========================================================================
The Secunia Weekly Advisory Summary
2007-03-22 - 2007-03-29
This week: 40 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Should you be interested in a career within Secunia, the current job
openings are available right now:
Security Sales Engineer:
http://corporate.secunia.com/about_secunia/54/
German Key Account Manager:
http://corporate.secunia.com/about_secunia/55/
International Account Manager - Enterprise Sales:
http://corporate.secunia.com/about_secunia/52/
International Sales Manager - IT Security Partner:
http://corporate.secunia.com/about_secunia/51/
Danish: Disassembling og Reversing
http://secunia.com/Disassembling_og_Reversing/
Linux Security Specialist:
http://secunia.com/Linux_Security_Specialist/
========================================================================
2) This Week in Brief:
Vulnerabilities have been reported in IBM Lotus Domino and Lotus Domino
Web Access, which can be exploited by malicious people to conduct
script insertion attacks, cause a DoS (Denial of Service), and
potentially compromise a vulnerable system.
The first is a boundary error within the IMAP service during CRAM-MD5
authentication. Exploitation is trivial and can be done by passing an
overly long username to trigger a buffer overflow.
The second is an error in the LDAP service when handling certain
requests. Exploitation is also trivial and can be done by passing a
specially crafted request containing a string longer than 65535 bytes
to trigger a heap-based buffer overflow
The third is due to certain input in e-mail messages not being
properly sanitised by Lotus Domino Web Access before being displayed.
This can be exploited to insert arbitrary HTML and script code, which
is executed in a user's browser session in context of an affected site
when a malicious message is viewed.
All vulnerabilities discussed in the advisory have been patched by IBM.
For more information, refer to:
http://secunia.com/advisories/24633/
--
Vulnerabilities have been reported in Cisco Unified CallManager (CUCM)
and Cisco Unified Presence Server (CUPS), which can be exploited by a
remote attacker to cause a DoS (Denial of Service).
The first is an unspecified error within the handling of large amounts
of ICMP Echo packets. This can be exploited to crash various CUCM or
CUPS services by sending a large number of ICMP Echo packets.
An unspecified error also exists within the IPSec Manager service for
CUCM or CUPS. This can be exploited to stop certain services, such as
call forwarding, by sending a specially crafted UDP packet to port
8500.
This vulnerability have been patched by the vendor. For more
information, refer to:
http://secunia.com/advisories/24665/
--
Another vulnerability in Cisco Unified CallManager (CUCM) can be
exploited by attackers within the network to cause a DoS (Denial of
Service).
Sending a series of specially crafted packets to the SCCP service (port
2000/TCP) or SCCPS service (port 2443/TCP) can crash the CallManager
Service due to an unspecified error in the handling of certain
packets.
The vulnerability has been patched by the vendor. For more
information, refer to:
http://secunia.com/advisories/24665/
--
VIRUS ALERTS:
During the past week Secunia collected 178 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA24618] Linux Kernel Multiple Denial of Service Vulnerabilities
2. [SA24630] PHP "unserialize()" S: Data Type Information Leak
3. [SA24588] OpenOffice.org Multiple Vulnerabilities
4. [SA14921] Microsoft Windows Message Queuing Buffer Overflow
Vulnerability
5. [SA24617] Red Hat update for file
6. [SA24626] Active Auction Pro "catid" SQL Injection Vulnerability
7. [SA24631] Active Trade "catid" SQL Injection Vulnerability
8. [SA24621] LAN Management System Multiple File Inclusion
9. [SA24620] PortailPHP "idnews" SQL Injection Vulnerability
10. [SA24622] aspWebCalendar FREE "eventid" SQL Injection
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA24673] NaviCOPA GET cgi-bin/cgi Request Buffer Overflow
Vulnerability
[SA24664] Corel WordPerfect Document Processing Buffer Overflow
[SA24653] eWebquiz "QuizID" SQL Injection Vulnerability
[SA24640] Active Newsletter "NewsPaperID" SQL Injection
[SA24631] Active Trade "catid" SQL Injection Vulnerability
[SA24652] B21Soft BASP21 SMTP Component CRLF Injection
UNIX/Linux:
[SA24663] Web Content System "path[JavascriptEdit]" File Inclusion
[SA24650] SGI Advanced Linux Environment Multiple Updates
[SA24647] Ubuntu update for openoffice.org
[SA24668] Mandriva update for evolution
[SA24661] rPath update for inkscape
[SA24651] Ubuntu update for evolution
[SA24649] Gentoo mgv Buffer Overflow Vulnerability
[SA24645] Ubuntu update for xmms
[SA24642] Avaya Products php Multiple Vulnerabilities
[SA24672] Xoops Articles Module "id" Parameter SQL Injection
[SA24655] CcCounter "dir" Cross-Site Scripting Vulnerability
[SA24648] Avaya Products bind Denial of Service
[SA24638] Debian update for nas
[SA24628] Ubuntu update for nas
[SA24641] mcweject Buffer Overflow Vulnerability
[SA24643] TrueCrypt "setuid" Local Denial of Service and Privilege
Escalation Security Issue
[SA24627] TrueCrypt set-euid Mode Volume Dismount Security Issue
Other:
[SA24666] DataDomain OS Administrator CLI Arbitrary Command Execution
Weakness
Cross Platform:
[SA24686] MangoBery "Site_Path" File Inclusion Vulnerabilities
[SA24646] StarOffice Two Vulnerabilities
[SA24644] IceBB Avatar SQL Injection and PHP Code Execution
[SA24633] IBM Lotus Domino Script Insertion and Buffer Overflows
[SA24690] Cisco Unified CallManager and Presence Server ICMP Echo and
IPSec Denial of Service
[SA24675] Joomla Component D4J eZine "article" SQL Injection
Vulnerability
[SA24634] Sun Java System Directory Server "ns-slapd" Denial of
