======================================================================== The Secunia Weekly Advisory Summary 2004-02-26 - 2004-03-04 This week : 52 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: Another vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to bypass certain frame scripting restrictions. Microsoft has not acknowledged this as a vulnerability and no solution is therefore available. However, a knowledge base article has been published; see referenced Secunia advisory. Reference: [SA10996] A vulnerability has been reported in the UUDeview package, which can be exploited by malicious people through a specially crafted MIME archive, to execute arbitrary code on a vulnerable user's system. WinZIP includes the UUDeview package and is therefore also vulnerable. Reference: [SA10995] & [SA11019] TIP: Finding Secunia advisories is easily done through the Secunia web site. Simply enter the SA ID in the URL: http://secunia.com/SA11019 ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10395] Internet Explorer URL Spoofing Vulnerability 2. [SA10995] WinZip MIME Archive Parsing Buffer Overflow Vulnerability 3. [SA11012] Apple Filing Protocol Insecure Implementation 4. [SA10968] Microsoft Windows Enhanced/Windows Metafile Handling Vulnerability 5. [SA10994] Dell OpenManage Server Administrator Heap Overflow Vulnerability 6. [SA10996] Internet Explorer Cross Frame Scripting Restriction Bypass 7. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow Vulnerability 8. [SA10988] ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability 9. [SA10736] Internet Explorer File Download Extension Spoofing 10. [SA10980] Mozilla Cross-Site Scripting Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA11029] 1st Class Mail Server "APOP" Digest Parameter Buffer Overflow Vulnerability [SA11003] IA WebMail Server Multiple Vulnerabilities [SA11001] WFTPD Server/Pro Server Multiple Vulnerabilities [SA10998] Red Faction Server Reply Buffer Overflow Vulnerability [SA11027] SkyHigh Chat Server Multiple Connection Denial of Service [SA11002] ArGoSoft FTP Server Multiple Vulnerabilities [SA10995] WinZip MIME Archive Parsing Buffer Overflow Vulnerability [SA10989] Serv-U FTP Server MDTM Command Buffer Overflow Vulnerability [SA10996] Internet Explorer Cross Frame Scripting Restriction Bypass [SA10990] Symantec Gateway Security Cross Site Scripting Vulnerability [SA11014] Novell Client Firewall Privilege Escalation Vulnerability [SA11015] Magic Winmail Server Path Disclosure [SA11007] 602Pro LANSuite Exposure of Installation Path [SA11016] XBoard "-icshost" Command Line Option Buffer Overflow Vulnerability UNIX/Linux: [SA11031] OpenLinux update for rsync [SA11036] Mandrake update for pwlib [SA11035] Mandrake update for libxml2 [SA11033] OpenLinux update for gnupg [SA11032] OpenLinux update for tcpdump [SA11023] FreeBSD Out-of-Sequence TCP Packet Denial of Service Vulnerability [SA11022] Fedora update for tcpdump [SA11020] Fedora update for pwlib [SA11012] Apple Filing Protocol Insecure Implementation [SA11005] Debian update for libapache-mod-python [SA10999] Anubis Unspecified Vulnerabilities [SA10993] eXtremail User Authentication Bypass Vulnerability [SA10986] Red Hat update for libxml2 [SA11021] OpenLinux update for fileutils [SA11017] ignitionServer Operator Privilege Escalation Vulnerability [SA11030] OpenLinux update for screen [SA11004] Calife Password Heap Overflow Privilege Escalation Vulnerability [SA10997] FreeBSD "jail_attach()" Jail Shifting Vulnerability [SA10992] Sun Solaris "passwd" Privilege Escalation Vulnerability [SA10991] Sun Solaris "conv_fix" Privilege Escalation Vulnerability [SA10987] Smoothwall update for kernel [SA11011] Debian update for xboing [SA11010] xboing Potential Privilege Escalation Vulnerabilities Other: [SA11025] NetScreen-SA Cross Site Scripting Vulnerability [SA11024] Motorola T720 Denial of Service Vulnerability [SA11034] Nortel WLAN Access Point 2200 Denial of Service [SA11026] SonicWALL Internal IP Address Enumeration Weakness [SA11013] Symantec Firewall / VPN 100/200/200R Exposure of Password Cross Platform: [SA10994] Dell OpenManage Server Administrator Heap Overflow Vulnerability [SA11019] UUDeview Parameter Parsing Buffer Overflow Vulnerability [SA11008] Invision Power Board "st" Parameter SQL Injection Vulnerability [SA11000] Intel NetStructure Products H.323 Protocol Implementation Vulnerabilities [SA10988] ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability [SA11028] SandSurfer Cross-Site Scripting Vulnerabilities [SA11018] Hot Open Tickets User Privilege Escalation Vulnerability [SA11009] iG FREE Shopping Cart "type_id" Parameter Input Validation Error [SA11006] phpBB "postorder" Parameter Cross Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA11029] 1st Class Mail Server "APOP" Digest Parameter Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-03-03 JeFFOsZ has discovered a vulnerability in 1st Class Mail Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11029/ -- [SA11003] IA WebMail Server Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, ID Spoofing, DoS, System access Released: 2004-03-01 Dr_insane has reported multiple vulnerabilities in IA WebMail Server, which potentially can be exploited by malicious people to compromise a vulnerable system, cause a DoS (Denial of Service), conduct cross-site scripting attacks, or spoof a sender's identity. Full Advisory: http://secunia.com/advisories/11003/ -- [SA11001] WFTPD Server/Pro Server Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-03-01 axl has discovered multiple vulnerabilities in WFTPD Server and WFTPD Pro Server, which can be exploited by malicious users to compromise a vulnerable system and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11001/ -- [SA10998] Red Faction Server Reply Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-03-01 Luigi Auriemma has reported a vulnerability in Red Faction, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/10998/ -- [SA11027] SkyHigh Chat Server Multiple Connection Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-03 Donato Ferrante has reported a vulnerability in SkyHigh Chat Server, allowing malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11027/ -- [SA11002] ArGoSoft FTP Server Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access, DoS, Exposure of system information Released: 2004-03-01 STORM has discovered multiple vulnerabilities in ArGoSoft FTP Server, which can be exploited by malicious users to determine the existence of files, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11002/ -- [SA10995] WinZip MIME Archive Parsing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-27 iDEFENSE has reported a vulnerability in WinZip, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/10995/ -- [SA10989] Serv-U FTP Server MDTM Command Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-27 bkbll has reported a vulnerability in Serv-U FTP Server, which can be exploited by malicious users to gain system access. Full Advisory: http://secunia.com/advisories/10989/ -- [SA10996] Internet Explorer Cross Frame Scripting Restriction Bypass Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2004-02-27 iDEFENSE has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to bypass certain frame scripting restrictions. Full Advisory: http://secunia.com/advisories/10996/ -- [SA10990] Symantec Gateway Security Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-02-27 Brian Soby has discovered a vulnerability in Symantec Gateway Security, allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/10990/ -- [SA11014] Novell Client Firewall Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-02 Novell has reported that Novell Client Firewall (NCF) is affected by a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11014/ -- [SA11015] Magic Winmail Server Path Disclosure Critical: Not critical Where: From remote Impact: Exposure of sensitive information Released: 2004-03-02 Dr_insane has reported a security issue in Magic Winmail Server, allowing malicious people to see the installation path. Full Advisory: http://secunia.com/advisories/11015/ -- [SA11007] 602Pro LANSuite Exposure of Installation Path Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2004-03-01 Rafel Ivgi has reported some issues in 602Pro LANSuite, where one of these allows malicious people to gain knowledge of the installation path. Full Advisory: http://secunia.com/advisories/11007/ -- [SA11016] XBoard "-icshost" Command Line Option Buffer Overflow Vulnerability Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-03-02 narkotix has reported a vulnerability in XBoard, which potentially may allow malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11016/ UNIX/Linux:-- [SA11031] OpenLinux update for rsync Critical: Extremely critical Where: From remote Impact: System access Released: 2004-03-03 SCO has issued updated packages for rsync. These fix an old vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11031/ -- [SA11036] Mandrake update for pwlib Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-04 Mandrake has issued updated packages for pwlib. