiktor Niesiobedzki have discovered a security issue in FreeBSD, which potentially can set insecure permissions on a file system. Full Advisory: http://www.secunia.com/advisories/10756/ -- [SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-30 Sun has reported a vulnerability in Solaris, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10755/ -- [SA10752] inlook Insecure Default Permissions Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2004-01-30 A vulnerability has been identified in inlook, which can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10752/ -- [SA10774] HP TCP/IP Services for OpenVMS BIND Vulnerability Critical: Not critical Where: From local network Impact: DoS Released: 2004-02-03 HP has acknowledged that TCP/IP for OpenVMS BIND 8 software is affected by a vulnerability, which allows malicious people to poison the DNS cache. Full Advisory: http://www.secunia.com/advisories/10774/ -- [SA10790] Debian update for crawl Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-02-04 Debian has issued updated packages for crawl. These fix multiple vulnerabilities, which can be exploited by malicious, local users to gain privileges as the "games" group. Full Advisory: http://www.secunia.com/advisories/10790/ -- [SA10788] Linley's Dungeon Crawl Environment Variable Handling Buffer Overflows Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-02-04 Steve Kemp has reported multiple vulnerabilities in Linley's Dungeon Crawl, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10788/ -- [SA10773] Red Hat util-linux Login Program Information Leakage Critical: Not critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information Released: 2004-02-03 Red Hat has issued updated packages for util-linux. These fix a vulnerability, which potentially could disclose information to users. Full Advisory: http://www.secunia.com/advisories/10773/ Other:-- [SA10780] Cisco 6000/6500/7600 Series Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-02-04 Cisco has reported a vulnerability in Cisco 6000/6500/7600 network devices, which can be exploited by malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10780/ Cross Platform:-- [SA10795] Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-05 Mark Dowd and Neel Mehta of ISS X-Force has discovered a vulnerability in Check Point VPN-1 Server and VPN clients, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10795/ -- [SA10794] Check Point FireWall-1 HTTP Parsing Format String Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-05 Mark Dowd of ISS X-Force has discovered multiple vulnerabilities in Check Point FireWall-1, which can be exploited by malicious people to compromise a vulnerable firewall. Full Advisory: http://www.secunia.com/advisories/10794/ -- [SA10783] X-Cart Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2004-02-04 Philip has reported three vulnerabilities in X-Cart, where the most serious can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10783/ -- [SA10776] Web Blog Arbitrary Command Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-03 ActualMInd has reported a vulnerability in Web Blog, allowing malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10776/ -- [SA10754] Kietu Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-01-30 Himeur Nourredine has reported a vulnerability in Kietu, allowing malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10754/ -- [SA10753] PhpGedView Arbitrary File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-01-30 Cedric Cochin has identified two vulnerabilities in PhpGedView, allowing malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10753/ -- [SA10768] Les Commentaires Arbitrary File Inclusion Vulnerability Critical: Moderately critical Where: Impact: Released: 2004-02-03 Himeur Nourredine has identified two vulnerabilities in Les Commentaires, allowing malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10768/ -- [SA10797] PHPX Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, ID Spoofing Released: 2004-02-05 Manuel López has reported multiple vulnerabilities in PHPX, allowing malicious people to conduct cross-site scripting attacks and hijack accounts. Full Advisory: http://www.secunia.com/advisories/10797/ -- [SA10786] ReviewPost PHP Pro SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Exposure of system information, Manipulation of data Released: 2004-02-04 G00db0y has reported a vulnerability in ReviewPost PHP Pro, allowing malicious people to view or manipulate data. Full Advisory: http://www.secunia.com/advisories/10786/ -- [SA10779] Aprox PHP Portal Arbitrary Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-02-04 Zero_X has reported a vulnerability in Aprox PHP Portal, allowing malicious people to view the contents of arbitrary local files. Full Advisory: http://www.secunia.com/advisories/10779/ -- [SA10775] ChatterBox Invalid Request Handling Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-03 Donato Ferrante has reported a vulnerability in ChatterBox, which can be exploited by malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10775/ -- [SA10770] Tunez Unspecified SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-02-03 Multiple vulnerabilities have been identified in Tunez, potentially allowing malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10770/ -- [SA10769] phpMyAdmin "export.php" Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-02-03 Cedric Cochin has discovered a vulnerability in phpMyAdmin, allowing malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10769/ -- [SA10766] PhotoPost PHP Pro SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-02-03 G00db0y has reported a vulnerability in PhotoPost PHP Pro, allowing malicious people to view or manipulate data. Full Advisory: http://www.secunia.com/advisories/10766/ -- [SA10763] Caravan Business Server Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-02-02 Dr_insane has reported a vulnerability in Caravan Business Server, allowing malicious people to view arbitrary files. Full Advisory: http://www.secunia.com/advisories/10763/ -- [SA10757] PHP-Nuke SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-02-02 Germain Randaxhe has reported multiple vulnerabilities in PHP-Nuke, which can be exploited by malicious people to view and manipulate sensitive data. Full Advisory: http://www.secunia.com/advisories/10757/ -- [SA10789] Apache mod_digest Cross Realm Replay Security Issue Critical: Less critical Where: From remote Impact: Security Bypass, ID Spoofing Released: 2004-02-04 Dirk-Willem van Gulik has identified a security issue in Apache mod_digest, which potentially can be exploited by malicious people to gain unauthorised access to other websites. Full Advisory: http://www.secunia.com/advisories/10789/ -- [SA10785] BugPort Sensitive Information Exposure Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-02-04 Paul Harris has identified a vulnerability in BugReport, allowing malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10785/ -- [SA10749] Bodington Uploaded File Exposure Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2004-01-30 A vulnerability has been identified in Bodington, allowing malicious people to view uploaded files. Full Advisory: http://www.secunia.com/advisories/10749/ -- [SA10751] WWW::Form Potential Cross-Site Scripting Vulnerability Critical: Not critical Where: From remote Impact: Cross Site Scripting Released: 2004-01-30 Shlomi Fish has reported a security issue in WWW::Form, potentially allowing malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10751/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://www.secunia.com/about_secunia_advisories/ Subscribe: http://www.secunia.com/secunia_weekly_summary/ Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Feb 06 2004 - 03:24:32 PST