Service
[SA24687] LDAP Account Manager LDAP Data Script Insertion
Vulnerability
[SA24679] aBitWhizzy "d" Directory Traversal and Cross-Site-Scripting
[SA24654] Fizzle Extension for Firefox Feed Script Insertion
Vulnerability
[SA24637] PBLang admin2.php PHP Code Execution
[SA24630] PHP "unserialize()" S: Data Type Information Leak
[SA24629] PHP-Nuke Anti-Cross-Site Request Forgery Routine Bypass
Vulnerability
[SA24665] Cisco Unified CallManager SCCP and SCCPS Denial of Service
[SA24639] ESRI ArcSDE Server Denial of Service Vulnerability
[SA24635] IDA Pro Remote Debugger Server Authentication Bypass
Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA24673] NaviCOPA GET cgi-bin/cgi Request Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-03-28
skillTube has reported a vulnerability in NaviCOPA Web Server, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/24673/
--
[SA24664] Corel WordPerfect Document Processing Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-03-29
Jonathan So has discovered a vulnerability in Corel WordPerfect Office
X3, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/24664/
--
[SA24653] eWebquiz "QuizID" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-03-26
ajann has reported a vulnerability in eWebquiz, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/24653/
--
[SA24640] Active Newsletter "NewsPaperID" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2007-03-26
ajann has reported a vulnerability in Active Newsletter, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/24640/
--
[SA24631] Active Trade "catid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-03-23
CyberGhost has reported a vulnerability in Active Trade, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/24631/
--
[SA24652] B21Soft BASP21 SMTP Component CRLF Injection
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2007-03-26
A vulnerability has been reported in B21Soft's BASP21, which can be
exploited by malicious people to send out unsolicited mail.
Full Advisory:
http://secunia.com/advisories/24652/
UNIX/Linux:--
[SA24663] Web Content System "path[JavascriptEdit]" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-03-28
KEZZAP66345 has discovered a vulnerability in Web Content System, which
can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24663/
--
[SA24650] SGI Advanced Linux Environment Multiple Updates
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released: 2007-03-26
SGI has issued multiple updates for SGI Advanced Linux Environment.
These fix some vulnerabilities, which can be exploited by malicious
people to bypass certain security restrictions, conduct cross-site
scripting and spoofing attacks, gain knowledge of potentially sensitive
information, cause a DoS (Denial of Service) and potentially compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/24650/
--
[SA24647] Ubuntu update for openoffice.org
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-03-28
Ubuntu has issued an update for openoffice.org. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24647/
--
[SA24668] Mandriva update for evolution
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-03-28
Mandriva has issued an update for evolution. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24668/
--
[SA24661] rPath update for inkscape
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-03-29
rPath has issued an update for inkscape. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24661/
--
[SA24651] Ubuntu update for evolution
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-03-27
Ubuntu has issued an update for evolution. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/24651/
--
[SA24649] Gentoo mgv Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-03-27
Gentoo has acknowledged a vulnerability in mgv, which can be exploited
by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24649/
--
[SA24645] Ubuntu update for xmms
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-03-28
Ubuntu has issued an update for xmms. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/24645/
--
[SA24642] Avaya Products php Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, DoS,
System access
Released: 2007-03-27
Avaya has acknowledged some vulnerabilities and a weakness in php,
which can be exploited by malicious people to disclose potentially
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/24642/
--
[SA24672] Xoops Articles Module "id" Parameter SQL Injection
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2007-03-28
UniquE-Key{UniquE-Cracker} has discovered a vulnerability in the
Articles module for Xoops, which can be exploited by malicious users to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/24672/
--
[SA24655] CcCounter "dir" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-03-27
Crackers_Child has discovered a vulnerability in CcCounter, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/24655/
--
[SA24648] Avaya Products bind Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2007-03-28
Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24648/
--
[SA24638] Debian update for nas
Critical: Less critical
Where: From local network
Impact: Privilege escalation, DoS
Released: 2007-03-28
Debian has issued an update for nas. This fixes some vulnerabilities,
which potentially can be exploited by malicious, local users to gain
escalated privileges or malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24638/
--
[SA24628] Ubuntu update for nas
Critical: Less critical
Where: From local network
Impact: Privilege escalation, DoS
Released: 2007-03-28
Ubuntu has issued an update for nas. This fixes some vulnerabilities,
which potentially can be exploited by malicious, local users to gain
