======================================================================== The Secunia Weekly Advisory Summary 2004-03-11 - 2004-03-18 This week : 53 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: New OpenSSL packages have been released to address 3 different vulnerabilities, which can be exploited to cause a Denial of Service on vulnerable systems. Many vendors have already updated their products. However, many other vendors will propably also issue updates for their products within a short time. Please refer to http://secunia.com for further information regarding updates for your products. The initial Secunia advisory regarding the vulnerabilities in OpenSSL is referenced below. Reference: http://secunia.com/SA11139 A vulnerability was reported in the popular FTP client WS_FTP Pro, which could be exploited by a malicious FTP server to compromise a connected client. Currently, no solution is available from the vendor. Reference: http://secunia.com/SA11136 Security Research Luigi Auriemma has reported a vulnerability in the Unreal Engine from Epic Games. The Unreal Engine is used in many multi player games from different vendors, many games may be affected by this vulnerability. Please refer to referenced Secunia Advisory for more information about possible affected games. Reference: http://secunia.com/SA11108 ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10395] Internet Explorer URL Spoofing Vulnerability 2. [SA11111] cPanel Password Reset Command Injection Vulnerability 3. [SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities 4. [SA11046] Norton AntiVirus 2002 Virus Detection Bypass Issue 5. [SA10736] Internet Explorer File Download Extension Spoofing 6. [SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability 7. [SA11119] Novell Groupwise WebAccess Insecure Default Configuration 8. [SA11124] cPanel Login Command Injection Vulnerability 9. [SA11092] Apache mod_ssl HTTP Request Denial of Service Vulnerability 10. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA11159] GlobalSCAPE Secure FTP Server "SITE" Command Vulnerability [SA11136] WS_FTP Pro Directory Listing Buffer Overflow Vulnerability [SA11132] Macromedia ColdFusion MX / JRun SOAP Request Denial of Service [SA11120] AntiGen for Domino Encrypted Zip File Denial of Service [SA11131] CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities [SA11143] IBM Lotus Domino Server Quick Console Cross-Site Scripting UNIX/Linux: [SA11124] cPanel Login Command Injection Vulnerability [SA11155] Red Hat update for Mozilla [SA11154] OpenBSD update for OpenSSL [SA11153] Gentoo update for OpenSSL [SA11152] Slackware update for OpenSSL [SA11151] Debian update for OpenSSL [SA11150] FreeBSD update for OpenSSL [SA11149] Mandrake update for OpenSSL [SA11148] EnGarde update for OpenSSL [SA11147] Red Hat update for OpenSSL [SA11146] SuSE update for OpenSSL [SA11144] Red Hat update for OpenSSL [SA11125] OpenPKG update for uudeview [SA11103] Mandrake update for Mozilla [SA11116] OpenBSD update for httpd [SA11113] Chaogic Systems vHost Unspecified Cross-Site Scripting Vulnerability [SA11123] Macromedia Multiple Products Privilege Escalation Vulnerability [SA11117] Debian update for samba [SA11115] Debian update for xitalk [SA11114] xitalk Privilege Escalation Vulnerability [SA11109] Debian update for Calife [SA11107] Debian update for sysstat [SA11106] Red Hat update for sysstat [SA11105] Sysstat Insecure Temporary File Creation Vulnerability [SA11137] Debian update for gdk-pixbuf [SA11104] Red Hat update for nfs-utils Other: [SA11119] Novell Groupwise WebAccess Insecure Default Configuration Cross Platform: [SA11134] 4nAlbum Multiple Vulnerabilities [SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability [SA11118] Oracle Web Cache Unspecified Client Request Handling Vulnerabilities [SA11111] cPanel Password Reset Command Injection Vulnerability [SA11108] Unreal Engine Class Name Format String Vulnerability [SA11145] Cisco Multiple Products OpenSSL Denial of Service Vulnerability [SA11141] Fizmez Web Server Connection Denial of Service Vulnerability [SA11140] Mambo Cross Site Scripting and SQL Injection Vulnerabilities [SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities [SA11138] mod_security POST Request Processing Off-By-One Vulnerability [SA11133] 4nGuestbook "x" Parameter SQL Injection and Cross-Site Scripting [SA11130] Sun Java System Application Server SOAP Request Denial of Service [SA11122] Pegasi Web Server Directory Traversal and Cross-Site Scripting [SA11121] phpBB SQL Injection and Cross Site Scripting Vulnerabilities [SA11112] CFWebstore SQL Injection and Cross-Site Scripting Vulnerabilities [SA11126] HP Web Based Management Anonymous Certificate Upload Vulnerability [SA11142] vBulletin Cross-Site Scripting Vulnerabilities [SA11135] PHP-Nuke Cross Site Scripting Vulnerabilities [SA11128] YaBB / YaBB SE Formatting Tag Cross-Site Scripting Vulnerability [SA11110] Emumail Webmail Cross Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA11159] GlobalSCAPE Secure FTP Server "SITE" Command Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 STORM has reported a vulnerability in GlobalSCAPE Secure FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11159/ -- [SA11136] WS_FTP Pro Directory Listing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-03-17 A vulnerability has been reported in WS_FTP Pro, which can be exploited by malicious people to cause a DoS (Denial-of-Service) on the application and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/11136/ -- [SA11132] Macromedia ColdFusion MX / JRun SOAP Request Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-16 Amit Klein has discovered a vulnerability in ColdFusion MX and JRun, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11132/ -- [SA11120] AntiGen for Domino Encrypted Zip File Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-15 A vulnerability has been reported in AntiGen for Domino, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11120/ -- [SA11131] CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From local network Impact: System access Released: 2004-03-16 Dave Aitel of Immunity has reported some vulnerabilities