[ISN] Secunia Weekly Summary - Issue: 2005-24

From: InfoSec News (isn@private)
Date: Thu Jun 16 2005 - 22:45:16 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-06-09 - 2005-06-16                        

                       This week : 73 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Microsoft has released security bulletins for June, correcting
vulnerabilities in various Microsoft products.

All users of Microsoft products are advised to check Windows Update for
available updates. Additional details about the vulnerabilities can be
found in referenced Secunia advisories.

Reference:
http://secunia.com/SA15606
http://secunia.com/SA15669
http://secunia.com/SA15683
http://secunia.com/SA15689
http://secunia.com/SA15690
http://secunia.com/SA15693
http://secunia.com/SA15694
http://secunia.com/SA15695
http://secunia.com/SA15696
http://secunia.com/SA15697

--

Two vulnerabilities have been reported in Java Web Start and Sun Java
Runtime Environment (JRE), which can be exploited by malicious people
to compromise a user's system.

More information and links to patches can be found in Secunia advisory
below.

Reference:
http://secunia.com/SA15671

--

Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.

Refer to Secunia advisory below for details.

Reference:
http://secunia.com/SA15481


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
2.  [SA15671] Java Web Start / Sun JRE Sandbox Security Bypass
              Vulnerability
3.  [SA11966] Internet Explorer Frame Injection Vulnerability
4.  [SA15606] Internet Explorer Two Vulnerabilities
5.  [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
              Vulnerability
6.  [SA11978] Multiple Browsers Frame Injection Vulnerability
7.  [SA15602] Camino Frame Injection Vulnerability
8.  [SA15659] Adobe License Management Service Vulnerability
9.  [SA15292] Mozilla Firefox Two Vulnerabilities
10. [SA15683] Microsoft Windows HTML Help Input Validation
              Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA15726] Bitrix Site Manager File Inclusion Vulnerability
[SA15683] Microsoft Windows HTML Help Input Validation Vulnerability
[SA15669] Microsoft Windows Step-by-Step Interactive Training
Vulnerability
[SA15697] Microsoft Outlook Web Access Script Insertion Vulnerability
[SA15696] Microsoft Windows Web Client Service Vulnerability
[SA15695] Microsoft Outlook Express News Reading Buffer Overflow
[SA15689] Microsoft Agent Trusted Internet Content Spoofing
Vulnerability
[SA15677] Novell iManager OpenSSL Denial of Service Vulnerability
[SA15676] Novell eDirectory MS-DOS Device Name Denial of Service
[SA15694] Microsoft Windows Server Message Block Vulnerability
[SA15659] Adobe License Management Service Vulnerability
[SA15711] Finjan SurfinGate URL Encoded URL Filtering Bypass
[SA15693] Microsoft ISA Server Two Vulnerabilities
[SA15673] Symantec pcAnywhere Privilege Escalation Vulnerability
[SA15690] Microsoft Telnet Client Information Disclosure Weakness

UNIX/Linux:
[SA15679] SUSE update for bzip2/gaim/pound
[SA15663] Pico Server Directory Traversal and Buffer Overflow
[SA15661] Gentoo update for libextractor
[SA15652] WebHints Shell Command Injection Vulnerability
[SA15651] libextractor Multiple Vulnerabilities
[SA15715] Avaya telnet Two Vulnerabilities
[SA15714] Avaya Multiple Ethereal Vulnerabilities
[SA15706] SUSE update for opera
[SA15692] Trustix update for multiple packages
[SA15680] Conectiva update for cvs
[SA15664] Gentoo update for ettercap
[SA15656] FreeBSD update for bind9
[SA15700] ViRobot Linux Server Cookie Overflow Vulnerability
[SA15685] Conectiva update for openslp
[SA15720] Mandriva update for tcpdump
[SA15719] Mandriva update for gedit
[SA15716] Avaya Products xloadimage Vulnerability
[SA15712] Avaya tcpdump Denial of Service Vulnerabilities
[SA15707] Red Hat update for squid
[SA15703] Mandriva update for rsh
[SA15699] Avaya Various Products PHP Vulnerabilities
[SA15691] Gentoo update for MediaWiki
[SA15688] Red Hat update for tcpdump
[SA15687] Red Hat update for squid
[SA15686] Red Hat update for gftp
[SA15684] Red Hat update for mikmod
[SA15682] Red Hat update for gzip
[SA15675] Red Hat update for sysreport
[SA15667] Gentoo update for gedit
[SA15662] Red Hat update for gedit
[SA15655] FreeBSD update for gzip
[SA15650] Fedora update for tcpdump
[SA15646] FreeBSD update for tcpdump
[SA15645] Ubuntu update for gedit
[SA15665] Gentoo update for lutelwall
[SA15647] LutelWall Insecure Temporary File Creation
[SA15713] Red Hat update for telnet
[SA15709] Kerberos V5 Telnet Client Information Disclosure Weakness
[SA15702] Mandriva update for gaim
[SA15701] Ubuntu update for gaim
[SA15681] Gentoo update for gaim
[SA15672] Slackware update for gaim
[SA15649] Ubuntu update for gaim
[SA15717] Avaya Various Products sharutils Vulnerabilities
[SA15668] Gentoo update for shtool/ocaml-mysql
[SA15666] ocaml-mysql Insecure Temporary File Creation

