[ISN] Secunia Weekly Summary - Issue: 2005-25

From: InfoSec News (isn@private)
Date: Thu Jun 23 2005 - 22:23:48 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-06-16 - 2005-06-23                        

                       This week : 45 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Multiple browsers are vulnerable to the "Dialog Origin"
vulnerability, which can be exploited by malicious people to spoof
JavaScript Dialog boxes.

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/

For more information about this issue, please refer to the Secunia
advisories below.

Reference:
http://secunia.com/SA15492
http://secunia.com/SA15491
http://secunia.com/SA15488
http://secunia.com/SA15474
http://secunia.com/SA15477
http://secunia.com/SA15489

--

Secunia Research has discovered multiple vulnerabilities in Opera,
which can be exploited by malicious people to conduct cross-site
scripting attacks and to bypass certain security restrictions.

Additionally, Secunia Research discovered a variant of the "Window
Injection" vulnerability.

More information can be found in the referenced Secunia advisories
below.

Reference:
http://secunia.com/SA15008
http://secunia.com/SA15411
http://secunia.com/SA15423
http://secunia.com/SA13253


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA15489] Mozilla / Firefox / Camino Dialog Origin Spoofing
              Vulnerability
2.  [SA15491] Microsoft Internet Explorer Dialog Origin Spoofing
              Vulnerability
3.  [SA15411] Opera "javascript:" URL Cross-Site Scripting
              Vulnerability
4.  [SA15606] Internet Explorer Two Vulnerabilities
5.  [SA15671] Java Web Start / Sun JRE Sandbox Security Bypass
              Vulnerability
6.  [SA15474] Safari Dialog Origin Spoofing Vulnerability
7.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
8.  [SA15488] Opera Dialog Origin Spoofing Vulnerability
9.  [SA15492] Internet Explorer for Mac Dialog Origin Spoofing
              Vulnerability
10. [SA15008] Opera XMLHttpRequest Security Bypass

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA15762] Fortibus CMS "username" and "ID" SQL Injection
Vulnerabilities
[SA15747] Ublog Reload SQL Injection and Cross-Site Scripting
[SA15734] Cool Cafe SQL Injection and Disclosure of Sensitive
Information
[SA15769] i-Gallery "folder" Cross-Site Scripting and Directory
Traversal

UNIX/Linux:
[SA15777] SUSE update for java2
[SA15755] Gentoo update for
sun-jdk/sun-jre-bin/blackdown-jdk/blackdown-jre
[SA15753] Gentoo update for peercast
[SA15750] Slackware update for sun-jdk/sun-jre
[SA15772] Fedora update for ruby
[SA15766] Gentoo update for squirrelmail
[SA15749] Sun ONE Messaging Server Unspecified Webmail Vulnerability
[SA15741] SUSE Updates for gpg2/telnet/unace/horde
[SA15740] Yaws Source Code Disclosure Vulnerability
[SA15730] Red Hat update for mc
[SA15773] Ubuntu update for tcpdump
[SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability
[SA15768] Gentoo update for spamassassin/razor
[SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability
[SA15751] Gentoo update for cpio
[SA15729] Red Hat update for bzip2
[SA15728] Fedora update for spamassassin
[SA15774] Ubuntu update for sudo
[SA15771] Fedora update for sudo
[SA15763] Novell NetMail File Ownership Security Issue
[SA15759] Slackware update for sudo
[SA15748] OpenBSD update for sudo
[SA15744] Sudo Arbitrary Command Execution Vulnerability
[SA15760] Avaya Products Telnet Client Information Disclosure Weakness
[SA15731] Red Hat update for gaim

Other:
[SA15757] Enterasys Vertical Horizon Switches Two Security Issues
[SA15765] Cisco VPN Concentrator Group Name Enumeration Weakness

Cross Platform:
[SA15767] Ruby XMLRPC Server Arbitrary Command Execution
[SA15758] MercuryBoard "User-Agent" SQL Injection Vulnerability
[SA15752] Trac Arbitrary File Upload/Download Vulnerability
[SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure
[SA15732] Ultimate PHP Board Cross-Site Scripting and User Credentials
Exposure
[SA15775] Gentoo update for tor
[SA15764] Tor Disclosure of Sensitive Information
[SA15739] Razor-agents Denial of Service Vulnerabilities
[SA15738] Contelligent Preview Privilege Escalation Vulnerability
[SA15737] ajax-spell Cross-Site Scripting Vulnerability
[SA15736] amaroK Web Frontend Exposure of User Credentials
[SA15742] RealVNC Information Disclosure Weakness
[SA15733] e107 Administrator Account Enumeration Weakness
[SA15746] JBoss "org.jboss.web.WebServer" Information Disclosure

