[ISN] Secunia Weekly Summary - Issue: 2004-37

From: InfoSec News (isn@private)
Date: Thu Sep 09 2004 - 03:40:58 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2004-09-02 - 2004-09-09                        

                       This week : 58 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Secunia has implemented new features at Secunia.com


SECUNIA ADVISORIES NOW INCLUDE "Solution Status":
In addition to the extensive information Secunia advisories already
include, Secunia has added a new parameter: "Solution Status". This
simply means that all Secunia advisories, including older advisories,
now include the current "Solution Status" of a advisory, i.e. if the
vendor has released a patch or not.


IMPROVED PRODUCT PAGES:
The improved product pages now include a detailed listing of all
Secunia advisories affecting each product. The listings include a clear
indication of the "Solution Status" each advisory has ("Unpatched",
"Vendor patch", "Vendor workaround", or "Partial fix"). View the
following for examples:

Opera 7:
http://secunia.com/product/761/

Internet Explorer 6:
http://secunia.com/product/11/

Mozilla Firefox:
http://secunia.com/product/3256/


EXTRA STATISTICS:
Each product page also includes a new pie graph, displaying the
"Solution Status" for all Secunia advisories affecting each product in
a given period. View the following for an example:

Internet Explorer 6:
http://secunia.com/product/11/#statistics_solution


FEEDBACK SYSTEM:
To make it easier to provide feedback to the Secunia staff, we have
made an online feedback form. Enter your inquiry and it will
immediately be sent to the appropriate Secunia department.

Ideas, suggestions, and other feedback is most welcome

Secunia Feedback Form:
http://secunia.com/contact_form/


========================================================================
2) This Week in Brief:


ADVISORIES:

WinZIP released a new version of their very popular packaging program
for Windows, which according to the vendor addresses some buffer
overflow vulnerabilities and a vulnerability, which is caused due to
insufficient command line validation.

According to the vendor, all vulnerabilities were discovered during
internal review and testing.

An updated version is available at the WinZIP website.

Reference:
http://secunia.com/SA12430

--

Apple has issued a security update for the Mac OS X, which fixes 15
vulnerabilities.

A detailed list can be found in the Secunia advisory below.

Reference:
http://secunia.com/SA12491

--

The Altnet Download Manager is vulnerable to a buffer overflow in an
included ActiveX Control, which can be exploited by malicious people
to execute arbitrary code on a vulnerable system.

What makes this even more critical is that this ActiveX Control, also
is shipped with file sharing programs such as Kazaa and Grokster. Most
users of these products are not aware that they need to download a
patch from Altnet in order to address this problem.

Users, who have Kazaa or Grokster installed, should visit Altnet and
download the available patch as soon as possible.

Reference:
http://secunia.com/SA12446


VIRUS ALERTS:

Secunia has not issued any virus alerts during the last week.


========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA12430] Winzip Unspecified Multiple Buffer Overflow
              Vulnerabilities
2.  [SA12321] Microsoft Internet Explorer Drag and Drop Vulnerability
3.  [SA12304] Internet Explorer Address Bar Spoofing Vulnerability
4.  [SA12381] Winamp Skin File Arbitrary Code Execution Vulnerability
5.  [SA12455] Kazaa Altnet Download Manager Buffer Overflow
              Vulnerability
6.  [SA12446] Altnet Download Manager Buffer Overflow Vulnerability
7.  [SA12409] Oracle Products Multiple Vulnerabilities
8.  [SA12198] AOL Instant Messenger "Away" Message Buffer Overflow
              Vulnerability
9.  [SA11978] Multiple Browsers Frame Injection Vulnerability
10. [SA12408] Kerberos V5 Multiple Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA12456] Grokster Altnet Download Manager Buffer Overflow
Vulnerability
[SA12455] Kazaa Altnet Download Manager Buffer Overflow Vulnerability
[SA12446] Altnet Download Manager Buffer Overflow Vulnerability
[SA12487] Trillian MSN Module Buffer Overflow Vulnerability
[SA12453] IMail Multiple Denial of Service Vulnerabilities
[SA12460] eZ / eZphotoshare Multiple Connection Denial of Service
Vulnerability
[SA12468] Kerio Personal Firewall Program Execution Protection Feature
Bypass

