========================================================================
The Secunia Weekly Advisory Summary
2004-05-20 - 2004-05-27
This week : 48 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
ADVISORIES:
Apple issued updates for the Mac OS X on Friday (21-05-2004) to fix
the HELP URI handler vulnerability. However, the update from Apple did
not correct the "disk" vulnerability. This unfortunately leaves users
of the Mac OS X just as vulnerable to attacks as before the update was
issued.
Secunia has described the vulnerability in detail along with mitigating
steps. See referenced Secunia Advisory below.
Reference:
http://secunia.com/SA11689
--
Yuu Arai has discovered a vulnerability in Symantec Norton AntiVirus
ActiveX Control, which can be exploited by malicious websites to
execute code that already resides on the affected user's system or
cause the application to stop responding.
Symantec has issued an updated version, which is available via the
LiveUpdate feature.
Reference:
http://secunia.com/SA11676
--
F-Secure has reported a buffer overflow vulnerability in many of
their products, which reportedly can be exploited to perform a Denial
of Service attack.
The buffer overflow will occur when processing specially crafted LHA
archives.
Reference:
http://secunia.com/SA11712
VIRUS ALERTS:
During the last week, Secunia issued one MEDIUM RISK virus alert.
Please refer to the grouped virus profile below for more information:
Bobax.C - MEDIUM RISK Virus Alert - 2004-05-18 23:37 GMT+1
http://secunia.com/virus_information/9513/bobax.c/
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA11622] Mac OS X URI Handler Arbitrary Code Execution
2. [SA11689] Mac OS X Volume URI Handler Registration Code Execution
Vulnerability
3. [SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
4. [SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability
5. [SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
6. [SA11066] Symantec Client Firewall Products Multiple
Vulnerabilities
7. [SA10395] Internet Explorer URL Spoofing Vulnerability
8. [SA11633] Microsoft Windows "desktop.ini" Arbitrary File Execution
Vulnerability
9. [SA11674] Gentoo update for CVS
10. [SA11677] OpenBSD update for cvs
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA11706] Orenosv HTTP/FTP Server GET Request Buffer Overflow
Vulnerability
[SA11715] MiniShare HTTP Request Denial of Service Vulnerability
[SA11684] BNBT Authorization Header Denial of Service Vulnerability
[SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability
[SA11699] F-Secure Anti-Virus Archived Virus Detection Bypass
Vulnerability
[SA11678] Exceed Xconfig Setting Editing Restriction Bypass
UNIX/Linux:
[SA11689] Mac OS X Volume URI Handler Registration Code Execution
Vulnerability
[SA11687] Gentoo update for metamail
[SA11677] OpenBSD update for cvs
[SA11675] Gentoo update for subversion
[SA11674] Gentoo update for CVS
[SA11719] Gentoo update for apache
[SA11718] Mandrake update for mailman
[SA11717] HP-UX update for Java
[SA11709] Red Hat update for LHA
[SA11707] Conectiva update for mailman
[SA11702] Conectiva update for libneon
[SA11701] Mailman Unspecified Password Retrieval Vulnerability
[SA11693] e107 Site Statistics Script Insertion Vulnerability
[SA11692] Liferay Enterprise Portal Multiple Script Insertion
Vulnerabilities
[SA11686] Gentoo update for squirrelmail
[SA11685] Squirrelmail Unspecified Cross-Site Scripting and SQL
Injection Vulnerabilities
[SA11681] Mandrake update for apache-mod_perl
[SA11680] vsftpd Connection Handling Denial of Service Vulnerability
[SA11673] Gentoo update for neon
[SA11672] Gentoo update for cadaver
[SA11725] Conectiva update for kde
[SA11713] SuSE update for kdelibs
[SA11710] Red Hat update for tcpdump
[SA11705] Fedora update for httpd
[SA11703] Gentoo update for opera
[SA11688] OpenPKG update for rsync
[SA11720] Gentoo update for mc
[SA11714] FreeBSD "msync()" MS_INVALIDATE Implementation Security
Issue
[SA11708] Red Hat update for utempter
[SA11704] Gentoo update for mysql
[SA11700] cPanel mod_php suexec Privilege Escalation Vulnerability
[SA11695] Debian update for xpcd
[SA11691] Gentoo update for firebird
[SA11690] libpcd PhotoCD Image Error Handling Buffer Overflow
Vulnerabilities
[SA11683] Mandrake update for kernel
Other:
[SA11694] VocalTec Telephony Gateways H.323 Denial of Service
Vulnerability
[SA11682] HP ProCurve Routing Switch TCP Connection Reset Denial of
Service
[SA11679] Novell NetWare TCP Connection Reset Denial of Service
[SA11716] 3Com OfficeConnect 812 ADSL Router Telnet Protocol Denial of
Service
[SA11698] Netgear RP114 URL Filtering Bypass Vulnerability
Cross Platform:
[SA11712] F-Secure Anti-Virus Products LHA Archive Processing Buffer
Overflow
[SA11696] e107 "user.php" Cross Site Scripting Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA11706] Orenosv HTTP/FTP Server GET Request Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-26
badpack3t has discovered a vulnerability in Orenosv HTTP/FTP Server,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/11706/
--
[SA11715] MiniShare HTTP Request Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-27
Donato Ferrante has discovered a vulnerability in MiniShare, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11715/
--
[SA11684] BNBT Authorization Header Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-24
badpack3t has reported a vulnerability in BNBT, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11684/
--
[SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-05-21
Yuu Arai has discovered a vulnerability in Norton AntiVirus 2004, which
can be exploited by malicious people to perform various actions on a
user's system.