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA15762] Fortibus CMS "username" and "ID" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-21

Tamer Mohamed Hassan has discovered some vulnerabilities in Fortibus
CMS, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/15762/

 --

[SA15747] Ublog Reload SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-06-20

Dedi Dwianto has discovered two vulnerabilities in Ublog Reload, which
can be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/15747/

 --

[SA15734] Cool Cafe SQL Injection and Disclosure of Sensitive
Information

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2005-06-17

Donnie Werner has reported two vulnerabilities in Cool Cafe, which can
be exploited by malicious people to conduct SQL injection attacks and
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/15734/

 --

[SA15769] i-Gallery "folder" Cross-Site Scripting and Directory
Traversal

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2005-06-21

Seyed Hamid Kashfi has discovered a vulnerability in i-Gallery, which
can be exploited by malicious people to conduct cross-site scripting
attacks and disclose system information.

Full Advisory:
http://secunia.com/advisories/15769/


UNIX/Linux:--

[SA15777] SUSE update for java2

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-22

SUSE has issued an update for java2. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15777/

 --

[SA15755] Gentoo update for
sun-jdk/sun-jre-bin/blackdown-jdk/blackdown-jre

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-20

Gentoo has issued updates for sun-jdk, sun-jre-bin, blackdown-jdk, and
blackdown-jre. These fix a vulnerability, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15755/

 --

[SA15753] Gentoo update for peercast

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-20

Gentoo has issued an update for peercast. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15753/

 --

[SA15750] Slackware update for sun-jdk/sun-jre

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-20

Slackware has issued an update for sun-jdk/sun-jre. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15750/

 --

[SA15772] Fedora update for ruby

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-06-22

Fedora has issued an update for ruby. This fixes a vulnerability, which
potentially can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/15772/

 --

[SA15766] Gentoo update for squirrelmail

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-22

Gentoo has issued an update for squirrelmail. This fixes several
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/15766/

 --

[SA15749] Sun ONE Messaging Server Unspecified Webmail Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-20

A vulnerability has been reported in Sun ONE Messaging Server, which
may be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/15749/

 --

[SA15741] SUSE Updates for gpg2/telnet/unace/horde

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
System access
Released:    2005-06-20

SUSE has issued updates for gpg2, telnet, unace and horde. These fix
some vulnerabilities, which can be exploited by malicious people to
gain knowledge of various information, conduct cross-site scripting
attacks and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15741/

 --

[SA15740] Yaws Source Code Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-06-17

M. Eiszner has reported a vulnerability in Yaws, which can be exploited
by malicious people to gain knowledge of potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/15740/

 --

[SA15730] Red Hat update for mc

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Privilege escalation, DoS
Released:    2005-06-17

Red Hat has issued an update for mc. This fixes several
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15730/

 --

[SA15773] Ubuntu update for tcpdump

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-22

Ubuntu has issued an update for tcpdump. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15773/

 --

[SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-22

A vulnerability has been discovered in cPanel, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/15770/

 --

[SA15768] Gentoo update for spamassassin/razor

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-21

Gentoo has issued updates for spamassassin and razor. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15768/

 --

[SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-21

A vulnerability has been reported in NanoBlogger, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15754/

 --

[SA15751] Gentoo update for cpio

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-06-20

Gentoo has issued an update for cpio. This fixes a vulnerability, which
can be exploited by malicious people to cause files to be unpacked to
arbitrary locations on a user's system.

Full Advisory:
http://secunia.com/advisories/15751/

 --

[SA15729] Red Hat update for bzip2

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, DoS
Released:    2005-06-17

Red Hat has issued an update for bzip2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15729/

 --

[SA15728] Fedora update for spamassassin

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-17

Fedora has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15728/

 --

[SA15774] Ubuntu update for sudo

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-06-22

Ubuntu has issued an update for sudo. This fixes a vulnerability, which
can be exploited by malicious, local users to execute arbitrary commands
with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15774/

 --

[SA15771] Fedora update for sudo

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-06-22

Fedora has issued an update for sudo. This fixes a vulnerability, which
can be exploited by malicious, local users to execute arbitrary commands
with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15771/

 --

[SA15763] Novell NetMail File Ownership Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2005-06-21

A security issue has been reported in NetMail, which can be exploited
by malicious, local users to delete or replace the NetMail binaries.

