========================================================================
The Secunia Weekly Advisory Summary
2004-02-19 - 2004-02-26
This week : 57 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Two weaknesses have been discovered in both ICQ and AOL Instant
Messenger, which can be used to place files with arbitrary content on a
users system in predictable locations.
Both weaknesses have been used in combination with vulnerabilities in
Internet Explorer to gain system access on users' systems.
Currently, no patches are available for any of the products.
Reference: [SA10970] & [SA10930]
Apple has released a security update for Mac OS X, which fixes multiple
vulnerabilities. Some of these vulnerabilities are new, while others
are already known.
See referenced Secunia advisory for links to the security update.
Reference: [SA10959]
TIP:
Finding Secunia advisories is easily done through the Secunia web site.
Simply enter the SA ID in the URL:
http://secunia.com/SA10970
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10395] Internet Explorer URL Spoofing Vulnerability
2. [SA10921] ZoneAlarm SMTP Processing Buffer Overflow Vulnerability
3. [SA10959] Mac OS X Security Update Fixes Multiple Vulnerabilities
4. [SA10912] Linux kernel ncpfs Privilege Escalation Vulnerability
5. [SA10736] Internet Explorer File Download Extension Spoofing
6. [SA10759] Microsoft Windows ASN.1 Library Integer Overflow
Vulnerabilities
7. [SA10897] Linux Kernel "mremap()" Missing Return Value Checking
Privilege Escalation
8. [SA10760] Opera Browser File Download Extension Spoofing
9. [SA10930] AOL Instant Messenger Predictable File Location Weakness
10. [SA10968] Microsoft Windows Enhanced/Windows Metafile Handling
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10921] ZoneAlarm SMTP Processing Buffer Overflow Vulnerability
[SA10973] Trillian Protocol Handling Buffer Overflow Vulnerabilities
[SA10968] Microsoft Windows Enhanced/Windows Metafile Handling
Vulnerability
[SA10960] Avirt Voice/Soho Long Input Buffer Overflow Vulnerabilities
[SA10948] PSOProxy Long Input Buffer Overflow Vulnerability
[SA10947] Proxy-Pro Professional GateKeeper Buffer Overflow
Vulnerability
[SA10927] Cesar FTP "RETR" Command Handling Denial of Service
Vulnerability
[SA10972] TYPSoft FTP Server Denial of Service
[SA10929] Small ftpd Denial of Service Vulnerability
[SA10949] Dell TrueMobile WLAN Card Utility Privilege Escalation
Vulnerability
[SA10970] ICQ Predictable File Location Weakness
[SA10930] AOL Instant Messenger Predictable File Location Weakness
UNIX/Linux:
[SA10966] Confirm Arbitrary Command Execution Vulnerability
[SA10961] Debian update for metamail
[SA10982] Red Hat update for libxml2
[SA10977] Fedora update for libxml2
[SA10974] jabber-gg-transport Multiple Denial of Service
Vulnerabilities
[SA10959] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA10951] Debian update for hsftp
[SA10950] Hsftp Filename Format String Vulnerability
[SA10946] Debian update for pwlib
[SA10940] OpenLinux update for mpg123
[SA10928] NetBSD IPv6 Traffic Handling Denial of Service Vulnerability
[SA10926] NetBSD update for OpenSSL
[SA10942] OpenLinux update for fetchmail
[SA10925] OpenLinux update for Perl
[SA10924] NetBSD update for racoon
[SA10944] Conectiva update for XFree86
[SA10939] OpenLinux update for saned
[SA10979] Mandrake update for mtools
[SA10971] Mandrake update for kernel
[SA10964] Trustix update for kernel
[SA10952] Debian update for synaesthesia
[SA10945] Synaesthesia Privilege Escalation Vulnerability
[SA10943] Conectiva update for kernel
[SA10932] Red Hat update for kernel
[SA10931] Debian update for XFree86
[SA10922] AIX X Server Privilege Escalation Vulnerability
[SA10941] OpenLinux update for BIND
[SA10957] SuSE update for XFree86
[SA10954] Debian update for lbreakout2
[SA10953] LBreakout 2 Privilege Escalation Vulnerability
Other:
[SA10962] Apache Directory Traversal Vulnerability
[SA10934] TANDBERG Products H.323 Protocol Implementation
Vulnerabilities
[SA10933] Cisco ONS 15000 Multiple Vulnerabilities