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11036/ -- [SA11035] Mandrake update for libxml2 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-03-04 Mandrake has issued updated packages for libxml2. These fix some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11035/ -- [SA11033] OpenLinux update for gnupg Critical: Moderately critical Where: From remote Impact: ID Spoofing, Exposure of sensitive information Released: 2004-03-03 SCO has issued updated packages for gnupg. These fix a vulnerability, which exposes the private key when using El-Gamal type 20 keys. Full Advisory: http://secunia.com/advisories/11033/ -- [SA11032] OpenLinux update for tcpdump Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-03-03 SCO has issued updated packages for tcpdump. These fix three vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a system running tcpdump. Full Advisory: http://secunia.com/advisories/11032/ -- [SA11023] FreeBSD Out-of-Sequence TCP Packet Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-03 Alexander Cuttergo has discovered a vulnerability in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11023/ -- [SA11022] Fedora update for tcpdump Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-03-03 Red Hat has issued updated packages for tcpdump. These fix three vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a system running tcpdump. Full Advisory: http://secunia.com/advisories/11022/ -- [SA11020] Fedora update for pwlib Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-02 Red Hat has issued updated packages for pwlib. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11020/ -- [SA11012] Apple Filing Protocol Insecure Implementation Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-03-01 Chris Adams has reported a vulnerability in Mac OS X, which may allow malicious people to gain knowledge of sensitive data like user credentials. Full Advisory: http://secunia.com/advisories/11012/ -- [SA11005] Debian update for libapache-mod-python Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-01 Debian has issued updated packages for libapache-mod-python. These fix a vulnerability, which can be exploited by malicious people to cause a Denial of Service. Full Advisory: http://secunia.com/advisories/11005/ -- [SA10999] Anubis Unspecified Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2004-03-01 Two vulnerabilities have been reported in Anubis, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10999/ -- [SA10993] eXtremail User Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-03-03 Andrey Smirnov has reported a vulnerability in eXtremail, allowing malicious people to bypass user authentication. Full Advisory: http://secunia.com/advisories/10993/ -- [SA10986] Red Hat update for libxml2 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-27 Red Hat has issued updated packages for libxml2. These fix some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10986/ -- [SA11021] OpenLinux update for fileutils Critical: Less critical Where: From remote Impact: DoS Released: 2004-03-03 SCO has issued updated packages for fileutils. These fix two vulnerabilities in the "ls" program, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11021/ -- [SA11017] ignitionServer Operator Privilege Escalation Vulnerability Critical: Less critical Where: From remote Impact: Privilege escalation Released: 2004-03-02 A vulnerability has been reported in ignitionServer, which can be exploited by certain malicious users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11017/ -- [SA11030] OpenLinux update for screen Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-03 SCO has issued updated packages for screen. These fix a vulnerability, which potentially may allow malicious, local users to escalate their privileges. Full Advisory: http://secunia.com/advisories/11030/ -- [SA11004] Calife Password Heap Overflow Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-01 Leon Juranic has discovered a vulnerability in Calife, which potentially can be exploited by malicious, local users to gain escalated privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/11004/ -- [SA10997] FreeBSD "jail_attach()" Jail Shifting Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation, Security Bypass Released: 2004-03-01 JAS Group has discovered a vulnerability in FreeBSD, which may allow malicious processes to bypass certain restrictions. Full Advisory: http://secunia.com/advisories/10997/ -- [SA10992] Sun Solaris "passwd" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-27 Tim Wort has discovered a vulnerability in Solaris, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/10992/ -- [SA10991] Sun Solaris "conv_fix" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-27 A vulnerability has been reported in Solaris, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/10991/ -- [SA10987] Smoothwall