Other:


Cross Platform:
[SA15678] e107 eTrace Plugin Shell Command Injection Vulnerability
[SA15671] Java Web Start / Sun JRE Sandbox Security Bypass
Vulnerability
[SA15658] Ovidentia FX "babInstallPath" File Inclusion Vulnerability
[SA15657] Siteframe "LOCAL_PATH" File Inclusion Vulnerability
[SA15653] e107 ePing Plugin Shell Command Injection Vulnerability
[SA15710] Mambo "user_rating" SQL Injection Vulnerability
[SA15708] Annuaire 1Two Cross-Site Scripting and Script Insertion
[SA15660] Invision Gallery Two SQL Injection Vulnerabilities
[SA15670] osCommerce HTTP Response Splitting Vulnerabilities
[SA15654] Macromedia Products Privilege Escalation Vulnerability
[SA15698] Adobe Reader / Adobe Acrobat Local File Detection Weakness
[SA15648] gaim Two Denial of Service Weaknesses

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA15726] Bitrix Site Manager File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, System access
Released:    2005-06-16

D_BuG has discovered a vulnerability in Bitrix Site Manager, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15726/

 --

[SA15683] Microsoft Windows HTML Help Input Validation Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15683/

 --

[SA15669] Microsoft Windows Step-by-Step Interactive Training
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-14

iDEFENSE Labs has reported a vulnerability in Microsoft Windows, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15669/

 --

[SA15697] Microsoft Outlook Web Access Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-14

Gaël Delalleau has reported a vulnerability in Microsoft Exchange
Server, which can be exploited by malicious people to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/15697/

 --

[SA15696] Microsoft Windows Web Client Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2005-06-14

Mark Litchfield has reported a vulnerability in Microsoft Windows,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15696/

 --

[SA15695] Microsoft Outlook Express News Reading Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-06-14

A vulnerability has been reported in Microsoft Outlook Express, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15695/

 --

[SA15689] Microsoft Agent Trusted Internet Content Spoofing
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2005-06-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to spoof certain information and
potentially trick a user into installing a malicious program.

Full Advisory:
http://secunia.com/advisories/15689/

 --

[SA15677] Novell iManager OpenSSL Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-06-13

Dennis Rand has reported a vulnerability in Novell iManager, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15677/

 --

[SA15676] Novell eDirectory MS-DOS Device Name Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-06-13

Dennis Rand has reported a vulnerability in Novell eDirectory, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15676/

 --

[SA15694] Microsoft Windows Server Message Block Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-06-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15694/

 --

[SA15659] Adobe License Management Service Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-06-12

A vulnerability has been reported in some Adobe products, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15659/

 --

[SA15711] Finjan SurfinGate URL Encoded URL Filtering Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-06-15

Daniel Schroeter has reported a vulnerability in Finjan SurfinGate,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/15711/

 --

[SA15693] Microsoft ISA Server Two Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-06-14

Two vulnerabilities have been reported in Microsoft ISA Server 2000,
which can be exploited by malicious people to manipulate contents in
the web cache or bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/15693/

 --

[SA15673] Symantec pcAnywhere Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-12

A vulnerability has been reported in pcAnywhere, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15673/

 --

[SA15690] Microsoft Telnet Client Information Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-06-14

Gaël Delalleau has reported a weakness in Microsoft Windows, which can
be exploited by malicious people to gain knowledge of various
information.

