======================================================================== The Secunia Weekly Advisory Summary 2007-03-22 - 2007-03-29 This week: 40 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Should you be interested in a career within Secunia, the current job openings are available right now: Security Sales Engineer: http://corporate.secunia.com/about_secunia/54/ German Key Account Manager: http://corporate.secunia.com/about_secunia/55/ International Account Manager - Enterprise Sales: http://corporate.secunia.com/about_secunia/52/ International Sales Manager - IT Security Partner: http://corporate.secunia.com/about_secunia/51/ Danish: Disassembling og Reversing http://secunia.com/Disassembling_og_Reversing/ Linux Security Specialist: http://secunia.com/Linux_Security_Specialist/ ======================================================================== 2) This Week in Brief: Vulnerabilities have been reported in IBM Lotus Domino and Lotus Domino Web Access, which can be exploited by malicious people to conduct script insertion attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. The first is a boundary error within the IMAP service during CRAM-MD5 authentication. Exploitation is trivial and can be done by passing an overly long username to trigger a buffer overflow. The second is an error in the LDAP service when handling certain requests. Exploitation is also trivial and can be done by passing a specially crafted request containing a string longer than 65535 bytes to trigger a heap-based buffer overflow The third is due to certain input in e-mail messages not being properly sanitised by Lotus Domino Web Access before being displayed. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when a malicious message is viewed. All vulnerabilities discussed in the advisory have been patched by IBM. For more information, refer to: http://secunia.com/advisories/24633/ -- Vulnerabilities have been reported in Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS), which can be exploited by a remote attacker to cause a DoS (Denial of Service). The first is an unspecified error within the handling of large amounts of ICMP Echo packets. This can be exploited to crash various CUCM or CUPS services by sending a large number of ICMP Echo packets. An unspecified error also exists within the IPSec Manager service for CUCM or CUPS. This can be exploited to stop certain services, such as call forwarding, by sending a specially crafted UDP packet to port 8500. This vulnerability have been patched by the vendor. For more information, refer to: http://secunia.com/advisories/24665/ -- Another vulnerability in Cisco Unified CallManager (CUCM) can be exploited by attackers within the network to cause a DoS (Denial of Service). Sending a series of specially crafted packets to the SCCP service (port 2000/TCP) or SCCPS service (port 2443/TCP) can crash the CallManager Service due to an unspecified error in the handling of certain packets. The vulnerability has been patched by the vendor. For more information, refer to: http://secunia.com/advisories/24665/ -- VIRUS ALERTS: During the past week Secunia collected 178 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA24618] Linux Kernel Multiple Denial of Service Vulnerabilities 2. [SA24630] PHP "unserialize()" S: Data Type Information Leak 3. [SA24588] OpenOffice.org Multiple Vulnerabilities 4. [SA14921] Microsoft Windows Message Queuing Buffer Overflow Vulnerability 5. [SA24617] Red Hat update for file 6. [SA24626] Active Auction Pro "catid" SQL Injection Vulnerability 7. [SA24631] Active Trade "catid" SQL Injection Vulnerability 8. [SA24621] LAN Management System Multiple File Inclusion 9. [SA24620] PortailPHP "idnews" SQL Injection Vulnerability 10. [SA24622] aspWebCalendar FREE "eventid" SQL Injection ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA24673] NaviCOPA GET cgi-bin/cgi Request Buffer Overflow Vulnerability [SA24664] Corel WordPerfect Document Processing Buffer Overflow [SA24653] eWebquiz "QuizID" SQL Injection Vulnerability [SA24640] Active Newsletter "NewsPaperID" SQL Injection [SA24631] Active Trade "catid" SQL Injection Vulnerability [SA24652] B21Soft BASP21 SMTP Component CRLF Injection UNIX/Linux: [SA24663] Web Content System "path[JavascriptEdit]" File Inclusion [SA24650] SGI Advanced Linux Environment Multiple Updates [SA24647] Ubuntu update for openoffice.org [SA24668] Mandriva update for evolution [SA24661] rPath update for inkscape [SA24651] Ubuntu update for evolution [SA24649] Gentoo mgv Buffer Overflow Vulnerability [SA24645] Ubuntu update for xmms [SA24642] Avaya Products php Multiple Vulnerabilities [SA24672] Xoops Articles Module "id" Parameter SQL Injection [SA24655] CcCounter "dir" Cross-Site Scripting Vulnerability [SA24648] Avaya Products bind Denial of Service [SA24638] Debian update for nas [SA24628] Ubuntu update for nas [SA24641] mcweject Buffer Overflow Vulnerability [SA24643] TrueCrypt "setuid" Local Denial of Service and Privilege Escalation Security Issue [SA24627] TrueCrypt set-euid Mode Volume Dismount Security Issue Other: [SA24666] DataDomain OS Administrator CLI Arbitrary Command Execution Weakness Cross Platform: [SA24686] MangoBery "Site_Path" File Inclusion Vulnerabilities [SA24646] StarOffice Two Vulnerabilities [SA24644] IceBB Avatar SQL Injection and PHP Code Execution [SA24633] IBM Lotus Domino Script Insertion and Buffer Overflows [SA24690] Cisco Unified CallManager and Presence Server ICMP Echo and IPSec Denial of Service [SA24675] Joomla Component D4J eZine "article" SQL Injection Vulnerability [SA24634] Sun Java System Directory Server "ns-slapd" Denial of Service [SA24687] LDAP Account Manager LDAP Data Script Insertion Vulnerability [SA24679] aBitWhizzy "d" Directory Traversal and Cross-Site-Scripting [SA24654] Fizzle Extension for Firefox Feed Script Insertion Vulnerability [SA24637] PBLang admin2.php PHP Code Execution [SA24630] PHP "unserialize()" S: Data Type Information Leak [SA24629] PHP-Nuke Anti-Cross-Site Request Forgery Routine Bypass Vulnerability [SA24665] Cisco Unified CallManager SCCP and SCCPS Denial of Service [SA24639] ESRI ArcSDE Server Denial of Service Vulnerability [SA24635] IDA Pro Remote Debugger Server Authentication Bypass Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA24673] NaviCOPA GET cgi-bin/cgi Request Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-03-28 skillTube has reported a vulnerability in NaviCOPA Web Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/24673/ -- [SA24664] Corel WordPerfect Document Processing Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-03-29 Jonathan So has discovered a vulnerability in Corel WordPerfect Office X3, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/24664/ -- [SA24653] eWebquiz "QuizID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-03-26 ajann has reported a vulnerability in eWebquiz, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/24653/ -- [SA24640] Active Newsletter "NewsPaperID" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-03-26 ajann has reported a vulnerability in Active Newsletter, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/24640/ -- [SA24631] Active Trade "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-03-23 CyberGhost has reported a vulnerability in Active Trade, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/24631/ -- [SA24652] B21Soft BASP21 SMTP Component CRLF Injection Critical: Less critical Where: From remote Impact: Security Bypass Released: 2007-03-26 A vulnerability has been reported in B21Soft's BASP21, which can be exploited by malicious people to send out unsolicited mail. Full Advisory: http://secunia.com/advisories/24652/ UNIX/Linux:-- [SA24663] Web Content System "path[JavascriptEdit]" File Inclusion Critical: Highly critical Where: From remote Impact: System access Released: 2007-03-28 KEZZAP66345 has discovered a vulnerability in Web Content System, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/24663/ -- [SA24650] SGI Advanced Linux Environment Multiple Updates Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access Released: 2007-03-26 SGI has issued multiple updates for SGI Advanced Linux Environment. These fix some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of potentially sensitive information, cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/24650/ -- [SA24647] Ubuntu update for openoffice.org Critical: Highly critical Where: From remote Impact: System access Released: 2007-03-28 Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/24647/ -- [SA24668] Mandriva update for evolution Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-03-28 Mandriva has issued an update for evolution. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/24668/ -- [SA24661] rPath update for inkscape Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-03-29 rPath has issued an update for inkscape. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/24661/ -- [SA24651] Ubuntu update for evolution Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-03-27 Ubuntu has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/24651/ -- [SA24649] Gentoo mgv Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-03-27 Gentoo has acknowledged a vulnerability in mgv, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/24649/ -- [SA24645] Ubuntu update for xmms Critical: Moderately critical Where: From remote Impact: System access Released: 2007-03-28 Ubuntu has issued an update for xmms. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/24645/ -- [SA24642] Avaya Products php Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, DoS, System access Released: 2007-03-27 Avaya has acknowledged some vulnerabilities and a weakness in php, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/24642/ -- [SA24672] Xoops Articles Module "id" Parameter SQL Injection Critical: Less critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-03-28 UniquE-Key{UniquE-Cracker} has discovered a vulnerability in the Articles module for Xoops, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/24672/ -- [SA24655] CcCounter "dir" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-03-27 Crackers_Child has discovered a vulnerability in CcCounter, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/24655/ -- [SA24648] Avaya Products bind Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2007-03-28 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24648/ -- [SA24638] Debian update for nas Critical: Less critical Where: From local network Impact: Privilege escalation, DoS Released: 2007-03-28 Debian has issued an update for nas. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges or malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24638/ -- [SA24628] Ubuntu update for nas Critical: Less critical Where: From local network Impact: Privilege escalation, DoS Released: 2007-03-28 Ubuntu has issued an update for nas. