======================================================================== The Secunia Weekly Advisory Summary 2004-06-24 - 2004-07-01 This week : 42 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: New Features at Secunia.com Secunia has implemented various statistical features at the websites for both Secunia advisories and Virus Information. Secunia Advisories Statistics: http://secunia.com/advisory_statistics/ Examples of Specific Product Statistics: http://secunia.com/product/11/ (Internet Explorer 6) http://secunia.com/product/761/ (Opera 7.x) http://secunia.com/product/1480/ (Mozilla 1.3) Secunia Virus Information Statistics: http://secunia.com/virus_statistics/ Furthermore, Secunia has made it possible for you to include all graphs available at secunia.com on your own website. This is described in detail at: http://secunia.com/secunia_image_inclusion/ ======================================================================== 2) This Week in Brief: ADVISORIES: Multiple browser have been proven vulnerable to a 6 year old vulnerability, which can be exploited by malicious people to inject information into other sites' frameset. The vulnerability was first reported (and corrected) in Internet Explorer 3 and 4 back in 1998. However, during the past week Internet Explorer 6.0 was proven vulnerable to this issue again. After this information surfaced, several other people reported to Secunia that many other browsers also are affected by this. Secunia has therefore constructed a test for this issue, allowing you to check your own browser. A link for the test can be found in the Secunia advisories below. Reference: http://secunia.com/SA11966 http://secunia.com/SA11978 VIRUS ALERTS: During the last week, Secunia issued two MEDIUM RISK virus alerts. Please refer to the grouped virus profile below for more information: Bagle.x!proxy - MEDIUM RISK Virus Alert - 2004-07-01 05:35 GMT+1 http://secunia.com/virus_information/8675/bagle.xproxy/ Korgo.T - MEDIUM RISK Virus Alert - 2004-06-27 14:46 GMT+1 http://secunia.com/virus_information/10230/korgo.t/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA11793] Internet Explorer Local Resource Access and Cross-Zone Scripting Vulnerabilities 2. [SA11900] Unreal Engine "secure" Query Buffer Overflow Vulnerability 3. [SA11966] Internet Explorer Frame Injection Vulnerability 4. [SA11956] Apache Input Header Folding Denial of Service Vulnerability 5. [SA11925] Lotus Domino/Notes Cross-Site Scripting and Arbitrary Code Execution 6. [SA11072] IBM Access Support ActiveX Controls Various Insecure Methods 7. [SA11830] Internet Explorer Security Zone Bypass and Address Bar Spoofing Vulnerability 8. [SA11928] php-exec-dir Command Execution Bypass Vulnerability 9. [SA11622] Mac OS X URI Handler Arbitrary Code Execution 10. [SA10395] Internet Explorer URL Spoofing Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA11966] Internet Explorer Frame Injection Vulnerability [SA11951] Cart32 "GetLatestBuilds" Cross-Site Scripting Vulnerability UNIX/Linux: [SA11971] HP-UX Netscape Multiple Vulnerabilities [SA11968] Mandrake update for apache [SA11946] Debian update for apache [SA11945] MPlayer GUI Filename Handling Buffer Overflow Vulnerability [SA11976] Gentoo update for pavuk [SA11975] Pavuk HTTP "Location:" Header Processing Buffer Overflow Vulnerability [SA11973] Gentoo update for krb5 [SA11962] Fedora update for ipsec-tools [SA11954] artmedic links "id" Parameter Arbitrary File Reading Vulnerability [SA11953] Confixx "/root" Directory Information Disclosure Vulnerability [SA11949] Gentoo update for freeswan/openswan/strongswan [SA11948] Various Products X.509 Certificate Validation Vulnerability [SA11969] HP-UX Object Action Manager WebAdmin Vulnerability [SA11967] Mandrake update for apache2 [SA11942] Gentoo update for gift-fasttrack [SA11941] giFT-FastTrack Unspecified Denial of Service Vulnerability [SA11937] vBulletin "newreply.php" Cross-Site Scripting Vulnerability [SA11955] HP Tru64 UNIX DCE RPC Buffer Overflow Vulnerability [SA11939] Gentoo update for gzip [SA11938] Fedora update for kernel [SA11936] Red Hat Linux Broadcom 5820 Cryptonet Driver Integer Overflow [SA11935] Sun StorEdge ESM Unspecified Privilege Escalation Vulnerability [SA11977] popclient "POP3_readmsg()" Off-By-One Buffer Overflow Vulnerability [SA11970] HP-UX ARPA Transport Unspecified Denial of Service Vulnerability [SA11940] Sun Solaris Kerberos Client Clear Text Password Logging Other: [SA11950] Juniper JUNOS Packet Forwarding Engine IPv6 Denial of Service [SA11963] D-Link DI-614+ DHCP Request Flooding Denial of Service [SA11961] D-Link DI-614+ DHCP Service "LEASETIME" Option Denial of Service Cross Platform: [SA11957] IBM HTTP Server mod_proxy "Content-Length:" Header Buffer Overflow [SA11978] Multiple Browsers Frame Injection Vulnerability [SA11974] phpMyAdmin Configuration Manipulation and Code Injection [SA11960] PowerPortal Multiple Vulnerabilities [SA11959] BEA WebLogic Role Interpretation Security Issue [SA11958] BEA WebLogic Crystal Reports Web Viewer Directory Traversal Vulnerability [SA11952] Help Desk Pro Login Validation SQL Injection Vulnerability [SA11947] Infinity WEB Login Validation SQL Injection Vulnerability [SA11944] phpmyfamily User Authentication Bypass Vulnerability [SA11964] CuteNews "id" Parameter Cross Site Scripting Vulnerabilities [SA11956] Apache Input Header Folding Denial of Service