Full Advisory:
http://secunia.com/advisories/15690/


UNIX/Linux:--

[SA15679] SUSE update for bzip2/gaim/pound

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-06-12

SUSE has issued updates for bzip2, gaim, and pound. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15679/

 --

[SA15663] Pico Server Directory Traversal and Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, System
access
Released:    2005-06-13

Raphaël Rigo has reported some vulnerabilities in Pico Server, which
can be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions and potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15663/

 --

[SA15661] Gentoo update for libextractor

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-10

Gentoo has issued an update for libextractor. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15661/

 --

[SA15652] WebHints Shell Command Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-13

blahplok has reported a vulnerability in WebHints, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15652/

 --

[SA15651] libextractor Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-10

A vulnerability has been reported in libextractor, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15651/

 --

[SA15715] Avaya telnet Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-06-15

Avaya has acknowledged two vulnerabilities in telnet, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15715/

 --

[SA15714] Avaya Multiple Ethereal Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-06-15

Avaya has acknowledged some vulnerabilities in Ethereal included in
some products, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15714/

 --

[SA15706] SUSE update for opera

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2005-06-16

SUSE has issued an update for opera. This fixes a security issue and a
vulnerability, which can be exploited by a malicious web site to spoof
the URL displayed in the address bar, SSL certificate, and status bar,
and by malicious people to trick users into executing malicious files.

Full Advisory:
http://secunia.com/advisories/15706/

 --

[SA15692] Trustix update for multiple packages

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2005-06-14

Trustix has issued various updated packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information, or by malicious people to
cause a DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15692/

 --

[SA15680] Conectiva update for cvs

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-06-13

Conectiva has issued an update for cvs. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15680/

 --

[SA15664] Gentoo update for ettercap

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-06-12

Gentoo has issued an update for ettercap. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/15664/

 --

[SA15656] FreeBSD update for bind9

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-06-10

FreeBSD has issued an update for bind9. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15656/

 --

[SA15700] ViRobot Linux Server Cookie Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-06-15

Kevin Finisterre has discovered a vulnerability in ViRobot Linux
Server, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15700/

 --

[SA15685] Conectiva update for openslp

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-06-13

Conectiva has issued an update for openslp. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15685/

 --

[SA15720] Mandriva update for tcpdump

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-16

Mandriva has issued an update for tcpdump. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15720/

 --

[SA15719] Mandriva update for gedit

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-16

Mandriva has issued an update for gedit. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/15719/

 --

[SA15716] Avaya Products xloadimage Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-15

Avaya has acknowledged a vulnerability in xloadimage, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15716/

 --

[SA15712] Avaya tcpdump Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-15

Avaya has acknowledged some vulnerabilities in tcpdump, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15712/

 --

[SA15707] Red Hat update for squid

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Spoofing, Exposure of sensitive
information, DoS
Released:    2005-06-15

Red Hat has issued an update for squid. This fixes a security issue and
two vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, spoof DNS lookups and cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/15707/

 --

[SA15703] Mandriva update for rsh

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-15

Mandriva has issued an update for rsh. This fixes a vulnerability,
which potentially can be exploited by malicious people to overwrite
arbitrary files on a user's system.

Full Advisory:
http://secunia.com/advisories/15703/

 --

[SA15699] Avaya Various Products PHP Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2005-06-15

Avaya has acknowledged some vulnerabilities in various products, which
can be exploited by malicious, local users to access files outside the
"open_basedir" root, and by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15699/

 --

[SA15691] Gentoo update for MediaWiki

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-14

Gentoo has issued an update for MediaWiki. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/15691/

 --

[SA15688] Red Hat update for tcpdump

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-14

Red Hat has issued an update for tcpdump. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15688/

 --

[SA15687] Red Hat update for squid

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS
Released:    2005-06-14

Red Hat has issued an update for squid. This fixes some
vulnerabilities, which can be exploited by malicious people to spoof
DNS lookups and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15687/

 --

[SA15686] Red Hat update for gftp

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-06-14

Red Hat has issued an update for gftp. This fixes a vulnerability,
which can be exploited by malicious people to conduct directory
traversal attacks.

Full Advisory:
http://secunia.com/advisories/15686/

 --

[SA15684] Red Hat update for mikmod

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-14

Red Hat has issued an update for mikmod. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15684/

 --

[SA15682] Red Hat update for gzip

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-06-14

Red Hat has issued an update for gzip. This fixes a vulnerability,
which potentially can be exploited by malicious people to extract files
to arbitrary directories on a user's system.

Full Advisory:
http://secunia.com/advisories/15682/

 --

[SA15675] Red Hat update for sysreport

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-06-14

Red Hat has issued an update for sysreport. This fixes a security
issue, which may disclose sensitive information to malicious people.