[SA10976] nCipher HSM Exposure of Secrets
[SA10923] Linksys WAP55AG Exposure of SNMP Community Strings
Cross Platform:
[SA10967] Opt-X Arbitrary File Inclusion Vulnerability
[SA10963] XMB Cross Site Scripting and SQL Injection Vulnerabilities
[SA10958] Libxml2 URI Parsing Buffer Overflow Vulnerabilities
[SA10956] Quicktime/Darwin Streaming Server DESCRIBE Request Denial of
Service
[SA10955] phpNewsManager "functions.php" Directory Traversal
Vulnerability
[SA10936] Oracle9i Database and Application Server SOAP DTD Denial of
Service
[SA10969] Platform LSF "eauth" Component Vulnerabilities
[SA10938] Oracle9i Lite Unspecified Vulnerability
[SA10935] LiveJournal Cross Site Scripting Vulnerability
[SA10937] Oracle9i Database User Session Hijacking Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA10921] ZoneAlarm SMTP Processing Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2004-02-19
eEye has discovered a vulnerability in ZoneAlarm and Integrity client,
allowing users to escalate their privileges and potentially also
allowing malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10921/
--
[SA10973] Trillian Protocol Handling Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-25
Stefan Esser has discovered two vulnerabilities in Trillian, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10973/
--
[SA10968] Microsoft Windows Enhanced/Windows Metafile Handling
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2004-02-25
A vulnerability has been reported in Windows XP, which potentially can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10968/
--
[SA10960] Avirt Voice/Soho Long Input Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-24
Donato Ferrante has reported some vulnerabilities in Avirt Voice and
Avirt Soho, which potentially can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10960/
--
[SA10948] PSOProxy Long Input Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-23
Donato Ferrante has discovered a vulnerability in PSOProxy, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10948/
--
[SA10947] Proxy-Pro Professional GateKeeper Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-23
Iván Rodriguez Almuiña has discovered a vulnerability in Proxy-Pro
Professional GateKeeper, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10947/
--
[SA10927] Cesar FTP "RETR" Command Handling Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-19
intuit has discovered a vulnerability in Cesar FTP, allowing malicious
users to cause a Denial of Service.
Full Advisory:
http://secunia.com/advisories/10927/
--
[SA10972] TYPSoft FTP Server Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-02-25
intuit has identified a vulnerability in TYPSoft FTP Server, allowing
malicious people to cause a Denial of Service.
Full Advisory:
http://secunia.com/advisories/10972/
--
[SA10929] Small ftpd Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-02-19
intuit has identified a vulnerability in Small ftpd, allowing malicious
users to cause a partial Denial of Service.
Full Advisory:
http://secunia.com/advisories/10929/
--
[SA10949] Dell TrueMobile WLAN Card Utility Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-23
Ian Vitek has reported a vulnerability in Dell TrueMobile WLAN Card
Utility, allowing malicious, local users to escalate their privileges.
Full Advisory:
http://secunia.com/advisories/10949/
--
[SA10970] ICQ Predictable File Location Weakness
Critical: Not critical
Where: From remote
Impact:
Released: 2004-02-25
A weakness has been identified in ICQ, which potentially can be
exploited in combination with known browser vulnerabilities and
functionality to compromise users' systems.
Full Advisory:
http://secunia.com/advisories/10970/
--
[SA10930] AOL Instant Messenger Predictable File Location Weakness
Critical: Not critical
Where: From remote
Impact:
Released: 2004-02-20
Michael Evanchik has reported a weakness in AOL Instant Messenger,
which potentially can be exploited in combination with known browser
vulnerabilities and functionality to compromise users' systems.