Full Advisory:
http://secunia.com/advisories/11676/
--
[SA11699] F-Secure Anti-Virus Archived Virus Detection Bypass
Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-05-25
A vulnerability has been discovered in F-Secure Anti-Virus, which may
prevent certain malware in archives from being detected.
Full Advisory:
http://secunia.com/advisories/11699/
--
[SA11678] Exceed Xconfig Setting Editing Restriction Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-05-21
A vulnerability has been discovered in Exceed, which can be exploited
by malicious, local users to bypass certain restrictions.
Full Advisory:
http://secunia.com/advisories/11678/
UNIX/Linux:--
[SA11689] Mac OS X Volume URI Handler Registration Code Execution
Vulnerability
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2004-05-22
A vulnerability has been reported in Mac OS X, allowing malicious web
sites to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11689/
--
[SA11687] Gentoo update for metamail
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-22
Gentoo has issued an update for metamail. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11687/
--
[SA11677] OpenBSD update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-21
OpenBSD has issued patches for cvs. These fix a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11677/
--
[SA11675] Gentoo update for subversion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-21
Gentoo has issued an update for subversion. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/11675/
--
[SA11674] Gentoo update for CVS
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-05-21
Gentoo has issued an update for CVS. This fixes a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11674/
--
[SA11719] Gentoo update for apache
Critical: Moderately critical
Where: From remote
Impact: DoS, Manipulation of data, Spoofing, Security Bypass
Released: 2004-05-27
Gentoo has issued an update for apache. This fixes various
vulnerabilities, which can be exploited to inject potentially malicious
characters into error logfiles, bypass certain restrictions, gain
unauthorised access, or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11719/
--
[SA11718] Mandrake update for mailman
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-05-27
MandrakeSoft has issued an update for mailman. This fixes a
vulnerability, which can be exploited by malicious people to retrieve
members' passwords.
Full Advisory:
http://secunia.com/advisories/11718/
--
[SA11717] HP-UX update for Java
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-26
HP has acknowledged a vulnerability in Java for HP-UX, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11717/
--
[SA11709] Red Hat update for LHA
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-26
Red Hat has issued an update for LHA. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11709/
--
[SA11707] Conectiva update for mailman
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
DoS
Released: 2004-05-26
Conectiva has issued an update for mailman. This fixes multiple
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, cause a DoS (Denial of Service), or
retrieve users' passwords.
Full Advisory:
http://secunia.com/advisories/11707/
--
[SA11702] Conectiva update for libneon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-26
Conectiva has issued an update for libneon. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/11702/
--
[SA11701] Mailman Unspecified Password Retrieval Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-05-26
A vulnerability has been discovered in mailman, which can be exploited
by malicious people to retrieve members' passwords.
Full Advisory:
http://secunia.com/advisories/11701/
--
[SA11693] e107 Site Statistics Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-05-24
Chinchilla has reported a vulnerability in e107, which can be exploited
by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/11693/
--
[SA11692] Liferay Enterprise Portal Multiple Script Insertion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-05-24
Sandeep Giri has reported multiple vulnerabilities in Liferay
Enterprise Portal, which can be exploited by malicious users to conduct
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/11692/
--
[SA11686] Gentoo update for squirrelmail
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: 2004-05-24
Gentoo has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/11686/
--
[SA11685] Squirrelmail Unspecified Cross-Site Scripting and SQL
Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: 2004-05-24
Various vulnerabilities have been discovered in SquirrelMail, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/11685/
--
[SA11681] Mandrake update for apache-mod_perl
Critical: Moderately critical
Where: From remote
Impact: DoS, Manipulation of data, Spoofing, Security Bypass
Released: 2004-05-21
MandrakeSoft has issued updated packages for apache-mod_perl. These fix
various vulnerabilities, which can be exploited to inject potentially
malicious characters into error logfiles, bypass certain restrictions,
gain unauthorised access, or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11681/
--
[SA11680] vsftpd Connection Handling Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-21
Olivier Baudron has discovered a vulnerability in vsftpd, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11680/
--
[SA11673] Gentoo update for neon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-21
Gentoo has issued an update for neon. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/11673/
--
[SA11672] Gentoo update for cadaver
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-05-21
Gentoo has issued an update for cadaver. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/11672/
--
[SA11725] Conectiva update for kde
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-27
Conectiva has issued an update for kde. This fixes a vulnerability,
which can be exploited by malicious people to create or truncate files
on a user's system.