Full Advisory:
http://secunia.com/advisories/15763/

 --

[SA15759] Slackware update for sudo

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-06-22

Slackware has issued an update for sudo. This fixes a vulnerability,
which can be exploited by malicious, local users to execute arbitrary
commands with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15759/

 --

[SA15748] OpenBSD update for sudo

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-06-21

OpenBSD has issued an update for sudo. This fixes a vulnerability,
which can be exploited by malicious, local users to execute arbitrary
commands with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15748/

 --

[SA15744] Sudo Arbitrary Command Execution Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-06-21

A vulnerability has been reported in sudo, which can be exploited by
malicious, local users to execute arbitrary commands.

Full Advisory:
http://secunia.com/advisories/15744/

 --

[SA15760] Avaya Products Telnet Client Information Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-06-21

Avaya has acknowledged a weakness in the telnet client included in
certain products, which can be exploited by malicious people to gain
knowledge of certain system information.

Full Advisory:
http://secunia.com/advisories/15760/

 --

[SA15731] Red Hat update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-06-17

Red Hat has issued an update for gaim. This fixes two weaknesses, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15731/


Other:--

[SA15757] Enterasys Vertical Horizon Switches Two Security Issues

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, DoS
Released:    2005-06-21

Jacek Lipkowski has reported two security issues in various Enterasys
Vertical Horizon switches, which can be exploited by malicious people
to gain access to a debugging account, and by malicious users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/15757/

 --

[SA15765] Cisco VPN Concentrator Group Name Enumeration Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-06-21

NTA Monitor has reported a weakness in Cisco VPN 3000 Concentrator,
which can be exploited by malicious people to gain knowledge of certain
information.

Full Advisory:
http://secunia.com/advisories/15765/


Cross Platform:--

[SA15767] Ruby XMLRPC Server Arbitrary Command Execution

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-06-22

Nobuhiro IMAI has reported a vulnerability in Ruby, which potentially
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/15767/

 --

[SA15758] MercuryBoard "User-Agent" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-22

4yka has reported a vulnerability in MercuryBoard, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15758/

 --

[SA15752] Trac Arbitrary File Upload/Download Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information,
System access
Released:    2005-06-20

Stefan Esser has reported a vulnerability in Trac, which can be
exploited by malicious users to disclose sensitive information and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15752/

 --

[SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2005-06-17

A vulnerability has been reported in XAMPP, which can be exploited by
malicious people to disclose potentially sensitive information and
conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/15735/

 --

[SA15732] Ultimate PHP Board Cross-Site Scripting and User Credentials
Exposure

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2005-06-17

Alberto Trivero has reported some vulnerabilities and a security issue
in Ultimate PHP Board, which can be exploited by malicious people to
conduct cross-site scripting attacks and disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/15732/

 --

[SA15775] Gentoo update for tor

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-06-22

Gentoo has issued an update for tor. This fixes a vulnerability, which
potentially can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/15775/

 --

[SA15764] Tor Disclosure of Sensitive Information

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-06-22

A vulnerability has been reported in Tor, which potentially can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/15764/

 --

[SA15739] Razor-agents Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-17

Two vulnerabilities have been reported in Razor-agents, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15739/

 --

[SA15738] Contelligent Preview Privilege Escalation Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation
Released:    2005-06-17

A vulnerability has been reported in Contelligent, which can be
exploited by malicious users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15738/

 --

[SA15737] ajax-spell Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-17

A vulnerability has been reported in ajax-spell, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/15737/

 --

[SA15736] amaroK Web Frontend Exposure of User Credentials

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-06-17

A security issue has been reported in the amaroK Web Frontend plugin
for amaroK, which can be exploited by malicious people to disclose
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/15736/

 --

[SA15742] RealVNC Information Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-06-20

class101 has reported a weakness in RealVNC, which can be exploited by
malicious people to gain knowledge of various system information.

Full Advisory:
http://secunia.com/advisories/15742/

 --

[SA15733] e107 Administrator Account Enumeration Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-06-17

Marc Ruef has discovered a weakness in e107, which can be exploited by
malicious people to identify valid administrator accounts.

Full Advisory:
http://secunia.com/advisories/15733/

 --

[SA15746] JBoss "org.jboss.web.WebServer" Information Disclosure

Critical:    Not critical
Where:       From local network
Impact:      Exposure of system information
Released:    2005-06-20

Marc Schoenefeld has reported a weakness in JBoss, which can be
exploited by malicious people to disclose system information.

Full Advisory:
http://secunia.com/advisories/15746/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Thu Jun 23 2005 - 22:42:26 PDT