======================================================================== The Secunia Weekly Advisory Summary 2004-03-18 - 2004-03-25 This week : 43 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The world doesn't patch - by Thomas Kristensen, Secunia. How is it possible for the Bagle.Q worm to exploit a very well known 7 month old vulnerability? August 2003, Secunia warned about an extremely critical vulnerability in the popular browser Internet Explorer, which allowed web sites and emails to download and execute any code on a user's system. Medias all over the world wrote about the vulnerability, which got even more attention when scammers and adult sites started to exploit it to install back doors and dialer programs on innocent people's PCs by sending malicious SPAM emails. More articles were published when Microsoft failed to plug the hole properly in the first attempt, effectively leaving hundreds of millions of people vulnerable from 7th September when Microsoft's plug publicly was proven inadequate until the final patch arrived on 4th October 2003. One should have thought that by now everyone, who are even the least concerned about IT security should have gotten the message and have installed the patch - and the troubled days should be over. Since sometime in October 2003, we haven't heard much about the Object Data vulnerability, despite the fact that it is very easy and simple to exploit; so simple that even the most impaired amateur hacker could do it blind folded. The worm breaks out... Finally, on 18th March 2004 the Bagle.Q worm hits people's inboxes and we were all about to learn how many really patched up. Based on the apparently rapid spread of Bagle.Q, it seemed that too many had failed, forgotten, or simply didn't care to patch up. The Bagle.Q virus downloaded the malicious payload from a large number of infected or compromised hosts as soon as it was viewed in the preview pane using Outlook or Outlook Express. Fortunately, the Bagle.Q virus made the mistake of downloading the payload from a number of fixed hosts. This allowed anti-virus fighters and authorities to shut down or block access to the distribution servers, limiting the distribution rate. Once again Secunia warned about the old flaw and some Internet medias warned about the new threat and asked their readers to take Secunia's online test to see if they were still vulnerable. Secunia's online test, which allows everyone to check if they are vulnerable. From our statistics it appears that a shocking 29% still are vulnerable. It should also be taken into account that those, who actually take such a test, are the ones concerned about security. This raises a big question about the vast number of people, who don't know or care about security. One thing is certain, millions of Windows users are still vulnerable and have yet to feel the sting of a greedy adult web master breaking laws and all ethic rule-sets to earn a profit or a malicious virus wiping the hard-drive or mass-mailing your love letters. Secunia's MS03-032 Online Test: http://secunia.com/ms03-032/?s ======================================================================== 2) This Week in Brief: Stefan Esser has discovered no less than 13 buffer overflow vulnerabilities in Ethereal, which potentially can be exploited to execute arbitrary code on a vulnerable system. An updated version is reportedly available from the vendor. Reference: http://secunia.com/SA11185 -- Mark Litchfield of NGSSoftware has discovered vulnerabilities in Symantec Norton AntiSpam and Symantec Internet Security, which can be exploited to compromise a vulnerable system. For both products applies that this can be exploited through HTML documents e.g. by visiting a website. Symantec has reported that updates are available for both products via the "LiveUpdate" feature. Reference: http://secunia.com/SA11168 http://secunia.com/SA11169 -- eEye Digital Security discovered a vulnerability in the way multiple products from Internet Security Systems (ISS) handles ICQ Server Responses. The vulnerability could be exploited via a specially crafted packet with a source port of 4000/UDP. Just one day after the disclosure from eEye and release of patches from ISS, a worm began exploiting this vulnerability. Please refer to the Secunia Advisory below for more information about this vulnerability. Reference: http://secunia.com/SA11073 ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10395] Internet Explorer URL Spoofing Vulnerability 2. [SA9935] Microsoft Internet Explorer Update fixes the Object Data Vulnerability 3. [SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities 4. [SA9580] Microsoft Internet Explorer Multiple Vulnerabilities 5. [SA11168] Symantec Internet Security ActiveX Component Arbitrary File Execution 6. [SA11073] ISS Multiple Products ICQ Server Response Processing Vulnerability 