======================================================================== The Secunia Weekly Advisory Summary 2004-02-05 - 2004-02-12 This week : 50 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://www.secunia.com/ ======================================================================== 2) This Week in Brief: The Opera Browser is affected by a variant of the file download spoofing vulnerability, which was reported in Internet Explorer some time ago. The vulnerability allows a malicious website to spoof the real file extension using CLSID's. Opera is reportedly working on a fix, which will address this vulnerability. Reference: [SA10760] Microsoft has released a security patch, which applies to almost all versions of windows. The vulnerability was discovered in the Microsoft ASN.1 Library by security research firm eEye Digital Security. Furthermore, Microsoft also released two security updates for WINS Server and Virtual PC for Mac. Reference: [SA10759], [SA10835] & [SA10836] A vulnerability has been found in XFree86, allowing malicious, local users to escalate their privileges. A patch is available from the vendor. Reference: [SA10824] Yet again, this week offered a new vulnerability in Internet explorer, which can be exploited by malicious websites to determine the existence of local files on a user's computer. Reference: [SA10820] TIP: Finding Secunia advisories is easily done through the Secunia web site. Simply enter the SA ID in the URL: http://secunia.com/SA10760 ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10736] Internet Explorer File Download Extension Spoofing 2. [SA10395] Internet Explorer URL Spoofing Vulnerability 3. [SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities 4. [SA10759] Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities 5. [SA10794] Check Point FireWall-1 HTTP Parsing Format String Vulnerabilities 6. [SA10820] Internet Explorer File Identification Variant 7. [SA10805] Oracle9i Database Multiple Buffer Overflow Vulnerabilities 8. [SA10795] Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability 9. [SA10835] Microsoft Windows WINS Server Buffer Overflow Vulnerability 10. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA10831] Caucho Resin Source Code Exposure Vulnerability [SA10835] Microsoft Windows WINS Server Buffer Overflow Vulnerability [SA10807] IBM Cloudscape Command Injection Vulnerability [SA10825] JShop Server Cross Site Scripting Vulnerability [SA10820] Internet Explorer File Identification Variant UNIX/Linux: [SA10853] Red Hat update for mutt [SA10852] Fedora update for mutt [SA10848] Gentoo update for gallery [SA10847] Red Hat update for Mutt [SA10846] Mutt Buffer Overflow Vulnerability [SA10850] Monkey HTTP Daemon Denial of Service Vulnerability [SA10838] Conectiva update for gaim [SA10837] Conectiva update for vim [SA10826] Clam AntiVirus UUencoded Message Denial of Service Vulnerability [SA10823] Fedora update for mc [SA10821] Red Hat update for Gaim [SA10810] Debian update for mpg123 [SA10808] OpenJournal Authentication Bypass Vulnerability [SA10803] Debian update for gaim [SA10849] Gentoo update for XFree86 [SA10841] Fedora update for kernel [SA10822] Red Hat update for mailman [SA10819] Gentoo update for PHP [SA10813] Debian update for mailman [SA10811] Apache-SSL Client Certificate Forging Vulnerability [SA10845] Sun Solaris Apache "mod_alias" and "mod_rewrite" Vulnerabilities [SA10842] Samba Local Privilege Escalation Issue [SA10836] Microsoft Virtual PC for Mac Insecure Temporary Files Creation [SA10833] eTrust InoculateIT for Linux Insecure Default Installation [SA10824] XFree86 "font.alias" File Parsing Privilege Escalation Vulnerability [SA10816] Linux VServer Chroot Escape Vulnerability [SA10812] Fedora update for NetPBM [SA10806] BSD "shmat()" Privilege Escalation Vulnerability [SA10851] OpenLinux update for slocate Other: [SA10834] EvolutionX FTP Server Denial of Service Vulnerabilities [SA10828] httpd / palmhttpd Multiple Connection Denial of Service Vulnerability [SA10832] Red-Alert Denial of Service Vulnerability [SA10809] VMware ESX Server Privilege Escalation Vulnerabilities [SA10827] Nokia 6310i OBEX Message Denial of Service [SA10817] ZyXEL ZyNOS Frame Padding Information Disclosure Vulnerability Cross Platform: [SA10839] ezContents Arbitrary File Inclusion and Login Bypass Vulnerabilities [SA10815] Jacks FormMail.php Arbitrary File Upload Vulnerability [SA10843] PHP-Nuke SQL Injection Vulnerabilities [SA10840] MaxWebPortal Cross-Site Scripting and SQL Injection Vulnerabilities [SA10830] PHP-Nuke Cross-Site Scripting and SQL Injection Vulnerabilities [SA10844] BosDates SQL Injection Vulnerability [SA10805] Oracle9i Database Multiple Buffer Overflow Vulnerabilities [SA10818] PHP Configuration Leakage Vulnerability [SA10814] Crossday Discuz! Board Cross Site Scripting Vulnerability [SA10804] Mambo "Itemid" Parameter Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA10831] Caucho Resin Source Code Exposure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-02-10 Wang Yun has reported a vulnerability in Resin, allowing malicious people to view source code and directory listings. Full Advisory: http://www.secunia.com/advisories/10831/ -- [SA10835] Microsoft Windows WINS Server Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2004-02-10 Qualys has discovered a vulnerability in certain versions of Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10835/ -- [SA10807] IBM Cloudscape Command Injection Vulnerability Critical: Moderately critical Where: From local network Impact: Exposure of sensitive information, DoS, System access Released: 2004-02-06 Marc Schoenefeld has reported a vulnerability in IBM Cloudscape, which can be exploited by malicious people to disclose information, cause a DoS (Denial of Service) or execute arbitrary executables present on an affected system. Full Advisory: http://www.secunia.com/advisories/10807/ -- [SA10825] JShop Server Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-02-10 David Sopas Ferreira has reported a vulnerability in JShop Server, allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10825/ -- [SA10820] Internet Explorer File Identification Variant Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2004-02-09 Jelmer has discovered a vulnerability in Internet Explorer, allowing malicious sites to detect the presence of local files. Full Advisory: http://www.secunia.com/advisories/10820/ UNIX/Linux:-- [SA10853] Red Hat update for mutt Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-02-12 Red Hat has issued updated packages for mutt. These fix a vulnerability which can be exploited to crash the mail client or potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10853/ -- [SA10852] Fedora update for mutt Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-02-12 Red Hat has issued updated packages for mutt. These fix a vulnerability which can be exploited to crash the mail client or potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10852/ -- [SA10848] Gentoo update for gallery Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-12 Gentoo has issued an update for Gallery. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10848/ -- [SA10847] Red Hat update for Mutt Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-02-11 Red Hat has issued updated packages for Mutt. These fix a vulnerability which can be exploited to crash the mail client or potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10847/ -- [SA10846] Mutt Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-02-11 Niels Heinen has reported a vulnerability in Mutt, potentially allowing malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10846/ -- [SA10850] Monkey HTTP Daemon Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-12 Luigi Auriemma has discovered a vulnerability in Monkey HTTP Daemon, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10850/ -- [SA10838] Conectiva update for gaim Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-11 Conectiva has issued updated packages for gaim. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10838/ -- [SA10837] Conectiva update for vim Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-11 Conectiva has issued updated packages for vim. These fix an old vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10837/ -- [SA10826] Clam AntiVirus UUencoded Message Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-10 Oliver Eikemeier has reported a vulnerability in Clam AntiVirus (clamav), which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10826/ -- [SA10823] Fedora update for mc Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-10 Red Hat has issued updated packages for mc. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10823/ -- [SA10821] Red Hat update for Gaim Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-10 Red Hat has issued updated packages for gaim. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10821/ -- [SA10810] Debian update for mpg123 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-09 Debian has issued updated packages for mpg123. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10810/ -- [SA10808] OpenJournal Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-02-09 Tri Huynh has discovered a vulnerability in OpenJournal, which can be exploited by malicious people to bypass the user authentication. Full Advisory: http://www.secunia.com/advisories/10808/ -- [SA10803] Debian update for gaim Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-06 Debian has issued updated packages for gaim. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10803/ -- [SA10849] Gentoo update for XFree86 Critical: Less critical Where: From remote Impact: Privilege escalation Released: 2004-02-12 Gentoo has issued an update for XFree86. This fixes a vulnerability, which potentially can be exploited by malicious users to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10849/ -- [SA10841] Fedora update for kernel Critical: Less critical Where: From remote Impact: Privilege escalation Released: 2004-02-11 Red Hat has issued updated kernel packages. These fix various vulnerabilities, allowing malicious users to escalate their privileges Full Advisory: http://www.secunia.com/advisories/10841/ -- [SA10822] Red Hat update for mailman Critical: Less critical Where: From remote Impact: DoS, Cross Site Scripting Released: 2004-02-10 Red Hat has issued updated packages for mailman. These fix three vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or crash the mailman process. Full Advisory: http://www.secunia.com/advisories/10822/ -- [SA10819] Gentoo update for PHP Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2004-02-09 Gentoo has issued an update for PHP. This fixes a vulnerability, which causes PHP configuration options to be leaked. Full Advisory: http://www.secunia.com/advisories/10819/ -- [SA10813] Debian update for mailman Critical: Less critical Where: From remote Impact: Cross Site Scripting, DoS Released: 2004-02-09 Debian has issued updated packages for mailman. These fix three vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or crash the mailman process. Full Advisory: http://www.secunia.com/advisories/10813/ -- [SA10811] Apache-SSL Client Certificate Forging Vulnerability Critical: Less critical Where: From remote Impact: ID Spoofing Released: 2004-02-09 Wietse Venema has discovered a vulnerability in Apache-SSL, which can be exploited by malicious people to forge client certificates. Full Advisory: http://www.secunia.com/advisories/10811/ -- [SA10845] Sun Solaris Apache "mod_alias" and "mod_rewrite" Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2004-02-11 Sun has acknowledged some vulnerabilities in Apache bundled with Solaris. These can be exploited by malicious, local users to cause a DoS (Denial of Service) or escalate privileges. Full Advisory: http://www.secunia.com/advisories/10845/ -- [SA10842] Samba Local Privilege Escalation Issue Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-11 Michal Medvecky has reported a security issue in samba, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10842/ -- [SA10836] Microsoft Virtual PC for Mac Insecure Temporary Files Creation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-10 George Gal has discovered a vulnerability in Microsoft Virtual PC for Mac, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10836/ -- [SA10833] eTrust InoculateIT for Linux Insecure Default