Full Advisory:
http://secunia.com/advisories/10930/
UNIX/Linux:--
[SA10966] Confirm Arbitrary Command Execution Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-24
Mariusz Woloszyn has discovered a vulnerability in Confirm, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10966/
--
[SA10961] Debian update for metamail
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-24
Debian has issued updated packages for metamail. These fix some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10961/
--
[SA10982] Red Hat update for libxml2
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-26
Red Hat has issued updated packages for libxml2. These fix some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10982/
--
[SA10977] Fedora update for libxml2
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-26
Red Hat has issued updated packages for libxml2. These fix some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10977/
--
[SA10974] jabber-gg-transport Multiple Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-25
Some vulnerabilities have been reported in jabber-gg-transport, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/10974/
--
[SA10959] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS, System access
Released: 2004-02-24
Multiple vulnerabilities have been discovered in Apple Mac OS X, where
some of the specified issues can be exploited to gain knowledge of
sensitive information, cause a DoS (Denial of Service), and potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10959/
--
[SA10951] Debian update for hsftp
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-23
Debian has issued updated packages for hsftp. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10951/
--
[SA10950] Hsftp Filename Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-23
Ulf Harnhammar has discovered a vulnerability in Hsftp, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/10950/
--
[SA10946] Debian update for pwlib
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-23
Debian has issued updated packages for pwlib. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10946/
--
[SA10940] OpenLinux update for mpg123
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-20
SCO has issued updated packages for mpg123. These fix some older
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10940/
--
[SA10928] NetBSD IPv6 Traffic Handling Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-19
NetBSD has fixed a vulnerability in the IPv6 traffic handling, which
can be exploited by malicious people to cause a DoS (Denial of Service)
on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10928/
--
[SA10926] NetBSD update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-19
NetBSD has fixed a vulnerability in OpenSSL, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10926/
--
[SA10942] OpenLinux update for fetchmail
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-02-20
SCO has issued updated packages for fetchmail. These fix a
vulnerability, which can be exploited by malicious people to cause a
Denial of Service.
Full Advisory:
http://secunia.com/advisories/10942/
--
[SA10925] OpenLinux update for Perl
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-02-23
SCO has issued updated packages for Perl. These fix an old
vulnerability in the Safe.pm module, which provides safe compartments
to evaluate Perl code in.
Full Advisory:
http://secunia.com/advisories/10925/
--
[SA10924] NetBSD update for racoon
Critical: Less critical
Where: From remote
Impact: Manipulation of data, DoS
Released: 2004-02-19
NetBSD has fixed a vulnerability in racoon IKE daemon, which can be
exploited by malicious people to cause a DoS (Denial of Service) on
users' connections.
Full Advisory:
http://secunia.com/advisories/10924/
--
[SA10944] Conectiva update for XFree86
Critical: Less critical
Where: From local network
Impact: System access, Privilege escalation
Released: 2004-02-23
Conectiva has issued updated packages for XFree86. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to escalate their privileges on a vulnerable system or compromise it.
Full Advisory:
http://secunia.com/advisories/10944/
--
[SA10939] OpenLinux update for saned
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-02-20
SCO has issued updated packages for sane. These fix several
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10939/
--
[SA10979] Mandrake update for mtools
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-26
MandrakeSoft has issued updated packages for mtools. These fix a
vulnerability, which can be exploited by malicious, local users to
escalate their privileges.
Full Advisory:
http://secunia.com/advisories/10979/
--
[SA10971] Mandrake update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation, DoS
Released: 2004-02-25
MandrakeSoft has issued updated packages for the kernel. These fix
various vulnerabilities, which can be exploited by malicious, local
users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/10971/
--
[SA10964] Trustix update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-25
Trustix has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/10964/
--
[SA10952] Debian update for synaesthesia
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-23
Debian has issued updated packages for synaesthesia. These fix a
vulnerability allowing malicious, local users to escalate their
privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10952/
--
[SA10945] Synaesthesia Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-23
Ulf Harnhammar has identified a vulnerability in Synaesthesia, allowing
malicious users to escalate their privileges.
Full Advisory:
http://secunia.com/advisories/10945/
--
[SA10943] Conectiva update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation, DoS
Released: 2004-02-23
Conectiva has issued updated packages for the kernel. These fix various
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/10943/
--
[SA10932] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-20
Red Hat has issued an updated package for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/10932/
--
[SA10931] Debian update for XFree86
Critical: Less critical
Where: Local system
Impact: DoS, Privilege escalation
Released: 2004-02-20
Debian has issued updated packages for XFree86. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10931/
--
[SA10922] AIX X Server Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-19
IBM has acknowledged a vulnerability in AIX, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/10922/
--
[SA10941] OpenLinux update for BIND
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2004-02-20
SCO has issued updated packages for bind. These fix a vulnerability,
which can be exploited by malicious people to poison the DNS cache with
negative entries.
Full Advisory:
http://secunia.com/advisories/10941/
--
[SA10957] SuSE update for XFree86
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2004-02-24
SuSE has issued patches, which fix some vulnerabilities in XFree86.