UNIX/Linux:
[SA12496] Gentoo update for LHA
[SA12494] Fedora update for LHA
[SA12489] Gentoo update for ImageMagick/imlib/imlib2
[SA12488] Usermin Shell Command Injection and Insecure Installation
Vulnerabilities
[SA12483] Mandrake update for imlib/imlib2
[SA12480] Red Hat update for gaim
[SA12479] ImageMagick BMP Image Decoding Buffer Overflow Vulnerability
[SA12478] mpg123 Mpeg Layer-2 Audio Decoder Buffer Overflow
Vulnerability
[SA12475] Red Hat update for mod_ssl
[SA12457] Gentoo update for krb5
[SA12445] gnubiff POP3 Buffer Overflow and Denial of Service
Vulnerabilities
[SA12437] Red Hat update for LHA
[SA12495] Fedora update for kdelibs / kdebase
[SA12491] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA12473] OpenCA Web Frontend Script Insertion Vulnerability
[SA12465] Slackware update for KDE
[SA12459] Gentoo update for xv
[SA12458] Mailworks User Authentication Bypass Vulnerability
[SA12452] Gentoo update for Python
[SA12449] Gentoo update for eGroupWare
[SA12448] Gentoo update for Squid
[SA12447] SuSE update for zlib
[SA12442] Gentoo update for vpopmail
[SA12441] vpopmail SQL Injection Vulnerabilities
[SA12454] Fedora update for samba
[SA12474] SUSE update for apache2
[SA12451] Gentoo update for Gallery
[SA12443] Red Hat update for httpd
[SA12499] Gentoo update for samba
[SA12485] Gentoo update for star
[SA12484] Star Unspecified Privilege Escalation Vulnerability
[SA12482] Mandrake update for cdrecord
[SA12481] cdrecord Privilege Escalation Vulnerability
[SA12476] Net-Acct Insecure Temporary File Creation Vulnerability
[SA12462] Gentoo update for Ruby
[SA12440] bsdmainutils calender Utility File Content Disclosure
Vulnerability
[SA12470] Sun Solaris in.named Dynamic Update Denial of Service
Vulnerability
[SA12477] Gentoo multi-gnome-terminal Potential Exposure of Sensitive
Information

Other:
[SA12461] Dynalink RTA230 Default Username and Password
[SA12471] StorageTek D280 Disk System Denial of Service Vulnerability
[SA12469] IBM TotalStorage DS4100 Denial of Service Vulnerability
[SA12464] Engenio Storage Controllers Denial of Service Vulnerability
[SA12450] NetScreen-IDP scp Directory Traversal Vulnerability
[SA12472] Brocade SilkWorm Switches Denial of Service Vulnerability

Cross Platform:
[SA12467] Tutti Nova Unspecified Vulnerabilities
[SA12444] Squid NTLM Authentication Denial of Service Vulnerability
[SA12439] TorrentTrader "id" SQL Injection Vulnerability
[SA12438] phpWebSite Cross-Site Scripting and Script Insertion
Vulnerabilities
[SA12466] phpGroupWare Unspecified Cross-Site Scripting Vulnerability
[SA12486] Emdros Create/Update Object Type Denial of Service
Vulnerability
[SA12463] Cosminexus Portal Framework Unspecified Cached Content
Replacement

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA12456] Grokster Altnet Download Manager Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-03

CelebrityHacker has reported a vulnerability in the Altnet Download
Manager included in Grokster, which can be exploited by malicious
people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12456/

 --

[SA12455] Kazaa Altnet Download Manager Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-03

CelebrityHacker has reported a vulnerability in the Altnet Download
Manager included in Kazaa, which can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12455/

 --

[SA12446] Altnet Download Manager Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-03

CelebrityHacker has discovered a vulnerability in Altnet Download
Manager, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12446/

 --

[SA12487] Trillian MSN Module Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-09-08

Komrade has reported a vulnerability in Trillian, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12487/

 --

[SA12453] IMail Multiple Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-03

Various vulnerabilities have been reported in IMail, which potentially
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12453/

 --

[SA12460] eZ / eZphotoshare Multiple Connection Denial of Service
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-06

Dr_insane has reported a vulnerability in eZ and eZphotoshare, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12460/

 --

[SA12468] Kerio Personal Firewall Program Execution Protection Feature
Bypass

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2004-09-06

Tan Chew Keong has reported a vulnerability in Kerio Personal Firewall,
which can be exploited certain malicious processes to bypass certain
security features provided by the product.

