[ISN] Secunia Weekly Summary - Issue: 2005-52

From: InfoSec News (isn@private)
Date: Thu Dec 29 2005 - 23:19:20 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-12-22 - 2005-12-29                        

                       This week : 24 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

A vulnerability has been discovered in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

NOTE: This vulnerability can be exploited automatically when a user
visits a malicious web site using Microsoft Internet Explorer.

Additionally, exploit code is publicly available. This is being
exploited in the wild. The vulnerability can also be triggered from
explorer if the malicious file has been saved to a folder and renamed
to other image file extensions like ".jpg", ".gif", ".tif", and
".png" etc.

Please refer to the referenced Secunia advisory for additional
details and information about a temporary workaround.

Reference:
http://secunia.com/SA18255


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA18131] Symantec AntiVirus RAR Archive Decompression Buffer
              Overflow
2.  [SA18255] Microsoft Windows WMF "SETABORTPROC" Arbitrary Code
              Execution
3.  [SA15546] Microsoft Internet Explorer "window()" Arbitrary Code
              Execution Vulnerability
4.  [SA15368] Microsoft Internet Explorer Multiple Vulnerabilities
5.  [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing
              Vulnerability
6.  [SA18169] McAfee SecurityCenter "mcinsctl.dll" ActiveX File
              Overwrite Vulnerability
7.  [SA18162] VMware NAT Networking Buffer Overflow Vulnerability
8.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
9.  [SA18149] Apple QuickTime / iTunes Memory Corruption
              Vulnerability
10. [SA18205] Linux Kernel Socket Data Buffering Denial of Service

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA18255] Microsoft Windows WMF "SETABORTPROC" Arbitrary Code
Execution
[SA18245] Golden FTP Server APPE Command Buffer Overflow
[SA18226] WebDB SQL Injection Vulnerability
[SA18243] Spb Kiosk Engine Program Execution Control Bypass Weakness

UNIX/Linux:
[SA18221] Gentoo update for mantis
[SA18236] Gentoo update for scponly
[SA18223] scponly Privilege Escalation and Security Bypass
Vulnerabilities
[SA18222] UnixWare TCP Timestamp Denial of Service
[SA18237] Gentoo update for rssh
[SA18230] Sun Solaris PC NetLink Insecure File Handling Vulnerability
[SA18228] Debian update for dhis-tools-dns
[SA18227] DHIS Tools Insecure Temporary File Creation
[SA18224] rssh "chroot" Directory Privilege Escalation Vulnerability
[SA18231] Mandriva update for fetchmail
[SA18225] Debian update for ketm

Other:


Cross Platform:
[SA18256] SimpBook "message" Script Insertion Vulnerability
[SA18239] DEV web management system Cross-Site Scripting and SQL
Injection
[SA18238] BZFlag "callsign" Handling Denial of Service Vulnerability
[SA18259] FatWire UpdateEngine Cross-Site Scripting Vulnerabilities
[SA18258] communique "query" Cross-Site Scripting Vulnerability
[SA18257] CommonSpot "bNewWindow" Cross-Site Scripting Vulnerability
[SA18234] EPiX "query" Cross-Site Scripting Vulnerability
[SA18232] Juniper NetScreen Security Manager Potential Denial of
Service
[SA18229] Ethereal GTP Dissector Denial of Service Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA18255] Microsoft Windows WMF "SETABORTPROC" Arbitrary Code
Execution

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2005-12-28

A vulnerability has been discovered in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18255/

 --

[SA18245] Golden FTP Server APPE Command Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-12-26

Tim Shelton has discovered a vulnerability in Golden FTP Server, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/18245/

 --

[SA18226] WebDB SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-23

r0t has reported a vulnerability in WebDB, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18226/

 --

[SA18243] Spb Kiosk Engine Program Execution Control Bypass Weakness

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-12-28

Seth Fogie has reported a weakness in Spb Kiosks Engine, which
potentially can be exploited by malicious, local users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18243/


UNIX/Linux:--

[SA18221] Gentoo update for mantis

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting, Manipulation of data
Released:    2005-12-23

Gentoo has issued an update for mantis. This fixes some
vulnerabilities, where some have unknown impacts and others potentially
can be exploited by malicious people to conduct cross-site scripting,
HTTP response splitting, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18221/

 --

[SA18236] Gentoo update for scponly

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation
Released:    2005-12-29

Gentoo has issued an update for scponly. This fixes two
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, or by malicious users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/18236/

 --

[SA18223] scponly Privilege Escalation and Security Bypass
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation
Released:    2005-12-23

Two vulnerabilities have been reported in scponly, which can be
exploited by malicious, local users to gain escalated privileges, or by
malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18223/

 --

[SA18222] UnixWare TCP Timestamp Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-12-23

A vulnerability has been reported in UnixWare, which can be exploited
by malicious people to cause a DoS (Denial of Service) on active TCP
sessions.

Full Advisory:
http://secunia.com/advisories/18222/

 --

[SA18237] Gentoo update for rssh

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-28

Gentoo has issued an update for rssh. This fixes a vulnerability, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18237/

 --

[SA18230] Sun Solaris PC NetLink Insecure File Handling Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-26

Two vulnerabilities have been reported in Sun Solaris PC NetLink, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18230/

 --

[SA18228] Debian update for dhis-tools-dns

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-27

Debian has issued an update for dhis-tools-dns. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18228/

 --

[SA18227] DHIS Tools Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-27

Javier Fernandez-Sanguino Pena has reported a vulnerability in DHIS
Tools, which can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18227/

 --

[SA18224] rssh "chroot" Directory Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-23

Max Vozeler has reported a vulnerability in rssh, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18224/

 --

[SA18231] Mandriva update for fetchmail

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-12-26

Mandriva has issued an update for fetchmail. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18231/

 --

[SA18225] Debian update for ketm

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-27

Steve Kemp has reported a vulnerability in ketm, which can be exploited
by malicious, local users to gain escalated  privileges.

Full Advisory:
http://secunia.com/advisories/18225/


Other:


Cross Platform:--

[SA18256] SimpBook "message" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-26

0o_zeus_o0 has discovered a vulnerability in SimpBook, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18256/

 --

[SA18239] DEV web management system Cross-Site Scripting and SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-12-27

rgod has reported some vulnerabilities in DEV web management system,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18239/

 --

[SA18238] BZFlag "callsign" Handling Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-27

Luigi Auriemma has reported a vulnerability in BZFlag, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/18238/

 --

[SA18259] FatWire UpdateEngine Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-27

r0t has reported two vulnerabilities in FatWire UpdateEngine, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18259/

 --

[SA18258] communique "query" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-27

r0t has reported a vulnerability in communique, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18258/

 --

[SA18257] CommonSpot "bNewWindow" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2005-12-27

r0t has reported a vulnerability in CommonSpot, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18257/

 --

[SA18234] EPiX "query" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-27

r0t has reported a vulnerability in EPiX, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18234/

 --

[SA18232] Juniper NetScreen Security Manager Potential Denial of
Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-12-29

David Maciejak has reported a vulnerability in NetScreen Security
Manager (NSM) which potentially can be exploited by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18232/

 --

[SA18229] Ethereal GTP Dissector Denial of Service Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-12-28

A vulnerability has been reported in Ethereal, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18229/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Fri Dec 30 2005 - 18:56:14 PST