Installation Critical: Less critical Where: Local system Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation Released: 2004-02-10 l0om has reported some vulnerabilities in eTrust InoculateIT for Linux, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with other users' privileges. Full Advisory: http://www.secunia.com/advisories/10833/ -- [SA10824] XFree86 "font.alias" File Parsing Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-11 iDEFENSE has discovered a vulnerability in XFree86, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10824/ -- [SA10816] Linux VServer Chroot Escape Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-09 Markus Müller has identified a vulnerability in Linux VServer, allowing malicious users to break out of the chroot jail. Full Advisory: http://www.secunia.com/advisories/10816/ -- [SA10812] Fedora update for NetPBM Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-09 Red Hat has issued updated packages for netpbm. These fix a vulnerability, allowing malicious users to escalate their privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10812/ -- [SA10806] BSD "shmat()" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation Released: 2004-02-06 Joost Pol has discovered a vulnerability in BSD, allowing malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10806/ -- [SA10851] OpenLinux update for slocate Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-02-12 SCO has issued updated packages for slocate. These fix a vulnerability, which can be exploited by malicious, local users to gain "slocate" group privileges. Full Advisory: http://www.secunia.com/advisories/10851/ Other:-- [SA10834] EvolutionX FTP Server Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-10 Some vulnerabilities have been reported in EvolutionX for Xbox, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10834/ -- [SA10828] httpd / palmhttpd Multiple Connection Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-10 Shaun Colley has reported a vulnerability in httpd and a product based on this (palmhttpd), which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10828/ -- [SA10832] Red-Alert Denial of Service Vulnerability Critical: Moderately critical Where: From local network Impact: DoS Released: 2004-02-10 Bruno Morisson has reported a vulnerability in Red-Alert, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10832/ -- [SA10809] VMware ESX Server Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-06 VMware has issued updated packages for the kernel. These fix two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10809/ -- [SA10827] Nokia 6310i OBEX Message Denial of Service Critical: Not critical Where: From remote Impact: DoS Released: 2004-02-10 Tim Hurman has reported a vulnerability in Nokia 6310i, allowing malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10827/ -- [SA10817] ZyXEL ZyNOS Frame Padding Information Disclosure Vulnerability Critical: Not critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2004-02-09 DiSToAGe has reported that ZyXEL ZyNOS is affected by a known information disclosure vulnerability, which can be exploited by malicious people to obtain potentially sensitive information. Full Advisory: http://www.secunia.com/advisories/10817/ Cross Platform:-- [SA10839] ezContents Arbitrary File Inclusion and Login Bypass Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2004-02-11 Some vulnerabilities have been reported in ezContents, which can be exploited by malicious people to compromise a vulnerable system or bypass the login. Full Advisory: http://www.secunia.com/advisories/10839/ -- [SA10815] Jacks FormMail.php Arbitrary File Upload Vulnerability Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2004-02-09 Himeur Nourredine has reported a vulnerability, potentially allowing malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10815/ -- [SA10843] PHP-Nuke SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-02-11 pokleyzz has reported two vulnerabilities in PHP-Nuke, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10843/ -- [SA10840] MaxWebPortal Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-02-11 Manuel López has reported some vulnerabilities in MaxWebPortal, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10840/ -- [SA10830] PHP-Nuke Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-02-10 Janek Vind has reported three vulnerabilities in PHP-Nuke, allowing malicious people to conduct Cross Site Scripting and SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10830/ -- [SA10844] BosDates SQL Injection Vulnerability Critical: Moderately critical Where: From local network Impact: Security Bypass Released: 2004-02-11 G00db0y has reported a vulnerability in BosDates, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10844/ -- [SA10805] Oracle9i Database Multiple Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From local network Impact: Privilege escalation, System access Released: 2004-02-06 Cesar Cerrudo and Mark Litchfield have discovered multiple vulnerabilities in Oracle9i Database, which can be exploited by malicious database users to compromise the system and gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10805/ -- [SA10818] PHP Configuration Leakage Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2004-02-09 A vulnerability has been identified in PHP, potentially allowing malicious people to view sensitive data or bypass an administrative restriction. Full Advisory: http://www.secunia.com/advisories/10818/ -- [SA10814] Crossday Discuz! Board Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-02-09 Cheng Peng Su has reported a vulnerability in Crossday Discuz! Board, allowing malicious users to conduct Cross Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10814/ -- [SA10804] Mambo "Itemid" Parameter Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-02-06 David Sopas Ferreira has reported a vulnerability Mambo, allowing malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10804/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://www.secunia.com/about_secunia_advisories/ Subscribe: http://www.secunia.com/secunia_weekly_summary/ Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Feb 12 2004 - 08:47:00 PST