Full Advisory:
http://secunia.com/advisories/12468/


UNIX/Linux:--

[SA12496] Gentoo update for LHA

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-09

Gentoo has issued an update for LHA. This fixes some vulnerabilities,
which can be exploited to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12496/

 --

[SA12494] Fedora update for LHA

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-09

Fedora has issued an update for LHA. This fixes some vulnerabilities,
which can be exploited to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12494/

 --

[SA12489] Gentoo update for ImageMagick/imlib/imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-08

Gentoo has issued updates for ImageMagick, imlib, and imlib2. These fix
a vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12489/

 --

[SA12488] Usermin Shell Command Injection and Insecure Installation
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, System access
Released:    2004-09-08

Two vulnerabilities have been reported in Usermin, where the most
critical can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/12488/

 --

[SA12483] Mandrake update for imlib/imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-08

MandrakeSoft has issued updates for imlib and imlib2. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12483/

 --

[SA12480] Red Hat update for gaim

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2004-09-07

Red Hat has issued an update for gaim. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12480/

 --

[SA12479] ImageMagick BMP Image Decoding Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-08

A vulnerability has been reported in ImageMagick, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12479/

 --

[SA12478] mpg123 Mpeg Layer-2 Audio Decoder Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-08

Davide Del Vecchio has reported a vulnerability in mpg123, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12478/

 --

[SA12475] Red Hat update for mod_ssl

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-07

Red Hat has issued an update for mod_ssl. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12475/

 --

[SA12457] Gentoo update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2004-09-06

Gentoo has issued an update for krb5. This fixes multiple
vulnerabilities, where the most critical potentially can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12457/

 --

[SA12445] gnubiff POP3 Buffer Overflow and Denial of Service
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-06

Two vulnerabilities have been reported in gnubiff, which potentially
can be exploited to cause a DoS (Denial of Service) or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/12445/

 --

[SA12437] Red Hat update for LHA

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-02

Red Hat has issued an update for LHA. This fixes some vulnerabilities,
which can be exploited to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12437/

 --

[SA12495] Fedora update for kdelibs / kdebase

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Spoofing, Privilege escalation
Released:    2004-09-09

Fedora has issued updates for kdelibs and kdebase. These fix multiple
vulnerabilities, which can be exploited to perform certain actions on a
vulnerable system with escalated privileges, spoof the content of
websites, or hijack sessions.

Full Advisory:
http://secunia.com/advisories/12495/

 --

[SA12491] Mac OS X Security Update Fixes Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released:    2004-09-08

Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/12491/

 --

[SA12473] OpenCA Web Frontend Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-08

A vulnerability has been reported in OpenCA, which can be exploited by
malicous people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/12473/

 --

[SA12465] Slackware update for KDE

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, Spoofing, Hijacking
Released:    2004-09-06

Slackware has issued updates for kdelibs and kdebase. These fix
multiple vulnerabilities, which can be exploited to perform certain
actions on a vulnerable system with escalated privileges, spoof the
content of websites, or hijack sessions.

Full Advisory:
http://secunia.com/advisories/12465/

 --

[SA12459] Gentoo update for xv

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-09-06

Gentoo has issued an update for xv. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12459/

 --

[SA12458] Mailworks User Authentication Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-09-06

Paul Craig has reported a vulnerability in Mailworks, which can be
exploited by malicious people to bypass the user authentication.

Full Advisory:
http://secunia.com/advisories/12458/

 --

[SA12452] Gentoo update for Python

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-09-03

Gentoo has issued an update for Python. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/12452/

 --

[SA12449] Gentoo update for eGroupWare

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-03

Gentoo has issued an update for eGroupWare. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/12449/

 --

[SA12448] Gentoo update for Squid

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-03

Gentoo has issued an update for Squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12448/

 --

[SA12447] SuSE update for zlib

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-03

SuSE has issued an update for zlib. This fixes a vulnerability, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/12447/

 --

[SA12442] Gentoo update for vpopmail

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information, Privilege escalation
Released:    2004-09-03

Gentoo has issued an update for vpopmail. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/12442/

 --

[SA12441] vpopmail SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information, Privilege escalation
Released:    2004-09-03

Some vulnerabilities have been reported in vpopmail, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/12441/

 --

[SA12454] Fedora update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-09-03

Fedora has issued an update for samba. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to compromise a
vulnerability system.

