======================================================================== The Secunia Weekly Advisory Summary 2008-02-21 - 2008-02-28 This week: 87 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia invites you to join us in the biggest IT Expo event of the year - the RSA Conference in the Moscone Center, San Francisco, California from 7 to 11 April 2008. If you are interested in going to the expo exhibit and meeting us, please contact your Secunia Account Executive for a FREE EXPO PASS! ======================================================================== 2) This Week in Brief: A highly critical vulnerability has been discovered in ICQ, which can be exploited by malicious people to compromise another user's system. The vulnerability is caused due to a format string error when generating HTML code to display messages in the embedded Internet Explorer component. This can then be exploited by sending specially crafted messages containing format string specifiers to another user. Successful exploitation allows an attacker to execute arbitrary code. The vulnerability is confirmed in ICQ 6 build 6043. Other versions may also be affected. The vulnerability is currently unpatched. Secunia urges users to avoid accepting messages from untrusted ICQ users, or accepting messages only from users in their contact lists. For more information, refer to: http://secunia.com/advisories/29138/ -- A highly critical vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error within the handling of external-body MIME types. This can be exploited to cause a heap-based buffer overflow by tricking a user into viewing a specially crafted email. Successful exploitation may allow an attacker to arbitrary code. The vendor has provided users with version 2.0.0.9 to resolve the vulnerability. Users of prior version are urged to download the update immediately. For more information, refer to: http://secunia.com/advisories/29133/ -- Netscape has acknowledged some weaknesses, a security issue, and some vulnerabilities in Netscape Navigator, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system. The vulnerabilities are due to the use of vulnerable Firefox code, of which the Netscape Navigator browser is based on. The vendor has released version 9.0.0.6, which is the final release for Netscape Navigator. Support for all Netscape browsers will end on 1st of March 2008. For more information, refer to: http://secunia.com/advisories/29049/ -- Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. A boundary error in Symantec's Decomposer engine can be exploited to cause a stack-based buffer overflow when handling a specially crafted .RAR file. Successful exploitation of this highly critical vulnerability allows execution of arbitrary code. An error in Symantec's Decomposer engine can be exploited to cause the process to consume large amounts of memory when handling a specially crafted .RAR file. A variety of Symantec products are affected by these vulnerabilities, including the Symantec AntiVirus Scan Engine, Symantec Mail Security for Microsoft Exchange, and Symantec AntiVirus for Network Attached Storage. The vendor has released security updates for all affected products. For more information, refer to: http://secunia.com/advisories/29140/ -- VIRUS ALERTS: During the past week Secunia collected 154 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA29032] VMware ESX Server Multiple Updates 2. [SA29131] D-Link MPEG4 SHM (Audio) Control ActiveX Control "Url" Property Buffer Overflow 3. [SA27994] Novell iPrint Client iPrint Control "ExecuteRequest()" Buffer Overflow 4. [SA29008] Joomla astatsPRO Component "id" SQL Injection Vulnerability 5. [SA29052] Sun Solaris CPU Performance Counters Sub-System Local Denial of Service 6. [SA29106] Joomla! "mosConfig_absolute_path" File Inclusion 7. [SA29074] Solaris 10 Perl Regular Expressions Unicode Data Buffer Overflow 8. [SA29037] Sun Solaris 10 DTrace Dynamic Tracing Framework Information Disclosure 9. [SA29066] lighttpd File Descriptor Array Denial of Service Vulnerability 10. [SA29070] Red Hat update for tcltk ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA29146] 4XEM VatDecoder VatCtrl Class ActiveX Control "Url" Property Buffer Overflow [SA29145] RTSP MPEG4 SP Control ActiveX Control "Url" Property Buffer Overflow [SA29138] ICQ Message Processing Format String Vulnerability [SA29131] D-Link MPEG4 SHM (Audio) Control ActiveX Control "Url" Property Buffer Overflow [SA29109] Rising Online Virus Scanner Web Scan ActiveX Control "UpdateEngine()" Insecure Method [SA29108] Move Media Player Quantum Streaming IE Player "UploadLogs()" Buffer Overflow [SA29137] NetWin WebMail Format String Vulnerability [SA29105] SurgeMail Format String and Buffer Overflow Vulnerabilities [SA29102] Porar Webboard question.asp SQL Injection Vulnerability [SA29096] SurgeFTP "Content-Length" Denial of Service Vulnerability [SA29124] Trend Micro OfficeScan CGI Module and Policy Server Buffer Overflows [SA29062] Zilab Chat and Instant Messaging Server Multiple Vulnerabilities [SA29142] AuthentiX Multiple Cross-Site Scripting Vulnerabilities [SA29151] Trend Micro OfficeScan 8.0 Policy Server Denial of Service [SA29075] Double-Take for Windows Information Disclosure and Denial of Service [SA29117] VMware Products Shared Folders Directory Traversal Vulnerability UNIX/Linux: [SA29141] Gentoo update for xine-lib [SA29135] Debian update for ghostscript [SA29115] Fedora update for sword [SA29112] Red Hat update for ghostscript [SA29104] Debian update for koffice [SA29094] GraphicsMagick Multiple Vulnerabilities [SA29086] Debian update for iceape [SA29065] Red Hat update for acroread [SA29060] Gentoo udpate for clamav [SA29161] IBM AIX libc "inet_network()" Off-By-One Vulnerability [SA29157] Red Hat update for gd [SA29130] Apple Mac OS X "ipcomp6_input()" Denial of Service [SA29100] Sun Solaris Firewall Security Bypass and Denial of Service [SA29085] Gentoo update for python [SA29079] Red Hat update for netpbm [SA29078] OpenBSD Two Denial of Service Vulnerabilities [SA29074] Solaris 10 Perl Regular Expressions Unicode Data Buffer Overflow [SA29070] Red Hat update for tcltk [SA29069] Red Hat update for tk [SA29066] lighttpd File Descriptor Array Denial of Service Vulnerability [SA29120] Fedora update for cups [SA29127] DNSSEC-Tools libval Validation Algorithm Security Issue [SA29114] Maian Cart "keywords" Cross-Site Scripting [SA29095] Fedora update for dnssec-tools [SA29083] Mandriva update for nss_ldap [SA29071] Debian update for turba2 [SA29058] Debian update for kernel [SA29132] Mandriva update for cups [SA29087] Red Hat update for cups [SA29068] Red Hat update for openldap [SA29067] Red Hat update for cups [SA29160] Red Hat update for dbus [SA29148] D-Bus "send_interface" Security Policy Bypass [SA29139] IBM AIX X Server Multiple Vulnerabilities [SA29113] Fedora update for wyrd [SA29111] Symark PowerBroker Client Binaries Buffer Overflow Vulnerabilities [SA29080] SplitVT "xprop" Privilege Escalation Security Issue [SA29064] Debian update for splitvt [SA29059] Debian update for dspam [SA29136] Fedora update for kvm [SA29129] KVM Block Device Backend Security Bypass [SA29097] Net Activity Viewer Privilege Escalation Security Issue [SA29081] Fedora update for qemu Other: [SA29082] Cisco IP Phone 7921 Insecure PEAP Implementation Cross Platform: [SA29153] Miro MP4 Demuxer Arbitrary Memory Overwrite [SA29140] Symantec Products Symantec Decomposer RAR File Handling Vulnerabilities [SA29133] Mozilla Thunderbird MIME Processing Buffer Overflow Vulnerability [SA29122] VLC Media Player MP4 Demuxer Arbitrary Memory Overwrite [SA29110] DBHcms "extmanager_install" File Inclusion Vulnerability [SA29103] Ghostscript "zseticcspace()" Buffer Overflow Vulnerability [SA29099] WordPress Sniplets Plugin Multiple Vulnerabilities [SA29089] php Download Manager "content" File Inclusion Vulnerability [SA29088] Interstage Application Server Single Sign-On Buffer Overflow [SA29077] Quantum Star "CONFIG[gameroot]" File Inclusion Vulnerabilities [SA29076] phpQLAdmin "_SESSION[path]" File Inclusion Vulnerabilities [SA29156] Wireshark Multiple Denial of Service Vulnerabilities [SA29123] eazyPortal "session_vars" SQL Injection Vulnerability [SA29107] Xoops XM-Memberstats Module "letter" and "sortby" SQL Injection [SA29106] Joomla! "mosConfig_absolute_path" File Inclusion [SA29090] Joomla! Gary's Cookbook Component "id" SQL Injection [SA29084] H-Sphere SiteStudio Unspecified Vulnerability [SA29073] XOOPS Tiny Event Module "id" SQL Injection [SA29063] XOOPS Prayer List Module "cid" SQL Injection [SA29061] beContent "id" SQL Injection Vulnerability [SA29150] Interspire Shopping Cart "search_query" Cross-Site Scripting [SA29128] Serendipity Script Insertion and Cross-Site Scripting [SA29118] Drupal Multiple Script Insertion Vulnerabilities [SA29116] Plume CMS "dir" Cross-Site Scripting Vulnerability [SA29093] Matt's Whois "domain" Cross-Site Scripting Vulnerability [SA29092] TikiWiki "tiki-edit_article.php" Script Insertion Vulnerability [SA29072] IBM Lotus Quickr/QuickPlace Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA29146] 4XEM VatDecoder VatCtrl Class ActiveX Control "Url" Property Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-27 rgod has discovered a vulnerability in 4XEM VatDecoder, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29146/ -- [SA29145] RTSP MPEG4 SP Control ActiveX Control "Url" Property Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-27 rgod has discovered a vulnerability in RTSP MPEG4 SP Control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29145/ -- [SA29138] ICQ Message Processing Format String Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-28 B0B has discovered a vulnerability in ICQ, which can be exploited by malicious people to compromise another user's system. Full Advisory: http://secunia.com/advisories/29138/ -- [SA29131] D-Link MPEG4 SHM (Audio) Control ActiveX Control "Url" Property Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-27 rgod has discovered a vulnerability in D-Link MPEG4 SHM (Audio) Control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29131/ -- [SA29109] Rising Online Virus Scanner Web Scan ActiveX Control "UpdateEngine()" Insecure Method Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-26 John Smith has discovered a vulnerability in Rising Online Virus Scanner, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29109/ -- [SA29108] Move Media Player Quantum Streaming IE Player "UploadLogs()" Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-26 Elazar Broad has discovered a vulnerability in Move Media Player, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29108/ -- [SA29137] NetWin WebMail Format String Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-02-27 Luigi Auriemma has reported a vulnerability in NetWin WebMail, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29137/ -- [SA29105] SurgeMail Format String and Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-26 Luigi Auriemma has discovered some vulnerabilities in SurgeMail, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29105/ -- [SA29102] Porar Webboard question.asp SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-02-26 xcorpitx has reported a vulnerability in Porar Webboard, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/29102/ -- [SA29096] SurgeFTP "Content-Length" Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-02-26 Luigi Auriemma has discovered a vulnerability in SurgeFTP, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29096/ -- [SA29124] Trend