update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-27 The SmoothWall Open Source Project has issued an updated package for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/10987/ -- [SA11011] Debian update for xboing Critical: Not critical Where: From remote Impact: Privilege escalation Released: 2004-03-01 Debian has issued updated packages for xboing. These fix some vulnerabilities, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://secunia.com/advisories/11011/ -- [SA11010] xboing Potential Privilege Escalation Vulnerabilities Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-03-01 Steve Kemp has discovered some vulnerabilities in xboing, potentially allowing malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11010/ Other:-- [SA11025] NetScreen-SA Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-03 Mark Lachniet has reported a vulnerability in NetScreen-SA 5000 Series, allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/11025/ -- [SA11024] Motorola T720 Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-03-03 Shaun Colley has reported a vulnerability in Motorola T720, allowing malicious people to cause a Denial of Service. Full Advisory: http://secunia.com/advisories/11024/ -- [SA11034] Nortel WLAN Access Point 2200 Denial of Service Critical: Not critical Where: From local network Impact: DoS Released: 2004-03-03 Mark Ludwik has reported a vulnerability in Nortel WLAN Access Point 2200, allowing malicious people to cause a Denial of Service. Full Advisory: http://secunia.com/advisories/11034/ -- [SA11026] SonicWALL Internal IP Address Enumeration Weakness Critical: Not critical Where: From local network Impact: Exposure of system information Released: 2004-03-03 xeno has reported a weakness in SonicWALL, allowing malicious people to enumerate internal IP addresses. Full Advisory: http://secunia.com/advisories/11026/ -- [SA11013] Symantec Firewall / VPN 100/200/200R Exposure of Password Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2004-03-02 Davide Del Vecchio has discovered a security issue in Symantec Firewall / VPN 100/200/200R, possibly allowing malicious users to see passwords. Full Advisory: http://secunia.com/advisories/11013/ Cross Platform:-- [SA10994] Dell OpenManage Server Administrator Heap Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-02-27 wirepair has reported a vulnerability in the Dell OpenManage Server Administrator, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10994/ -- [SA11019] UUDeview Parameter Parsing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-03-02 The developer of UUDeview has acknowledged a vulnerability reported by iDEFENSE, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/11019/ -- [SA11008] Invision Power Board "st" Parameter SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-03-01 Knight Commander has reported a vulnerability in Invision Power Board, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/11008/ -- [SA11000] Intel NetStructure Products H.323 Protocol Implementation Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-02 Intel has acknowledged that various NetStructure products are affected by the recently reported vulnerabilities in various vendors' H.323 protocol implementations. Full Advisory: http://secunia.com/advisories/11000/ -- [SA10988] ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2004-02-27 eEye Digital Security has discovered a vulnerability in multiple ISS products, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10988/ -- [SA11028] SandSurfer Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-03 Some vulnerabilities have been identified in SandSurfer, allowing malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11028/ -- [SA11018] Hot Open Tickets User Privilege Escalation Vulnerability Critical: Less critical Where: From remote Impact: Privilege escalation Released: 2004-03-02 A vulnerability has been reported in Hot Open Tickets, allowing malicious users to escalate their privileges. Full Advisory: http://secunia.com/advisories/11018/ -- [SA11009] iG FREE Shopping Cart "type_id" Parameter Input Validation Error Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-01 David Sopas Ferreira has discovered a vulnerability in iG FREE Shopping Cart, allowing malicious people to conduct Cross Site Scripting and SQL Injection attacks. Full Advisory: http://secunia.com/advisories/11009/ -- [SA11006] phpBB "postorder" Parameter Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-01 Cheng Peng Su has reported a vulnerability in phpBB, allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/11006/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Mar 04 2004 - 05:23:57 PST