Full Advisory:
http://secunia.com/advisories/11725/
--
[SA11713] SuSE update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-26
SuSE has issued an update for kdelibs. This fixes a vulnerability,
which can be exploited by malicious people to create or truncate files
on a user's system.
Full Advisory:
http://secunia.com/advisories/11713/
--
[SA11710] Red Hat update for tcpdump
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-26
Red Hat has issued an update for tcpdump. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11710/
--
[SA11705] Fedora update for httpd
Critical: Less critical
Where: From remote
Impact: Manipulation of data, DoS
Released: 2004-05-26
Fedora has issued an update for httpd. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or inject certain potentially malicious characters in error
log files.
Full Advisory:
http://secunia.com/advisories/11705/
--
[SA11703] Gentoo update for opera
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-05-26
Gentoo has issued an update for opera. This fixes a vulnerability,
which can be exploited by malicious people to create or truncate files
on a user's system.
Full Advisory:
http://secunia.com/advisories/11703/
--
[SA11688] OpenPKG update for rsync
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: 2004-05-22
OpenPKG has issued an update for rsync. This fixes a vulnerability,
potentially allowing malicious people to write files outside the
intended directory.
Full Advisory:
http://secunia.com/advisories/11688/
--
[SA11720] Gentoo update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-27
Gentoo has issued an update for mc. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/11720/
--
[SA11714] FreeBSD "msync()" MS_INVALIDATE Implementation Security
Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-26
Stephan Uphoff and Matt Dillon has discovered a security issue in
FreeBSD. This can be exploited by malicious, local users to prevent
changes to certain files, which they have read access to, from being
committed to disk.
Full Advisory:
http://secunia.com/advisories/11714/
--
[SA11708] Red Hat update for utempter
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-26
Red Hat has issued an update for utempter. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with higher privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11708/
--
[SA11704] Gentoo update for mysql
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-26
Gentoo has issued an update for mysql. This fixes two vulnerabilities,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/11704/
--
[SA11700] cPanel mod_php suexec Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-26
Rob Brown has reported an security issue in cPanel, potentially
allowing malicious users to escalate their privileges.
Full Advisory:
http://secunia.com/advisories/11700/
--
[SA11695] Debian update for xpcd
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-25
Debian has issued an update for xpcd. This fixes three vulnerabilities,
which potentially can be exploited by malicious people to execute
arbitrary code on a user's system.
Full Advisory:
http://secunia.com/advisories/11695/
--
[SA11691] Gentoo update for firebird
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-24
Gentoo has issued an update for firebird. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11691/
--
[SA11690] libpcd PhotoCD Image Error Handling Buffer Overflow
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-05-25
Jaguar has reported some vulnerabilities in libpcd, which potentially
can be exploited by malicious people to execute arbitrary code on a
user's system.
Full Advisory:
http://secunia.com/advisories/11690/
--
[SA11683] Mandrake update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-05-22
MandrakeSoft has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/11683/
Other:--
[SA11694] VocalTec Telephony Gateways H.323 Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-25
Tagoff Eugene has reported a vulnerability in certain VocalTec
Telephony Gateways, which can be exploited by malicious people to cause
a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11694/
--
[SA11682] HP ProCurve Routing Switch TCP Connection Reset Denial of
Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-21
HP has acknowledged a vulnerability in various products, which can be
exploited by malicious people to reset established TCP connections on a
vulnerable device.
Full Advisory:
http://secunia.com/advisories/11682/
--
[SA11679] Novell NetWare TCP Connection Reset Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-05-21
Novell has partly acknowledged a vulnerability in NetWare, which can be
exploited by malicious people to reset established TCP connections on a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/11679/
--
[SA11716] 3Com OfficeConnect 812 ADSL Router Telnet Protocol Denial of
Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-05-26
iDEFENSE has reported a vulnerability in 3Com OfficeConnect Remote 812
ADSL Router, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/11716/
--
[SA11698] Netgear RP114 URL Filtering Bypass Vulnerability
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-05-25
Marc Ruef has reported a vulnerability in NetGear RP114, which can be
exploited by malicious people to bypass the URL filtering
functionality.
Full Advisory:
http://secunia.com/advisories/11698/
Cross Platform:--
[SA11712] F-Secure Anti-Virus Products LHA Archive Processing Buffer
Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-05-26
A vulnerability has been discovered in various F-Secure Anti-Virus
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/11712/
--
[SA11696] e107 "user.php" Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-05-25
Chris Norton has reported a vulnerability in e107, allowing malicious
users to conduct Cross Site Scripting attacks.
Full Advisory:
http://secunia.com/advisories/11696/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
_________________________________________
ISN mailing list
Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Fri May 28 2004 - 07:36:57 PDT