7. [SA11169] Symantec Norton AntiSpam ActiveX Component Buffer Overflow Vulnerability 8. [SA11170] Apache 2 Connection Denial of Service Vulnerability 9. [SA10736] Internet Explorer File Download Extension Spoofing 10. [SA9729] Eudora Multiple Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA11182] Terminator 3: War Of The Machines Broadcast Buffer Overflow [SA11169] Symantec Norton AntiSpam ActiveX Component Buffer Overflow Vulnerability [SA11168] Symantec Internet Security ActiveX Component Arbitrary File Execution [SA11205] DameWare Mini Remote Control Weak Encryption Implementation [SA11204] Kerio WinRoute HTTP Header Parser Denial of Service [SA11201] VP-ASP Shopping Cart "catalogid" Parameter SQL Injection Vulnerability [SA11180] News Manager Lite Multiple Vulnerabilities [SA11179] Member Management System Multiple Vulnerabilities [SA11206] WS_FTP Server Multiple Vulnerabilities [SA11199] Microsoft Visual C++ Constructed ISAPI Extensions Denial of Service UNIX/Linux: [SA11198] Debian update for ecartis [SA11183] Sun Cobalt update for Pine [SA11195] PHP-Nuke Script Insertion Vulnerabilities [SA11186] XWeb Directory Traversal Vulnerability [SA11181] 4D WebSTAR update for OpenSSL [SA11177] Clam AntiVirus RAR Archive Processing Denial of Service Vulnerability [SA11175] LiteSpeed Web Server OpenSSL Vulnerabilities [SA11171] Fedora update for OpenSSL [SA11163] OpenPKG update for OpenSSL [SA11161] Trustix update for OpenSSL [SA11197] Red Hat update for mod_ssl [SA11193] SSH Tectia Server ssh-passwd-plugin Private Host Key Exposure [SA11190] Xine Insecure Temporary File Creation Vulnerability [SA11172] Borland Interbase "admin.ib" Insecure Default File Permissions [SA11162] Trustix update for systat Other: [SA11184] Blue Coat Products update for OpenSSL [SA11167] NetScreen Instant Virtual Extranet update for OpenSSL [SA11188] Novell NetWare Admin/Install Password Disclosure Cross Platform: [SA11196] Mod_Survey Script and SQL Insertion Vulnerability [SA11194] Invision Gallery! SQL Injection Vulnerabilities [SA11192] First Virtual Communications Products H.323 Implementation Vulnerabilities [SA11187] Invision Power Top Site List SQL Injection Vulnerability [SA11185] Ethereal Multiple Vulnerabilities [SA11178] Stonesoft Multiple Products OpenSSL Vulnerability [SA11174] Tarantella Enterprise OpenSSL Vulnerability [SA11170] Apache 2 Connection Denial of Service Vulnerability [SA11166] Jetty Unspecified Denial of Service Vulnerability [SA11164] Error Manager Cross Site Scripting Vulnerabilities [SA11203] MS-Analysis Multiple Vulnerabilities [SA11191] FirstClass "TargetName" Parameter Cross Site Scripting Vulnerability [SA11189] phpBB "profile.php" Cross Site Scripting Vulnerability [SA11173] Tarantella Enterprise CGI Utilities Cross-Site Scripting Vulnerabilities [SA11176] Apache 2 mod_disk_cache Stores Credentials ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA11182] Terminator 3: War Of The Machines Broadcast Buffer Overflow Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-03-22 Luigi Auriemma has reported a vulnerability in Terminator 3: War Of The Machines, allowing malicious people to cause a Denial of Service or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11182/ -- [SA11169] Symantec Norton AntiSpam ActiveX Component Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-03-19 NGSSoftware has discovered a vulnerability in Norton AntiSpam 2004, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/11169/ -- [SA11168] Symantec Internet Security ActiveX Component Arbitrary File Execution Critical: Highly critical Where: From remote Impact: System access Released: 2004-03-19 NGSSoftware has discovered a vulnerability in Norton Internet Security 2004, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/11168/ -- [SA11205] DameWare Mini Remote Control Weak Encryption Implementation Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-03-24 ax09001h has reported a design error in DameWare Mini Remote Control, possibly allowing malicious people to gain knowledge of the encryption key. Full Advisory: http://secunia.com/advisories/11205/ -- [SA11204] Kerio WinRoute HTTP Header Parser Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-24 The vendor has reported an unspecified vulnerability in the HTTP header parser, which may allow malicious people to cause a Denial of Service. Full Advisory: http://secunia.com/advisories/11204/ -- [SA11201] VP-ASP Shopping Cart "catalogid" Parameter SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-03-24 The vendor has reported a vulnerability in VP-ASP Shopping Cart, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/11201/ -- [SA11180] News Manager Lite Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data Released: 2004-03-22 Manuel López has reported some vulnerabilities in News Manager Lite, allowing malicious people to gain administrative access, conduct