escalated privileges or by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24628/
--
[SA24641] mcweject Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2007-03-27
harry has reported a vulnerability in mcweject, which can be exploited
by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/24641/
--
[SA24643] TrueCrypt "setuid" Local Denial of Service and Privilege
Escalation Security Issue
Critical: Not critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2007-03-28
Tim Rees has discovered a security issue in TrueCrypt, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/24643/
--
[SA24627] TrueCrypt set-euid Mode Volume Dismount Security Issue
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2007-03-26
A security issue has been reported in TrueCrypt, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/24627/
Other:--
[SA24666] DataDomain OS Administrator CLI Arbitrary Command Execution
Weakness
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2007-03-29
Elliot Kendall has reported a weakness in DataDomain OS, which can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/24666/
Cross Platform:--
[SA24686] MangoBery "Site_Path" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-03-29
kezzap66345 has discovered two vulnerabilities in MangoBery, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24686/
--
[SA24646] StarOffice Two Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-03-27
Sun Microsystems has acknowledged some vulnerabilities in StarOffice,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/24646/
--
[SA24644] IceBB Avatar SQL Injection and PHP Code Execution
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2007-03-27
Hessam-x has discovered some vulnerabilities in IceBB, which can be
exploited by malicious users to conduct SQL injection attacks and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24644/
--
[SA24633] IBM Lotus Domino Script Insertion and Buffer Overflows
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2007-03-28
Some vulnerabilities have been reported in IBM Lotus Domino and Lotus
Domino Web Access, which can be exploited by malicious people to
conduct script insertion attacks, cause a DoS (Denial of Service), and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24633/
--
[SA24690] Cisco Unified CallManager and Presence Server ICMP Echo and
IPSec Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2007-03-29
Some vulnerabilities have been reported in Cisco Unified CallManager
(CUCM) and Cisco Unified Presence Server (CUPS), which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/24690/
--
[SA24675] Joomla Component D4J eZine "article" SQL Injection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-03-29
ajann has reported a vulnerability in D4J eZine, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/24675/
--
[SA24634] Sun Java System Directory Server "ns-slapd" Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2007-03-26
A vulnerability has been reported in Sun Java System Directory Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24634/
--
[SA24687] LDAP Account Manager LDAP Data Script Insertion
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-03-29
A vulnerability has been reported in LDAP Account Manager, which can be
exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/24687/
--
[SA24679] aBitWhizzy "d" Directory Traversal and Cross-Site-Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information
Released: 2007-03-28
Lostmon has discovered some vulnerabilities and weaknesses in
aBitWhizzy, which can be exploited by malicious people to disclose
system information or conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/24679/
--
[SA24654] Fizzle Extension for Firefox Feed Script Insertion
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-03-26
CrYpTiC MauleR has discovered a vulnerability in the Fizzle extension
for Firefox, which can be exploited by malicious people to conduct
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/24654/
--
[SA24637] PBLang admin2.php PHP Code Execution
Critical: Less critical
Where: From remote
Impact: System access
Released: 2007-03-26
Hessam-x has discovered a vulnerability in PBLang, which can be
exploited by malicious users to compromise vulnerable systems.
Full Advisory:
http://secunia.com/advisories/24637/
--
[SA24630] PHP "unserialize()" S: Data Type Information Leak
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2007-03-23
Stefan Esser has reported a vulnerability in PHP, which can be
exploited by malicious people to disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/24630/
--
[SA24629] PHP-Nuke Anti-Cross-Site Request Forgery Routine Bypass
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-03-27
A vulnerability has been discovered in PHP-Nuke, which can be exploited
by malicious people to conduct cross-site scripting or cross-site
request forgery attacks.
Full Advisory:
http://secunia.com/advisories/24629/
--
[SA24665] Cisco Unified CallManager SCCP and SCCPS Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2007-03-29
A vulnerability has been reported in Cisco Unified CallManager (CUCM),
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24665/
--
[SA24639] ESRI ArcSDE Server Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2007-03-28
A vulnerability has been reported in ArcSDE, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/24639/
--
[SA24635] IDA Pro Remote Debugger Server Authentication Bypass
Vulnerability
Critical: Not critical
Where: From local network
Impact: Security Bypass
Released: 2007-03-26
A vulnerability has been reported in IDA Pro, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/24635/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Mar 29 2007 - 22:44:47 PST