Full Advisory:
http://secunia.com/advisories/15675/

 --

[SA15667] Gentoo update for gedit

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-12

Gentoo has issued an update for gedit. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/15667/

 --

[SA15662] Red Hat update for gedit

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-14

Red Hat has issued an update for gedit. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/15662/

 --

[SA15655] FreeBSD update for gzip

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-10

FreeBSD has issued an update for gzip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/15655/

 --

[SA15650] Fedora update for tcpdump

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-10

Fedora has issued an update for tcpdump. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15650/

 --

[SA15646] FreeBSD update for tcpdump

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-10

FreeBSD has issued an update for tcpdump. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15646/

 --

[SA15645] Ubuntu update for gedit

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-10

Ubuntu has issued an update for gedit. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15645/

 --

[SA15665] Gentoo update for lutelwall

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-13

Gentoo has issued an update for lutelwall. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15665/

 --

[SA15647] LutelWall Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-13

Eric Romang has reported a vulnerability in LutelWall, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15647/

 --

[SA15713] Red Hat update for telnet

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-06-15

Red Hat has issued an update for telnet. This fixes a weakness, which
can be exploited by malicious people to gain knowledge of certain
system information.

Full Advisory:
http://secunia.com/advisories/15713/

 --

[SA15709] Kerberos V5 Telnet Client Information Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-06-15

Gaël Delalleau has reported a weakness in Kerberos V5, which can be
exploited by malicious people to gain knowledge of various
information.

Full Advisory:
http://secunia.com/advisories/15709/

 --

[SA15702] Mandriva update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-06-15

Mandriva has issued an update for gaim. This fixes two weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15702/

 --

[SA15701] Ubuntu update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-06-16

Ubuntu has issued an update for gaim. This fixes a weakness in the
processing of malformed MSN message, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15701/

 --

[SA15681] Gentoo update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-06-13

Gentoo has issued an update for gaim. This fixes two weaknesses, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15681/

 --

[SA15672] Slackware update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-06-14

Slackware has issued an update for gaim. This fixes two weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15672/

 --

[SA15649] Ubuntu update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-06-10

Ubuntu has issued an update for gaim. This fixes a weakness, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15649/

 --

[SA15717] Avaya Various Products sharutils Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-15

Avaya has acknowledged some vulnerabilities in sharutils included in
various products, which potentially can be exploited by malicious,
local users to conduct certain actions on a vulnerable system with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15717/

 --

[SA15668] Gentoo update for shtool/ocaml-mysql

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-13

Gentoo has issued updates for shtool and ocaml-mysql. These fix a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/15668/

 --

[SA15666] ocaml-mysql Insecure Temporary File Creation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-13

A vulnerability has been reported in ocaml-mysql, which potentially can
be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15666/


Other:


Cross Platform:--

[SA15678] e107 eTrace Plugin Shell Command Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-13

Oliver has reported a vulnerability in the eTrace plugin for e107,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/15678/

 --

[SA15671] Java Web Start / Sun JRE Sandbox Security Bypass
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-14

Two vulnerabilities have been reported in Java Web Start and Sun Java
Runtime Environment (JRE), which can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15671/

 --

[SA15658] Ovidentia FX "babInstallPath" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-10

Status-x has reported a vulnerability in Ovidentia FX, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15658/

 --

[SA15657] Siteframe "LOCAL_PATH" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-10

PRI[l has reported a vulnerability in Siteframe, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15657/

 --

[SA15653] e107 ePing Plugin Shell Command Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-10

m00fd1 has reported a vulnerability in the ePing plugin for e107, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15653/

 --

[SA15710] Mambo "user_rating" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-15

pokleyzz has reported a vulnerability in Mambo, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15710/

 --

[SA15708] Annuaire 1Two Cross-Site Scripting and Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-15

Sylvain Thual has reported some vulnerabilities in Annuaire 1Two, which
can be exploited by malicious people to conduct cross-site scripting and
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/15708/

 --

[SA15660] Invision Gallery Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-10

James Bercegay has reported two vulnerabilities in Invision Gallery,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15660/

 --

[SA15670] osCommerce HTTP Response Splitting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-13

James Bercegay has reported some vulnerabilities in osCommerce, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/15670/

 --

[SA15654] Macromedia Products Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-10

A vulnerability has been reported in various Macromedia products, which
potentially can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/15654/

 --

[SA15698] Adobe Reader / Adobe Acrobat Local File Detection Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-06-15

A weakness has been reported in Adobe Reader and Adobe Acrobat, which
can be exploited by malicious people to gain knowledge of certain
system information.

Full Advisory:
http://secunia.com/advisories/15698/

 --

[SA15648] gaim Two Denial of Service Weaknesses

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-06-10

Two weaknesses have been reported in gaim, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15648/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Thu Jun 16 2005 - 22:58:40 PDT