Vulnerability [SA11965] csFAQ "database" Parameter Path Disclosure ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA11966] Internet Explorer Frame Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2004-06-30 Mark Laurence has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites. Full Advisory: http://secunia.com/advisories/11966/ -- [SA11951] Cart32 "GetLatestBuilds" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-06-29 Dr Ponidi has reported a vulnerability in Cart32, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11951/ UNIX/Linux:-- [SA11971] HP-UX Netscape Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2004-06-30 HP has acknowledged multiple vulnerabilities in Netscape for HP-UX, which potentially can be exploited by malicious people to cause a DoS (Denial of Service), gain knowledge of sensitive information, or compromise a user's system. Full Advisory: http://secunia.com/advisories/11971/ -- [SA11968] Mandrake update for apache Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-06-30 MandrakeSoft has issued an update for apache. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11968/ -- [SA11946] Debian update for apache Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-06-28 Debian has issued an update for apache. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11946/ -- [SA11945] MPlayer GUI Filename Handling Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-06-29 c0ntex has reported a vulnerability in MPlayer, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/11945/ -- [SA11976] Gentoo update for pavuk Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-30 Gentoo has issued an update for pavuk. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11976/ -- [SA11975] Pavuk HTTP "Location:" Header Processing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-30 A vulnerability has been reported in Pavuk, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11975/ -- [SA11973] Gentoo update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-06-30 Gentoo has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11973/ -- [SA11962] Fedora update for ipsec-tools Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-06-29 Fedora has issued an update for ipsec-tools. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/11962/ -- [SA11954] artmedic links "id" Parameter Arbitrary File Reading Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-06-28 Adam Simuntis has reported a vulnerability in artmedic links, allowing malicious people to disclose the content of arbitrary files. Full Advisory: http://secunia.com/advisories/11954/ -- [SA11953] Confixx "/root" Directory Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-06-28 Dirk Pirschel has reported a vulnerability in Confixx, which potentially can be exploited by malicious users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/11953/ -- [SA11949] Gentoo update for freeswan/openswan/strongswan Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2004-06-28 Gentoo has issued updates for freeswan/openswan/strongswan. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/11949/ -- [SA11948] Various Products X.509 Certificate Validation Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2004-06-28 Thomas Walpuski has reported a vulnerability in strongSwan, Openswan, and FreeS/WAN, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/11948/ -- [SA11969] HP-UX Object Action Manager WebAdmin Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2004-06-30 HP has acknowledged a vulnerability in HP-UX, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11969/ -- [SA11967] Mandrake update for apache2 Critical: Less critical Where: From remote Impact: DoS Released: 2004-06-30 MandrakeSoft has issued an update for apache2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11967/ -- [SA11942] Gentoo update for gift-fasttrack Critical: Less critical Where: From remote Impact: DoS Released: 2004-06-25 Gentoo has issued an update for gift-fasttrack. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11942/ -- [SA11941] giFT-FastTrack Unspecified Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-06-25 Alan Fitton has discovered a vulnerability in giFT-FastTrack, allowing malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11941/ -- [SA11937] vBulletin "newreply.php" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-06-25 Cheng Peng Su has reported a vulnerability in vBulletin, allowing malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11937/ -- [SA11955] HP Tru64 UNIX DCE RPC Buffer Overflow Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-06-28 A vulnerability has been reported in DCE/DFS for Tru64 UNIX, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11955/ -- [SA11939] Gentoo update for gzip Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-06-25 Gentoo has issued an update for gzip. This fixes two vulnerabilities, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/11939/ -- [SA11938] Fedora update for kernel Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2004-06-25 Fedora as issued an update for the kernel. This fixes various vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), gain knowledge of sensitive information, or gain escalated privileges. Full Advisory: http://secunia.com/advisories/11938/ -- [SA11936] Red Hat Linux Broadcom 5820 Cryptonet Driver Integer Overflow Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2004-06-24 