Cross Site Scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/11180/ -- [SA11179] Member Management System Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2004-03-22 Manuel López has reported some vulnerabilities in Member Management System, allowing malicious people to conduct script insertion, Cross Site Scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/11179/ -- [SA11206] WS_FTP Server Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Privilege escalation, DoS, System access Released: 2004-03-24 Hugh Mann has reported multiple vulnerabilities in WS_FTP Server, which can be exploited by malicious users to cause a DoS (Denial-of-Service), gain escalated privileges, or compromise the system. Full Advisory: http://secunia.com/advisories/11206/ -- [SA11199] Microsoft Visual C++ Constructed ISAPI Extensions Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2004-03-24 A vulnerability has been reported in Microsoft Visual C++, which potentially can be exploited by malicious people to cause a DoS (Denial-of-Service) on certain applications. Full Advisory: http://secunia.com/advisories/11199/ UNIX/Linux:-- [SA11198] Debian update for ecartis Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2004-03-24 Debian has issued updated packages for ecartis. These fix some vulnerabilities, which can be exploited by malicious people to expose mail addresses and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11198/ -- [SA11183] Sun Cobalt update for Pine Critical: Highly critical Where: From remote Impact: Released: 2004-03-23 Sun has issued updates for Pine, which fix some unspecified vulnerabilities. Full Advisory: http://secunia.com/advisories/11183/ -- [SA11195] PHP-Nuke Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-03-24 Janek Vind "waraxe" has reported some vulnerabilities in PHP-Nuke, allowing malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/11195/ -- [SA11186] XWeb Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-03-23 Donato Ferrante has discovered a vulnerability in XWeb, allowing malicious people to read arbitrary files on a vulnerable system. Full Advisory: http://secunia.com/advisories/11186/ -- [SA11181] 4D WebSTAR update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-22 The vendor has acknowledged a vulnerability in the 4D WebSTAR OpenSSL implementation, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11181/ -- [SA11177] Clam AntiVirus RAR Archive Processing Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-22 A vulnerability has been discovered in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11177/ -- [SA11175] LiteSpeed Web Server OpenSSL Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-22 An updated version has been released of LiteSpeed Web Server. This fixes some vulnerabilities in the OpenSSL implementation, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11175/ -- [SA11171] Fedora update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-23 Fedora has issued updated packages for OpenSSL. These fix three vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11171/ -- [SA11163] OpenPKG update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-19 OpenPKG has issued an updated package for OpenSSL. These fix two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11163/ -- [SA11161] Trustix update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-19 Trustix has issued updated packages for OpenSSL. These fix three vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11161/ -- [SA11197] Red Hat update for mod_ssl Critical: Less critical Where: From remote Impact: DoS Released: 2004-03-23 Red Hat has issued updated packages for mod_ssl. These fix a vulnerability allowing malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11197/ -- [SA11193] SSH Tectia Server ssh-passwd-plugin Private Host Key Exposure Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2004-03-23 A vulnerability has been discovered in SSH Tectia Server, which can be exploited by malicious, authenticated users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/11193/ -- [SA11190] Xine Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-24 Shaun Colley has reported a vulnerability in Xine, potentially allowing malicious users to escalate their privileges. Full Advisory: http://secunia.com/advisories/11190/ -- [SA11172] Borland Interbase "admin.ib" Insecure Default File Permissions Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-20 iDEFENSE has reported a vulnerability in Borland Interbase, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11172/ -- [SA11162] Trustix update for systat Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-03-19 Trustix has issued updated packages for sysstat. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11162/ Other:-- [SA11184] Blue Coat Products update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-23 The vendor has acknowledged two vulnerabilities in the Blue Coat operating systems' OpenSSL implementation, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11184/ -- [SA11167] NetScreen Instant Virtual Extranet update for OpenSSL Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-19 NetScreen Technologies has issued an update for OpenSSL on the IVE platform. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11167/ -- [SA11188] Novell NetWare Admin/Install Password Disclosure Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2004-03-24 A security issue has been discovered in NetWare 6.5 Support Pack 1.1, which can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/11188/ Cross Platform:-- [SA11196] Mod_Survey Script and SQL Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-03-24 Joel Palmius has reported a vulnerability in Mod_Survey, allowing malicious people to conduct code insertion attacks. Full Advisory: http://secunia.com/advisories/11196/ -- [SA11194] Invision Gallery! SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-03-23 JeiAr has reported some vulnerabilities in Invision Gallery!, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/11194/ -- [SA11192] First Virtual Communications Products H.323 Implementation Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-23 First Virtual Communications has acknowledged some vulnerabilities in various products' H.323 protocol implementation, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11192/ -- [SA11187] Invision Power Top Site List SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Exposure of system information, Manipulation of data Released: 2004-03-23 JeiAr has reported a vulnerability in Invision Power Top Site List, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/11187/ -- [SA11185] Ethereal Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-03-23 Multiple vulnerabilities have been discovered in Ethereal, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11185/ -- [SA11178] Stonesoft Multiple Products OpenSSL Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-22 Stonesoft has reported that some products may be affected by a vulnerability in the OpenSSL implementation. This can potentially be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11178/ -- [SA11174] Tarantella Enterprise OpenSSL Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-22 The vendor has acknowledged a vulnerability in the Tarantella OpenSSL implementation, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11174/ -- [SA11170] Apache 2 Connection Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-20 The vendor has reported a vulnerability in Apache 2, which can be exploited by malicious people to cause a Denial of Service. Full Advisory: http://secunia.com/advisories/11170/ -- [SA11166] Jetty Unspecified Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-03-19 An unspecified vulnerability has been reported in Jetty, which can be exploited by malicious people to cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11166/ -- [SA11164] Error Manager Cross Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information Released: 2004-03-19 Janek Vind has reported some vulnerabilities in Error Manager for PHP-Nuke, allowing malicious people to see the installation path and conduct Cross Site Scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/11164/ -- [SA11203] MS-Analysis Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-24 Janek Vind has reported some vulnerabilities in MS-Analysis, allowing malicious people to conduct Cross Site Scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/11203/ -- [SA11191] FirstClass "TargetName" Parameter Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-23 Richard Maudsley has reported a vulnerability in FirstClass, allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/11191/ -- [SA11189] phpBB "profile.php" Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-23 Cheng Peng Su has reported a vulnerability in phpBB, allowing malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/11189/ -- [SA11173] Tarantella Enterprise CGI Utilities Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-03-20 Sanjay Shah has discovered two vulnerabilities in Tarantella Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11173/ -- [SA11176] Apache 2 mod_disk_cache Stores Credentials Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2004-03-22 Andreas Steinmetz has reported a weakness in Apache 2 mod_disk_cache, allowing a malicious, administrative user to see user credentials for remote web sites. Full Advisory: http://secunia.com/advisories/11176/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== _______________________________________________ isn mailing list isn@private http://www.attrition.org/mailman/listinfo/isn
This archive was generated by hypermail 2b30 : Thu Mar 25 2004 - 08:15:25 PST