These can be exploited by malicious, local users to crash the X server
on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10957/
--
[SA10954] Debian update for lbreakout2
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-23
Debian has issued updated packages for lbreakout2. These fix a
vulnerability allowing malicious, local users to escalate their
privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10954/
--
[SA10953] LBreakout 2 Privilege Escalation Vulnerability
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-23
Ulf Harnhammar has identified a vulnerability in LBreakout 2, allowing
malicious, local users to escalate their privileges on a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/10953/
Other:--
[SA10962] Apache Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-02-24
Jeremy Bae has reported a vulnerability in Apache running on cygwin,
allowing malicious people to view arbitrary files on a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/10962/
--
[SA10934] TANDBERG Products H.323 Protocol Implementation
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-20
TANDBERG has acknowledged that some products are affected by the
recently reported vulnerabilities in various vendors' H.323 protocol
implementations.
Full Advisory:
http://secunia.com/advisories/10934/
--
[SA10933] Cisco ONS 15000 Multiple Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Security Bypass, Exposure of system information, DoS
Released: 2004-02-20
Multiple vulnerabilities have been reported in various products running
Cisco ONS, which can be exploited by malicious people to gain knowledge
of system information, cause a DoS (Denial of Service), or gain
unauthorised access.
Full Advisory:
http://secunia.com/advisories/10933/
--
[SA10976] nCipher HSM Exposure of Secrets
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-02-25
nCipher has reported a vulnerability in various HSM products, allowing
malicious users to gain access to secrets stored in run-time memory.
Full Advisory:
http://secunia.com/advisories/10976/
--
[SA10923] Linksys WAP55AG Exposure of SNMP Community Strings
Critical: Not critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2004-02-19
NN Poster has reported a weakness in Linksys WAP55AG, allowing
malicious users to see SNMP community strings.
Full Advisory:
http://secunia.com/advisories/10923/
Cross Platform:--
[SA10967] Opt-X Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-24
G00db0y has reported a vulnerability in Opt-X, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10967/
--
[SA10963] XMB Cross Site Scripting and SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2004-02-24
Janek Vind has reported multiple vulnerabilities in XMB, allowing
malicious people to conduct Cross Site Scripting and SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/10963/
--
[SA10958] Libxml2 URI Parsing Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-24
Yuuichi Teranishi has discovered some vulnerabilities in libxml2, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/10958/
--
[SA10956] Quicktime/Darwin Streaming Server DESCRIBE Request Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-24
iDEFENSE has reported a vulnerability in QuickTime/Darwin Streaming
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/10956/
--
[SA10955] phpNewsManager "functions.php" Directory Traversal
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-02-23
G00db0y has reported a vulnerability in phpNewsManager, which can be
exploited by malicious people to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/10955/
--
[SA10936] Oracle9i Database and Application Server SOAP DTD Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-20
Amit Klein has identified a vulnerability in Oracle9i Database and
Application Server, allowing malicious people to cause a Denial of
Service.
Full Advisory:
http://secunia.com/advisories/10936/
--
[SA10969] Platform LSF "eauth" Component Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, ID Spoofing, Privilege escalation, System
access
Released: 2004-02-24
Tomasz Grabowski has reported some vulnerabilities in Platform LSF,
which can be exploited by malicious people to impersonate other users,
gain escalated privileges, and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/10969/
--
[SA10938] Oracle9i Lite Unspecified Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Security Bypass
Released: 2004-02-23
Oracle has issued updates for Oracle9i Lite. These fix an unspecified
vulnerability, allowing authenticated users to gain access to a
connected Oracle database server.
Full Advisory:
http://secunia.com/advisories/10938/
--
[SA10935] LiveJournal Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-02-23
Joshua Miller has reported a vulnerability in LiveJournal allowing
malicious people to conduct Cross Site Scripting attacks.
Full Advisory:
http://secunia.com/advisories/10935/
--
[SA10937] Oracle9i Database User Session Hijacking Vulnerability
Critical: Less critical
Where: From local network
Impact: Hijacking, DoS
Released: 2004-02-23
Oracle has issued updates for Oracle 9i Database, these fix a
vulnerability allowing malicious users to hijack other sessions or
cause a Denial of Service.
Full Advisory:
http://secunia.com/advisories/10937/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Feb 27 2004 - 04:33:44 PST