in CA Unicenter TNG, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11131/ -- [SA11143] IBM Lotus Domino Server Quick Console Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-17 Dr_insane has reported a vulnerability in IBM Lotus Domino, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11143/ UNIX/Linux:-- [SA11124] cPanel Login Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-03-15 Arab VieruZ has reported a vulnerability in cPanel, allowing malicious people to execute certain system commands on a vulnerable system. Full Advisory: http://secunia.com/advisories/11124/ -- [SA11155] Red Hat update for Mozilla Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, DoS, System access Released: 2004-03-18 Red Hat has issued updated packages for mozilla, which fixes various vulnerabilities. Full Advisory: http://secunia.com/advisories/11155/ -- [SA11154] OpenBSD update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 OpenBSD has issued a patch for OpenSSL. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11154/ -- [SA11153] Gentoo update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 Gentoo has issued updated packages for OpenSSL. These fix three vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11153/ -- [SA11152] Slackware update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 Slackware has issued updated packages for OpenSSL. These fix two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11152/ -- [SA11151] Debian update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 Debian has issued updated packages for OpenSSL. These fix two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11151/ -- [SA11150] FreeBSD update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 FreeBSD has issued a patch for OpenSSL. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11150/ -- [SA11149] Mandrake update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 MandrakeSoft has issued updated packages for OpenSSL. These fix two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11149/ -- [SA11148] EnGarde update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 Guardian Digital has issued updated packages for OpenSSL. These fix two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11148/ -- [SA11147] Red Hat update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 Red Hat has issued updated packages for OpenSSL. These fix three vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11147/ -- [SA11146] SuSE update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-18 SuSE has issued updated packages for OpenSSL. These fix two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11146/ -- [SA11144] Red Hat update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-17 Red Hat has issued updated packages for OpenSSL. These fix two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11144/ -- [SA11125] OpenPKG update for uudeview Critical: Moderately critical Where: From remote Impact: System access Released: 2004-03-15 OpenPKG has issued updated packages for uudeview. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/11125/ -- [SA11103] Mandrake update for Mozilla Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, DoS, System access Released: 2004-03-11 MandrakeSoft has issued updated packages for Mozilla. These fix various older vulnerabilities, which can be exploited by malicious people to disclose users' proxy server credentials, bypass certain cookie path restrictions, cause a DoS (Denial of Service), and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/11103/ -- [SA11116] OpenBSD update for httpd Critical: Less critical Where: From remote Impact: Security Bypass Released: 2004-03-15 OpenBSD has issued patches for httpd. These fix a vulnerability, which can be exploited by malicious people to bypass certain restrictions on sparc64 systems. Full Advisory: http://secunia.com/advisories/11116/ -- [SA11113] Chaogic Systems vHost Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-12 An unspecified vulnerability has been reported in Chaogic Systems vHost, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11113/ -- [SA11123] Macromedia Multiple Products Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-15 Chris Irvine has discovered a vulnerability in Macromedia MX 2004 products, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://secunia.com/advisories/11123/ -- [SA11117] Debian update for samba Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-15 Debian has issued updated packages for Samba. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11117/ -- [SA11115] Debian update for xitalk Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-12 Debian has issued updated packages for xitalk. These fix a vulnerability, which can be exploited by malicious, local users to gain group "utmp" privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/11115/ -- [SA11114] xitalk Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-12 Steve Kemp has reported a vulnerability in xitalk, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11114/ -- [SA11109] Debian update for Calife Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-12 Debian has issued updated packages for Calife. These fix a vulnerability, which potentially can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/11109/ -- [SA11107] Debian update for sysstat Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-11 Debian has issued updated packages for sysstat. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11107/ -- [SA11106] Red Hat update for sysstat Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-11 Red Hat has issued updated packages for sysstat. These fix a vulnerability, allowing malicious local users to escalate their privileges. Full Advisory: http://secunia.com/advisories/11106/ -- [SA11105] Sysstat Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-11 A vulnerability has been discovered in sysstat, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://secunia.com/advisories/11105/ -- [SA11137] Debian update for gdk-pixbuf Critical: Not critical Where: From remote Impact: DoS Released: 2004-03-16 Debian has issued updated packages for gdk-pixbuf. These fix a vulnerability, which can be exploited by malicious people to crash certain applications like Evolution on a vulnerable system. Full Advisory: http://secunia.com/advisories/11137/ -- [SA11104] Red Hat update for nfs-utils Critical: Not critical Where: From local network Impact: DoS Released: 2004-03-11 Red Hat has issued updated packages for nfs-utils. These fix a vulnerability, which can be exploited by malicious people to crash rpc.mountd. Full Advisory: http://secunia.com/advisories/11104/ Other:-- [SA11119] Novell Groupwise WebAccess Insecure Default Configuration Critical: Moderately critical Where: From remote Impact: System access Released: 2004-03-15 A security issue has been reported in GroupWise 6 and 6.5 WebAccess, which potentially can be exploited by malicious people to gain unauthorised access to a vulnerable server. Full Advisory: http://secunia.com/advisories/11119/ Cross Platform:-- [SA11134] 4nAlbum Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access Released: 2004-03-16 Janek Vind "waraxe" has reported some vulnerabilities in 4nAlbum, where the most critical can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11134/ -- [SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-03-15 SIMON Baptiste has discovered a vulnerability in SPIP, allowing malicious people to inject arbitrary PHP code. Full Advisory: http://secunia.com/advisories/11127/ -- [SA11118] Oracle Web Cache Unspecified Client Request Handling Vulnerabilities Critical: Highly critical Where: From remote Impact: Released: 2004-03-15 Oracle has reported that multiple vulnerabilities have been discovered in Oracle Web Cache. Full Advisory: http://secunia.com/advisories/11118/ -- [SA11111] cPanel Password Reset Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-03-12 Arab VieruZ has discovered a vulnerability in cPanel, allowing malicious people to execute certain system commands on a vulnerable system. Full Advisory: http://secunia.com/advisories/11111/ -- [SA11108] Unreal Engine Class Name Format String Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-03-11 Luigi Auriemma has reported a vulnerability in the Unreal engine, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable server. Full Advisory: http://secunia.com/advisories/11108/ -- [SA11145] Cisco Multiple Products OpenSSL Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-17 Cisco has confirmed a vulnerability in various products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11145/ -- [SA11141] Fizmez Web Server Connection Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-17 Donato Ferrante has reported a vulnerability in Fizmez Web Server, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11141/ -- [SA11140] Mambo Cross Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, Manipulation of data, Cross Site Scripting Released: 2004-03-17 JeiAr has discovered some vulnerabilities in Mambo, allowing malicious people to conduct SQL injection and Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/11140/ -- [SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-17 Three vulnerabilities have been discovered in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11139/ -- [SA11138] mod_security POST Request Processing Off-By-One Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-03-17 Evgeny Legerov has discovered a vulnerability in mod_security, which can be exploited by malicious people to cause a DoS (Denial-of-Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11138/ -- [SA11133] 4nGuestbook "x" Parameter SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-03-16 Janek Vind "waraxe" has reported a vulnerability in 4nGuestbook, allowing malicious people to conduct SQL injection and Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/11133/ -- [SA11130] Sun Java System Application Server SOAP Request Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-16 Amit Klein has discovered a vulnerability in Sun Java System Application Server, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11130/ -- [SA11122] Pegasi Web Server Directory Traversal and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2004-03-15 Donato Ferrante has discovered some vulnerabilities in Pegasi Web Server, which can be exploited to conduct cross-site scripting and directory traversal attacks. Full Advisory: http://secunia.com/advisories/11122/ -- [SA11121] phpBB SQL Injection and Cross Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2004-03-15 Some vulnerabilities have been reported in phpBB, allowing malicious people to conduct Cross Site Scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/11121/ -- [SA11112] CFWebstore SQL Injection and Cross-Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-03-12 Nick Gudov has reported some vulnerabilities in CFWebstore, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/11112/ -- [SA11126] HP Web Based Management Anonymous Certificate Upload Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2004-03-15 Dave Aitel has discovered a vulnerability in HP HTTP server, allowing malicious people to gain access to administrative functions. Full Advisory: http://secunia.com/advisories/11126/ -- [SA11142] vBulletin Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-17 JeiAr has reported some vulnerabilities in vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11142/ -- [SA11135] PHP-Nuke Cross Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-16 Janek Vind "waraxe" has reported some vulnerabilities in PHP-Nuke, allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/11135/ -- [SA11128] YaBB / YaBB SE Formatting Tag Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-16 Cheng Peng Su has reported a vulnerability in YaBB and YaBB SE, allowing malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11128/ -- [SA11110] Emumail Webmail Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2004-03-12 Dr_insane has reported some vulnerabilities in Emumail Webmail, allowing malicious people to conduct Cross Site Scripting attacks and see the installation path. Full Advisory: http://secunia.com/advisories/11110/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Mar 19 2004 - 06:24:28 PST