Micro OfficeScan CGI Module and Policy Server Buffer Overflows Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-02-28 Luigi Auriemma has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29124/ -- [SA29062] Zilab Chat and Instant Messaging Server Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-02-22 Luigi Auriemma has discovered some vulnerabilities in Zilab Chat and Instant Messaging (ZIM) Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29062/ -- [SA29142] AuthentiX Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-28 William Hicks and Chris Castaldo have discovered some vulnerabilities in AuthentiX, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/29142/ -- [SA29151] Trend Micro OfficeScan 8.0 Policy Server Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2008-02-28 Luigi Auriemma has discovered a vulnerability in Trend Micro OfficeScan, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29151/ -- [SA29075] Double-Take for Windows Information Disclosure and Denial of Service Critical: Less critical Where: From local network Impact: Exposure of system information, DoS Released: 2008-02-25 Luigi Auriemma has reported some vulnerabilities in Double-Take for Windows, which can be exploited by malicious people to disclose system information and cause a DoS (Denial of Service) Full Advisory: http://secunia.com/advisories/29075/ -- [SA29117] VMware Products Shared Folders Directory Traversal Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-02-26 Gerardo Richarte has reported a vulnerability in VMware products, which can be exploited by malicious, local users or malicious applications to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29117/ UNIX/Linux:-- [SA29141] Gentoo update for xine-lib Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-27 Gentoo has issued an update in xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29141/ -- [SA29135] Debian update for ghostscript Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-28 Debian has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29135/ -- [SA29115] Fedora update for sword Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-26 Fedora has issued an update for sword. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29115/ -- [SA29112] Red Hat update for ghostscript Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-28 Red Hat has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29112/ -- [SA29104] Debian update for koffice Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-26 Debian has issued an update for koffice. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29104/ -- [SA29094] GraphicsMagick Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-02-25 Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks or compromise a user's system. Full Advisory: http://secunia.com/advisories/29094/ -- [SA29086] Debian update for iceape Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access Released: 2008-02-25 Debian has issued an update for iceape. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system. Full Advisory: http://secunia.com/advisories/29086/ -- [SA29065] Red Hat update for acroread Critical: Highly critical Where: From remote Impact: Unknown, Hijacking, DoS, System access Released: 2008-02-25 Red Hat has issued an update for acroread. This fixes some vulnerabilities, some of which have unknown impacts, while others can be exploited by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), or compromise a user's system. Full Advisory: http://secunia.com/advisories/29065/ -- [SA29060] Gentoo udpate for clamav Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-02-22 Gentoo has issued an update for clamav. This fixes some vulnerabilities, which can be exploited to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29060/ -- [SA29161] IBM AIX libc "inet_network()" Off-By-One Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-28 IBM has acknowledged a vulnerability in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29161/ -- [SA29157] Red Hat update for gd Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-28 Red Hat has issued an update for gd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29157/ -- [SA29130] Apple Mac OS X "ipcomp6_input()" Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-02-27 A vulnerability has been reported in Apple Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29130/ -- [SA29100] Sun Solaris Firewall Security Bypass and Denial of Service Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-02-25 Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29100/ -- [SA29085] Gentoo update for python Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-25 Gentoo has issued an update for python. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29085/ -- [SA29079] Red Hat update for netpbm Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-28 Red Hat has issued an update for netpbm. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29079/ -- [SA29078] OpenBSD Two Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-02-25 Two vulnerabilities have been reported in OpenBSD, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29078/ -- [SA29074] Solaris 10 Perl Regular Expressions Unicode Data Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-22 Sun has acknowledged a vulnerability in Solaris, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29074/ -- [SA29070] Red Hat update for tcltk Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-22 Red Hat has issued an update for tcltk. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/29070/ -- [SA29069] Red Hat update for tk Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-22 Red Hat has issued an update for tk. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/29069/ -- [SA29066] lighttpd File Descriptor Array Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-02-22 A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29066/ -- [SA29120] Fedora update for cups Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-02-26 Fedora has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29120/ -- [SA29127] DNSSEC-Tools libval Validation Algorithm Security Issue Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-02-26 A security issue has been reported in DNSSEC-Tools, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29127/ -- [SA29114] Maian Cart "keywords" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-28 Russ McRee has discovered a vulnerability in Maian Cart, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/29114/ -- [SA29095] Fedora update for dnssec-tools Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-02-26 Fedora has issued an update for dnssec-tools. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29095/ -- [SA29083] Mandriva update for nss_ldap Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2008-02-25 Mandriva has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data. Full Advisory: http://secunia.com/advisories/29083/ -- [SA29071] Debian update for turba2 Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-02-25 Debian has issued an update for turba2. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29071/ -- [SA29058] Debian update for kernel Critical: Less critical Where: From remote Impact: Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, DoS Released: 2008-02-25 Debian has issued an update for kernel-2.4.27 and kernel-2.6.8. This fixes some weaknesses, security issues, and vulnerabilities, where one has an unknown impact, and others can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, bypass certain security restrictions, and gain escalated privileges, and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/29058/ -- [SA29132] Mandriva update for cups Critical: Less critical Where: From local network Impact: DoS Released: 2008-02-28 Mandriva has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29132/ -- [SA29087] Red Hat update for cups Critical: Less critical Where: From local network Impact: DoS Released: 2008-02-25 Red Hat has issued an update for cups. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29087/ -- [SA29068] Red Hat update for openldap Critical: Less critical Where: From local network Impact: DoS Released: 2008-02-22 Red Hat has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29068/ -- [SA29067] Red Hat update for cups Critical: Less critical Where: From local network Impact: DoS Released: 2008-02-22 Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29067/ -- [SA29160] Red Hat update for dbus Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-02-28 Red Hat has issued an update for dbus. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29160/ -- [SA29148] D-Bus "send_interface" Security Policy Bypass Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-02-28 A security issue has been reported in D-Bus, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29148/ -- [SA29139] IBM AIX X Server Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2008-02-28 IBM has acknowledged some vulnerabilities in AIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/29139/ -- [SA29113] Fedora update for wyrd Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-26 Fedora has issued an update for wyrd. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/29113/ -- [SA29111] Symark PowerBroker Client Binaries Buffer Overflow Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-27 Michael Ligh and Greg Sinclair have reported some vulnerabilities in Symark PowerBroker, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/29111/ -- [SA29080] SplitVT "xprop" Privilege Escalation Security Issue Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-22 A security issue has been reported in SplitVT, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/29080/ -- [SA29064] Debian update for splitvt Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-22 Debian has issued an update for splitvt. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/29064/ -- [SA29059] Debian update for dspam Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2008-02-22 Debian has issued an update for dspam. This fixes a security issue, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/29059/ -- [SA29136] Fedora update for kvm Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-02-26 Fedora has issued an update for kvm. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29136/ -- [SA29129] KVM Block Device Backend Security Bypass Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-02-26 A vulnerability has been reported in KVM, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29129/ -- [SA29097] Net Activity Viewer Privilege Escalation Security Issue Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-02-25 A security issue has been reported in Net Activity Viewer, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/29097/ -- [SA29081] Fedora update for qemu Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-02-26 Fedora has issued an update for qemu. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/29081/ Other:-- [SA29082] Cisco IP Phone 7921 Insecure PEAP Implementation Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2008-02-27 A security issue has been reported in Cisco IP Phone 7921, which potentially can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/29082/ Cross Platform:-- [SA29153] Miro MP4 Demuxer Arbitrary Memory Overwrite Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-28 A vulnerability has been reported in Miro, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29153/ -- [SA29140] Symantec Products Symantec Decomposer RAR File Handling Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-02-27 Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29140/ -- [SA29133] Mozilla Thunderbird MIME Processing Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-27 A vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/29133/ -- [SA29122] VLC Media Player MP4 Demuxer Arbitrary Memory Overwrite Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-27 A vulnerability has been reported in VLC Media Player, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29122/ -- [SA29110] DBHcms "extmanager_install" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-02-26 Iron has discovered a vulnerability in DBHcms, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29110/ -- [SA29103] Ghostscript "zseticcspace()" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-28 Chris Evans has reported a vulnerability in Ghostscript, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/29103/ -- [SA29099] WordPress Sniplets Plugin Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access Released: 2008-02-27 NBBN has discovered some vulnerabilities in the Sniplets plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29099/ -- [SA29089] php Download Manager "content" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-25 BeyazKurt has discovered a vulnerability in php Download Manager, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29089/ -- [SA29088] Interstage Application Server Single Sign-On Buffer Overflow Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-02-25 A vulnerability has been reported in Interstage Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29088/ -- [SA29077] Quantum Star "CONFIG[gameroot]" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-02-25 RoMaNcYxHaCkEr has discovered two vulnerabilities in Quantum Star: Generations, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29077/ -- [SA29076] phpQLAdmin "_SESSION[path]" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-02-25 RoMaNcYxHaCkEr has reported two vulnerabilities in phpQLAdmin, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29076/ -- [SA29156] Wireshark Multiple Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-02-28 Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/29156/ -- [SA29123] eazyPortal "session_vars" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-02-28 Iron has discovered a vulnerability in eazyPortal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/29123/ -- [SA29107] Xoops XM-Memberstats Module "letter" and "sortby" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-02-25 Two vulnerabilities have been discovered in the XM-Memberstats module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/29107/ -- [SA29106] Joomla! "mosConfig_absolute_path" File Inclusion Critical: Moderately critical Where: From remote Impact: System access Released: 2008-02-25 Hendrik-Jan Verheij has discovered a vulnerability in Joomla!, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/29106/ -- [SA29090] Joomla! Gary's Cookbook Component "id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-02-25 S@BUN has discovered a vulnerability in the Gary's Cookbook component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/29090/ -- [SA29084] H-Sphere SiteStudio Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-02-26 A vulnerability with unknown impact has been reported in H-Sphere SiteStudio. Full Advisory: http://secunia.com/advisories/29084/ -- [SA29073] XOOPS Tiny Event Module "id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-02-22 S@BUN has discovered a vulnerability in the Tiny Event module for XOOPS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/29073/ -- [SA29063] XOOPS Prayer List Module "cid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-02-22 S@BUN has discovered a vulnerability in the Prayer List module for XOOPS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/29063/ -- [SA29061] beContent "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-02-22 Cr@zy_King has reported a vulnerability in beContent, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/29061/ -- [SA29150] Interspire Shopping Cart "search_query" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-28 Russ McRee has reported a vulnerability in Interspire Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/29150/ -- [SA29128] Serendipity Script Insertion and Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-27 Hanno Boeck has discovered two vulnerabilities in Serendipity, which can be exploited by malicious users to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/29128/ -- [SA29118] Drupal Multiple Script Insertion Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-28 Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/29118/ -- [SA29116] Plume CMS "dir" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-26 Omer Singer has discovered a vulnerability in Plume CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/29116/ -- [SA29093] Matt's Whois "domain" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-25 Ivan Sanchez and Maximiliano Soler have reported a vulnerability in Matt's Whois, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/29093/ -- [SA29092] TikiWiki "tiki-edit_article.php" Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-25 A vulnerability has been reported in TikiWiki, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/29092/ -- [SA29072] IBM Lotus Quickr/QuickPlace Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-25 Nir Goldshlager (Avnet) has reported a vulnerability in IBM Lotus Quickr/QuickPlace, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/29072/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Fri Feb 29 2008 - 01:30:35 PST