infamous41md has reported a vulnerability in the Broadcom 5820 Cryptonet driver included with Red Hat Linux. This can potentially be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. Full Advisory: http://secunia.com/advisories/11936/ -- [SA11935] Sun StorEdge ESM Unspecified Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-06-24 An unspecified vulnerability has been discovered in Sun StorEdge Enterprise Storage Manager, which can be exploited by malicious, local users to gain root privileges. Full Advisory: http://secunia.com/advisories/11935/ -- [SA11977] popclient "POP3_readmsg()" Off-By-One Buffer Overflow Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2004-06-30 A vulnerability has been reported in popclient, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11977/ -- [SA11970] HP-UX ARPA Transport Unspecified Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2004-06-30 A vulnerability has been discovered in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11970/ -- [SA11940] Sun Solaris Kerberos Client Clear Text Password Logging Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2004-06-25 A security issue has been discovered in Sun Solaris, which may disclose sensitive information to users. Full Advisory: http://secunia.com/advisories/11940/ Other:-- [SA11950] Juniper JUNOS Packet Forwarding Engine IPv6 Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-06-30 A vulnerability has been discovered in Juniper JUNOS, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11950/ -- [SA11963] D-Link DI-614+ DHCP Request Flooding Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2004-06-29 Gregory Duchemin has reported a vulnerability in D-Link 614+, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11963/ -- [SA11961] D-Link DI-614+ DHCP Service "LEASETIME" Option Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2004-06-30 Gregory Duchemin has reported a vulnerability in D-Link DI-614+, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11961/ Cross Platform:-- [SA11957] IBM HTTP Server mod_proxy "Content-Length:" Header Buffer Overflow Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-06-29 IBM has acknowledged a vulnerability in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/11957/ -- [SA11978] Multiple Browsers Frame Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2004-07-01 A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites. Full Advisory: http://secunia.com/advisories/11978/ -- [SA11974] phpMyAdmin Configuration Manipulation and Code Injection Critical: Moderately critical Where: From remote Impact: Security Bypass, System access Released: 2004-06-30 Nasir Simbolon has reported two vulnerabilities in phpMyAdmin, allowing malicious people to manipulate certain configuration settings and inject arbitrary code. Full Advisory: http://secunia.com/advisories/11974/ -- [SA11960] PowerPortal Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2004-06-29 DarkBicho has reported some vulnerabilities in PowerPortal, potentially allowing malicious people to reveal sensitive information and conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11960/ -- [SA11959] BEA WebLogic Role Interpretation Security Issue Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-06-29 A security issue has been discovered in BEA WebLogic, potentially allowing unauthorised users to access affected web applications. Full Advisory: http://secunia.com/advisories/11959/ -- [SA11958] BEA WebLogic Crystal Reports Web Viewer Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, Exposure of sensitive information, Exposure of system information Released: 2004-06-29 A vulnerability has been discovered in BEA WebLogic, allowing malicious people to disclose the content of arbitrary files or delete these. Full Advisory: http://secunia.com/advisories/11958/ -- [SA11952] Help Desk Pro Login Validation SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-06-28 D'Amato Luigi has reported a vulnerability in Help Desk Pro, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/11952/ -- [SA11947] Infinity WEB Login Validation SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-06-28 D'Amato Luigi has reported a vulnerability in Infinity WEB, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/11947/ -- [SA11944] phpmyfamily User Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-06-28 Valerie Holfield has discovered a vulnerability in phpmyfamily, which can be exploited by malicious people to gain edit privileges. Full Advisory: http://secunia.com/advisories/11944/ -- [SA11964] CuteNews "id" Parameter Cross Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-06-29 DarkBicho has reported some vulnerabilities in CuteNews, potentially allowing malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/11964/ -- [SA11956] Apache Input Header Folding Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-06-28 Georgi Guninski has reported a vulnerability in Apache httpd, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/11956/ -- [SA11965] csFAQ "database" Parameter Path Disclosure Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2004-06-30 DarkBicho has reported a weakness in csFAQ, allowing malicious people to see the installation path. Full Advisory: http://secunia.com/advisories/11965/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2b30 : Fri Jul 02 2004 - 06:31:11 PDT