Full Advisory:
http://secunia.com/advisories/12454/

 --

[SA12474] SUSE update for apache2

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-09-07

SUSE has issued an update for apache2. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12474/

 --

[SA12451] Gentoo update for Gallery

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2004-09-03

Gentoo has issued an update for Gallery. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/12451/

 --

[SA12443] Red Hat update for httpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-09-02

Red Hat has issued an update for httpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12443/

 --

[SA12499] Gentoo update for samba

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-09

Gentoo has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12499/

 --

[SA12485] Gentoo update for star

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-08

Gentoo has issued an update for star. This fixes a vulnerability, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12485/

 --

[SA12484] Star Unspecified Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-08

An unspecified vulnerability has been reported in star, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/12484/

 --

[SA12482] Mandrake update for cdrecord

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-08

MandrakeSoft has issued an update for cdrecord. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/12482/

 --

[SA12481] cdrecord Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-08

Max Vozeler has reported a vulnerability in cdrecord, which potentially
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12481/

 --

[SA12476] Net-Acct Insecure Temporary File Creation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-07

Stefan Nordhausen has discovered a vulnerability in net-acct, which can
be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/12476/

 --

[SA12462] Gentoo update for Ruby

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2004-09-06

Gentoo has issued an update for ruby. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain knowledge
of sensitive information.

Full Advisory:
http://secunia.com/advisories/12462/

 --

[SA12440] bsdmainutils calender Utility File Content Disclosure
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2004-09-03

Steven Van Acker has reported a vulnerability in bsdmainutils, which
potentially can be exploited by malicious, local users to gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/12440/

 --

[SA12470] Sun Solaris in.named Dynamic Update Denial of Service
Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2004-09-06

A vulnerability has been reported in Sun Solaris, which can be
exploited by certain malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12470/

 --

[SA12477] Gentoo multi-gnome-terminal Potential Exposure of Sensitive
Information

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2004-09-07

Gentoo has issued an update for multi-gnome-terminal. This fixes a
potential security issue, which may expose sensitive information.

Full Advisory:
http://secunia.com/advisories/12477/


Other:--

[SA12461] Dynalink RTA230 Default Username and Password

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-09-06

fabio has reported a security issue in Dynalink RTA230, which can be
exploited by malicious people to gain control of a vulnerable device.

Full Advisory:
http://secunia.com/advisories/12461/

 --

[SA12471] StorageTek D280 Disk System Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS
Released:    2004-09-07

Frank Denis has reported a vulnerability in StorageTek D280 Disk
System, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/12471/

 --

[SA12469] IBM TotalStorage DS4100 Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS
Released:    2004-09-07

Frank Denis has reported a vulnerability in IBM TotalStorage DS4100
(formerly FAStT100), which can be exploited by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12469/

 --

[SA12464] Engenio Storage Controllers Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS
Released:    2004-09-07

Frank Denis has reported a vulnerability in Engenio Storage
Controllers, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/12464/

 --

[SA12450] NetScreen-IDP scp Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2004-09-03

Juniper Networks has acknowledged an older vulnerability in OpenSSH for
Netscreen-IDP, which potentially can be exploited by malicious people to
overwrite arbitrary files on a vulnerable device.

Full Advisory:
http://secunia.com/advisories/12450/

 --

[SA12472] Brocade SilkWorm Switches Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-07

Frank Denis has reported a vulnerability in Brocade SilkWork Switches,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12472/


Cross Platform:--

[SA12467] Tutti Nova Unspecified Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown
Released:    2004-09-06

Various unspecified vulnerabilities with an unknown impact have been
reported in Tutti Nova.

Full Advisory:
http://secunia.com/advisories/12467/

 --

[SA12444] Squid NTLM Authentication Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-03

Marco Ortisi has reported a vulnerability in Squid, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12444/

 --

[SA12439] TorrentTrader "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, Manipulation of data
Released:    2004-09-02

aCiDBiTS has reported a vulnerability in TorrentTrader, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/12439/

 --

[SA12438] phpWebSite Cross-Site Scripting and Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2004-09-03

James Bercegay has reported some vulnerabilities in phpWebSite,
allowing malicious people to conduct cross-site scripting and script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/12438/

 --

[SA12466] phpGroupWare Unspecified Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-06

An unspecified vulnerability has been reported in phpGroupWare, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/12466/

 --

[SA12486] Emdros Create/Update Object Type Denial of Service
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-08

A vulnerability has been reported in Emdros, which can be exploited by
malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12486/

 --

[SA12463] Cosminexus Portal Framework Unspecified Cached Content
Replacement

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2004-09-07

A vulnerability has been reported in Cosminexus Portal Framework, which
potentially can be exploited by malicious users to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/12463/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

========================================================================



_________________________________________
Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html



This archive was generated by hypermail 2.1.3 : Thu Sep 09 2004 - 05:08:43 PDT