======================================================================== The Secunia Weekly Advisory Summary 2004-06-03 - 2004-06-10 This week : 48 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: ADVISORIES: Jelmer issued a detailed analysis of a very sophisticated "zero-day" exploit for Internet Explorer. Jelmer obtained the exploit from an ad-ware site, which actively is using this exploit to install a toolbar in Internet Explorer on vulnerable users' systems. Please read Secunia advisory SA11753 below for additional details. Furthermore, Microsoft has released its monthly security bulletins for June, addressing vulnerabilities in DirectX and various products implementing Crystal Reports. Reference: http://secunia.com/SA11753 http://secunia.com/SA11803 http://secunia.com/SA11802 -- Apple has issued a security update to address the "disk://" vulnerability among others. The update has been long awaited by the Mac OS X community, as the vulnerabilities addressed have been "public knowledge" for several weeks now, and they could be used for a remote system compromise. Reference: http://secunia.com/SA11689 -- A vulnerability has been reported in Squid, which potentially could be exploited to compromise a vulnerable system. Squid has issued a patch, which fix this vulnerability. Reference: http://secunia.com/SA11804 VIRUS ALERTS: Secunia has not issued any virus alerts during the last week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA11793] Internet Explorer Local Resource Access and Cross-Zone Scripting Vulnerabilities 2. [SA11689] Mac OS X Volume URI Handler Registration Code Execution Vulnerability 3. [SA11754] Linksys Routers Administrative Web Interface Access Security Issue 4. [SA11622] Mac OS X URI Handler Arbitrary Code Execution 5. [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing Vulnerability 6. [SA10395] Internet Explorer URL Spoofing Vulnerability 7. [SA11780] Sun Solaris update for sendmail 8. [SA11764] Linksys BEF Series Routers Denial of Service Vulnerabilities 9. [SA11792] PHP "escapeshellcmd()" and "escapeshellarg()" Security Bypass Vulnerability 10. [SA11794] Webmin Unspecified Denial of Service and Security Restriction Bypass ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA11793] Internet Explorer Local Resource Access and Cross-Zone Scripting Vulnerabilities [SA11792] PHP "escapeshellcmd()" and "escapeshellarg()" Security Bypass Vulnerability [SA11787] Oracle E-Business Suite Unspecified SQL Injection Vulnerabilities [SA11803] Microsoft Crystal Reports Web Viewer Directory Traversal Vulnerability [SA11802] Microsoft DirectPlay Packet Validation Denial of Service Vulnerability [SA11790] FoolProof Security Administrator Password Disclosure Weakness UNIX/Linux: [SA11804] Squid NTLM Authentication Helper Buffer Overflow Vulnerability [SA11795] Sun Crypto Accelerator 4000 Software OpenSSL Vulnerabilities [SA11780] Sun Solaris update for sendmail [SA11767] NetBSD update for CVS [SA11809] Gentoo update for mailman [SA11805] Horde IMP "Content-Type:" Header Script Insertion Vulnerability [SA11798] cPanel suEXEC Privilege Escalation Vulnerability [SA11794] Webmin Unspecified Denial of Service and Security Restriction Bypass [SA11789] Crafty Syntax Live Help Script Insertion Vulnerabilities [SA11788] l2tpd "write_packet()" Buffer Overflow Vulnerability [SA11786] Gentoo update for sitecopy [SA11785] sitecopy Multiple libneon Vulnerabilities [SA11784] cPanel killacct Script Arbitrary DNS Information Deletion Vulnerability [SA11782] Debian update for postgresql [SA11781] psqlodbc "PGAPI_Connect()" Buffer Overflow Vulnerability [SA11779] Debian update for lha [SA11778] Open Webmail "Content-Type:" Header Script Injection Vulnerability [SA11777] Fedora update for krb5 [SA11776] Gentoo update for ethereal [SA11771] Fedora update for ethereal [SA11769] Debian update for log2mail [SA11768] log2mail "printlog()" Message Logging Format String Vulnerability [SA11765] Mandrake update for krb5 [SA11759] Slackware update for mod_ssl [SA11758] Debian update for gallery [SA11797] FreeBSD Jailed Process Host Routing Table Manipulation Vulnerability [SA11796] Mandrake update for tripwire [SA11775] Gentoo update for tripwire [SA11763] Tripwire Email Reporting Privilege Escalation Vulnerability [SA11760] Slackware PHP Insecure Static Library Linking Security Issue [SA11770] Fedora update for net-tools Other: [SA11773] NetGear WG602 Wireless Access Point Default Account Security Issue [SA11764] Linksys BEF Series Routers Denial of Service Vulnerabilities Cross Platform: [SA11774] Mail Manage EX Arbitrary File Inclusion Vulnerability [SA11801] Roundup Web Interface Directory Traversal Vulnerability [SA11800] Crystal Reports and Crystal Enterprise Directory Traversal Vulnerability [SA11783] IBM Multiple Products GSKit Denial of Service Vulnerability [SA11772] SurgeMail Path Disclosure and Cross-Site Scripting Vulnerability [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing Vulnerability [SA11791] jCIFS Arbitrary Username Authentication Security Issue [SA11761] IBM Products Forms Authentication Session Hijacking [SA11766] PHP-Nuke Direct Script Access Restriction Bypass Weakness ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA11793] Internet Explorer Local Resource Access and Cross-Zone Scripting Vulnerabilities Critical: Extremely critical Where: From remote Impact: Security Bypass, System access Released: 2004-06-08 Two vulnerabilities have been reported in Internet Explorer, which in combination with other known issues can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/11793/ -- [SA11792] PHP "escapeshellcmd()" and "escapeshellarg()" Security Bypass Vulnerability Critical: Highly critical Where: From remote Impact: Security Bypass Released: 2004-06-07 Daniel Fabian has discovered a vulnerability in PHP, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/11792/ -- [SA11787] Oracle E-Business Suite Unspecified SQL Injection Vulnerabilities Critical: Highly critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information, System access Released: 2004-06-07 Stephen Kost has reported multiple vulnerabilities in Oracle E-Business Suite and Oracle Applications, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/11787/ -- [SA11803] Microsoft Crystal Reports Web Viewer Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, DoS Released: 2004-06-08 A vulnerability has been discovered in various Microsoft products, allowing malicious people to disclose the content of arbitrary files or delete these. Full Advisory: http://secunia.com/advisories/11803/ -- [SA11802] Microsoft DirectPlay Packet Validation Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-06-08 John Lampe has discovered a vulnerability in Microsoft DirectPlay, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11802/ -- [SA11790] FoolProof Security Administrator Password Disclosure Weakness Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2004-06-08 Cyrillium Security has reported a weakness in FoolProof Security, which can be exploited by certain malicious users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/11790/ UNIX/Linux:-- [SA11804] Squid NTLM Authentication Helper Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-06-09 A vulnerability has been reported in Squid, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11804/ -- [SA11795] Sun Crypto Accelerator 4000 Software OpenSSL Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-06-07 Sun has acknowledged that the Sun Crypto Accelerator 4000 software is affected by some OpenSSL vulnerabilities. According to the vendor, these can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11795/ -- [SA11780] Sun Solaris update for sendmail Critical: Highly critical Where: From remote Impact: System access Released: 2004-06-07 Sun has acknowledged a vulnerability in sendmail for Solaris, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11780/ -- [SA11767] NetBSD update for CVS Critical: Highly critical Where: From remote Impact: System access Released: 2004-06-04 NetBSD has issued patches for cvs. These fix a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11767/ -- [SA11809] Gentoo update for mailman Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-06-09 Gentoo has issued an update for mailman. This fixes a vulnerability, which can be exploited by malicious people to retrieve members' passwords. Full Advisory: http://secunia.com/advisories/11809/ -- [SA11805] Horde IMP "Content-Type:" Header Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-06-09 A vulnerability has been discovered in Horde IMP, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/11805/ -- [SA11798] cPanel suEXEC Privilege Escalation Vulnerability Critical: Moderately critical Where: From remote Impact: Privilege escalation Released: 2004-06-09 Rob Brown has reported a vulnerability in cPanel, which can be exploited by malicious, authenticated users to execute arbitrary code with escalated privileges. Full Advisory: http://secunia.com/advisories/11798/ -- [SA11794] Webmin Unspecified Denial of Service and Security Restriction Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2004-06-07 Two vulnerabilities have been discovered in Webmin, which can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/11794/ -- [SA11789] Crafty Syntax Live Help Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-06-08 John C. Hennessy has reported two vulnerabilities in Crafty Syntax Live Help, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/11789/ -- [SA11788] l2tpd "write_packet()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-07 Thomas Walpuski has reported a vulnerability in l2tpd, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11788/ -- [SA11786] Gentoo update for sitecopy Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-07 Gentoo has issued an advisory for sitecopy. This describes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11786/ -- [SA11785] sitecopy Multiple libneon Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-07 It has been reported that sitecopy is affected by various libneon vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11785/ -- [SA11784] cPanel killacct Script Arbitrary DNS Information Deletion Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2004-06-07 verb0s has reported a vulnerability in cPanel, which can be exploited by malicious, authenticated, administrative users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/11784/ -- [SA11782] Debian update for postgresql Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-06-08 Debian has issued an update for postgresql. This fixes a vulnerability in the ODBC driver, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11782/ -- [SA11781] psqlodbc "PGAPI_Connect()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-06-08 delman has reported a vulnerability in psqlodbc, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11781/ -- [SA11779] Debian update for lha Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-07 Debian has issued an update for lha. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11779/ -- [SA11778] Open Webmail "Content-Type:" Header Script Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-06-05 A vulnerability has been discovered in Open WebMail, which can be exploited by malicious people to conduct script injection attacks. Full Advisory: http://secunia.com/advisories/11778/ -- [SA11777] Fedora update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-05 Fedora has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11777/ -- [SA11776] Gentoo update for ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-06-05 Gentoo has issued an update for ethereal. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11776/ -- [SA11771] Fedora update for ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-06-04 Fedora has issued an update for ethereal. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial-of-Service). Full Advisory: http://secunia.com/advisories/11771/ -- [SA11769] Debian update for log2mail Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-07 Debian has issued an update for log2mail. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11769/ -- [SA11768] log2mail "printlog()" Message Logging Format String Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-07 Jaguar has reported a vulnerability in log2mail, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11768/ -- [SA11765] Mandrake update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-04 MandrakeSoft has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11765/ -- [SA11759] Slackware update for mod_ssl Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-06-03 Slackware has issued an update for mod_ssl. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11759/ -- [SA11758] Debian update for gallery Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-06-03 Debian has issued an update for gallery. This fixes a vulnerability, which can be exploited by malicious people to bypass the user authentication. Full Advisory: http://secunia.com/advisories/11758/ -- [SA11797] FreeBSD Jailed Process Host Routing Table Manipulation Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass, Manipulation of data Released: 2004-06-08 Pawel Malachowski has discovered a vulnerability in FreeBSD, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/11797/ -- [SA11796] Mandrake update for tripwire Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-06-08 MandrakeSoft has issued an update for tripwire. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11796/ -- [SA11775] Gentoo update for tripwire Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-06-05 Gentoo has issued an update for tripwire. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11775/ -- [SA11763] Tripwire Email Reporting Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-06-05 Paul Herman has discovered a vulnerability in Tripwire, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11763/ -- [SA11760] Slackware PHP Insecure Static Library Linking Security Issue Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2004-06-03 Bryce Nichols has discovered a security issue in Slackware, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/11760/ -- [SA11770] Fedora update for net-tools Critical: Not critical Where: Local system Impact: DoS Released: 2004-06-04 Fedora has issued an update for net-tools. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11770/ Other:-- [SA11773] NetGear WG602 Wireless Access Point Default Account Security Issue Critical: Moderately critical Where: From local network Impact: System access Released: 2004-06-07 Tom Knienieder has reported a security issue in NetGear WG602 Wireless Access Point, which can be exploited by malicious people to gain access to an affected device. Full Advisory: http://secunia.com/advisories/11773/ -- [SA11764] Linksys BEF Series Routers Denial of Service Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS Released: 2004-06-05 b0f has reported two vulnerabilities in various Linksys BEF series routers, which can be exploited to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11764/ Cross Platform:-- [SA11774] Mail Manage EX Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-06-04 Jan van de Rijt has reported a vulnerability in Mail Manage EX, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11774/ -- [SA11801] Roundup Web Interface Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-06-09 Vickenty Fesunov has reported a vulnerability in Roundup, which can be exploited by malicious people to view the content of arbitrary files. Full Advisory: http://secunia.com/advisories/11801/ -- [SA11800] Crystal Reports and Crystal Enterprise Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, DoS Released: 2004-06-08 Imperva Application Defense Center has discovered a vulnerability in Crystal Reports Web Viewers, allowing malicious people to disclose the content of arbitrary files or delete these. Full Advisory: http://secunia.com/advisories/11800/ -- [SA11783] IBM Multiple Products GSKit Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-06-07 A vulnerability has been discovered in various IBM products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11783/ -- [SA11772] SurgeMail Path Disclosure and Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting, Exposure of system information Released: 2004-06-07 Donnie Werner has reported a vulnerability in SurgeMail, which can be exploited by malicious people to disclose certain system information or conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11772/ -- [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing Vulnerability Critical: Less critical Where: From remote Impact: Spoofing Released: 2004-06-03 GreyMagic has discovered a vulnerability in the Opera browser, which can be exploited by malicious people to fake (spoof) information displayed in various bars. Full Advisory: http://secunia.com/advisories/11762/ -- [SA11791] jCIFS Arbitrary Username Authentication Security Issue Critical: Less critical Where: From local network Impact: Security Bypass Released: 2004-06-09 A security issue has been discovered in jCIFS, which allows a malicious person to authenticate with an invalid username. Full Advisory: http://secunia.com/advisories/11791/ -- [SA11761] IBM Products Forms Authentication Session Hijacking Critical: Less critical Where: From local network Impact: Hijacking Released: 2004-06-04 A security issue has been discovered in multiple IBM products, which under some circumstances potentially can be exploited by malicious people to hijack an authenticated user's session. Full Advisory: http://secunia.com/advisories/11761/ -- [SA11766] PHP-Nuke Direct Script Access Restriction Bypass Weakness Critical: Not critical Where: From remote Impact: Security Bypass Released: 2004-06-04 Squid has reported a weakness in PHP-Nuke, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/11766/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Fri Jun 11 2004 - 03:50:47 PDT