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges or by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24628/ -- [SA24641] mcweject Buffer Overflow Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-03-27 harry has reported a vulnerability in mcweject, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/24641/ -- [SA24643] TrueCrypt "setuid" Local Denial of Service and Privilege Escalation Security Issue Critical: Not critical Where: Local system Impact: Privilege escalation, DoS Released: 2007-03-28 Tim Rees has discovered a security issue in TrueCrypt, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. Full Advisory: http://secunia.com/advisories/24643/ -- [SA24627] TrueCrypt set-euid Mode Volume Dismount Security Issue Critical: Not critical Where: Local system Impact: DoS Released: 2007-03-26 A security issue has been reported in TrueCrypt, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24627/ Other:-- [SA24666] DataDomain OS Administrator CLI Arbitrary Command Execution Weakness Critical: Not critical Where: Local system Impact: Security Bypass Released: 2007-03-29 Elliot Kendall has reported a weakness in DataDomain OS, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/24666/ Cross Platform:-- [SA24686] MangoBery "Site_Path" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2007-03-29 kezzap66345 has discovered two vulnerabilities in MangoBery, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/24686/ -- [SA24646] StarOffice Two Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2007-03-27 Sun Microsystems has acknowledged some vulnerabilities in StarOffice, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/24646/ -- [SA24644] IceBB Avatar SQL Injection and PHP Code Execution Critical: Highly critical Where: From remote Impact: Manipulation of data, System access Released: 2007-03-27 Hessam-x has discovered some vulnerabilities in IceBB, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/24644/ -- [SA24633] IBM Lotus Domino Script Insertion and Buffer Overflows Critical: Highly critical Where: From remote Impact: Cross Site Scripting, DoS, System access Released: 2007-03-28 Some vulnerabilities have been reported in IBM Lotus Domino and Lotus Domino Web Access, which can be exploited by malicious people to conduct script insertion attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/24633/ -- [SA24690] Cisco Unified CallManager and Presence Server ICMP Echo and IPSec Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-03-29 Some vulnerabilities have been reported in Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS), which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24690/ -- [SA24675] Joomla Component D4J eZine "article" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-03-29 ajann has reported a vulnerability in D4J eZine, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/24675/ -- [SA24634] Sun Java System Directory Server "ns-slapd" Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-03-26 A vulnerability has been reported in Sun Java System Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24634/ -- [SA24687] LDAP Account Manager LDAP Data Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-03-29 A vulnerability has been reported in LDAP Account Manager, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/24687/ -- [SA24679] aBitWhizzy "d" Directory Traversal and Cross-Site-Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting, Exposure of system information Released: 2007-03-28 Lostmon has discovered some vulnerabilities and weaknesses in aBitWhizzy, which can be exploited by malicious people to disclose system information or conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/24679/ -- [SA24654] Fizzle Extension for Firefox Feed Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-03-26 CrYpTiC MauleR has discovered a vulnerability in the Fizzle extension for Firefox, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/24654/ -- [SA24637] PBLang admin2.php PHP Code Execution Critical: Less critical Where: From remote Impact: System access Released: 2007-03-26 Hessam-x has discovered a vulnerability in PBLang, which can be exploited by malicious users to compromise vulnerable systems. Full Advisory: http://secunia.com/advisories/24637/ -- [SA24630] PHP "unserialize()" S: Data Type Information Leak Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2007-03-23 Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/24630/ -- [SA24629] PHP-Nuke Anti-Cross-Site Request Forgery Routine Bypass Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-03-27 A vulnerability has been discovered in PHP-Nuke, which can be exploited by malicious people to conduct cross-site scripting or cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/24629/ -- [SA24665] Cisco Unified CallManager SCCP and SCCPS Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2007-03-29 A vulnerability has been reported in Cisco Unified CallManager (CUCM), which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24665/ -- [SA24639] ESRI ArcSDE Server Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2007-03-28 A vulnerability has been reported in ArcSDE, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24639/ -- [SA24635] IDA Pro Remote Debugger Server Authentication Bypass Vulnerability Critical: Not critical Where: From local network Impact: Security Bypass Released: 2007-03-26 A vulnerability has been reported in IDA Pro, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/24635/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Mar 29 2007 - 22:44:47 PST