[ISN] Secunia Weekly Summary - Issue: 2009-3

From: InfoSec News <alerts_at_private>
Date: Fri, 16 Jan 2009 09:48:10 -0600 (CST)
========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2009-01-08 - 2009-01-15                        

                       This week: 87 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Monthly Binary Analysis Update (December)

A new month and year has begun and it is therefore time for me to wrap
up the old year with a December update on our binary analysis
shenanigans.

Read more:
http://secunia.com/blog/40/

 --

The best new Windows program of 2008 

Secunia Personal Software Inspector has been chosen as one of the best
new Windows programs in 2008.

Download.com, the world's largest download site, has chosen Secunia
Personal Software Inspector as one of "The best new Windows programs of
2008". A total of six programs received this fine predicate which also
included Google Chrome.

Download.com also awarded Secunia PSI an editorial rating of five
stars, which is their highest honors and a remarkable recognition.

Read more:
http://secunia.com/blog/41/

========================================================================
2) This Week in Brief:


Three vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/31883/

 --

Some vulnerabilities have been reported in BlackBerry Enterprise Server
and BlackBerry Unite!, which can be exploited by malicious people to
compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/33534/

 --

securfrog has discovered a vulnerability in Winamp, which potentially
can be exploited by malicious people to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/33478/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA31883] Microsoft Windows SMB Packet Handling Vulnerabilities
2.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
3.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
4.  [SA33534] BlackBerry Products PDF Distiller Multiple
              Vulnerabilities
5.  [SA33478] Winamp AIFF Processing Buffer Overflow Vulnerability
6.  [SA29773] Adobe Acrobat/Reader Multiple Vulnerabilities
7.  [SA31821] Apple QuickTime Multiple Vulnerabilities
8.  [SA13769] Zeroboard Multiple Vulnerabilities
9.  [SA33327] Hex Workshop Color Map Buffer Overflow Vulnerability
10. [SA33310] PGP Desktop PGPwded.sys Driver Denial of Service

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA33496] Triologic Media Player Playlist Processing Buffer Overflow
Vulnerability
[SA33483] Browse3D ".sfs" Processing Buffer Overflow Vulnerability
[SA33478] Winamp AIFF Processing Buffer Overflow Vulnerability
[SA33541] Avira Antivir RAR Processing Denial of Service
Vulnerabilities
[SA33489] DMXReady SDK "download_link.asp" Security Bypass
Vulnerability
[SA33487] Members Area Manager "cid" SQL Injection Vulnerability
[SA33482] DMXReady Multiple Products "cid" SQL Injection Vulnerability
[SA33537] AAA EasyGrid ActiveX Control "DoSaveFile()" Insecure Method
[SA33561] TFTPUtil Directory Traversal Vulnerability

UNIX/Linux:
[SA33547] Debian update for xulrunner
[SA33536] Red Hat update for java-1.5.0-ibm
[SA33528] Red Hat update for java-1.6.0-ibm
[SA33505] Amarok Audible Audio Processing Multiple Vulnerabilities
[SA33503] Gentoo update for mplayer
[SA33493] SUSE Update for Mozilla Products
[SA33491] Sun Solaris Adobe Reader Multiple Vulnerabilities
[SA33473] FTTSS A Free Text-To-Speech System "voz" Command Injection
Vulnerability
[SA33462] SUSE Update for Multiple Packages
[SA33460] Gentoo update for acroread
[SA33457] SUSE update for Sun Java
[SA33557] Slackware update for openssl
[SA33518] IBM HMC Unspecified Vulnerability
[SA33517] Red Hat update for squirrelmail
[SA33515] Debian update for openssl and openssl097
[SA33513] Gentoo update for pdnsd
[SA33511] Gentoo update for ndiswrapper
[SA33509] Gentoo update for streamripper
[SA33508] Gentoo tremulous Buffer Overflow Vulnerability
[SA33502] Gentoo update for online-bookmarks
[SA33501] Gentoo update for gnutls
[SA33497] Debian update for lasso
[SA33559] Slackware update for bind
[SA33558] Slackware update for ntp
[SA33556] Red Hat update for kernel
[SA33551] OpenBSD update for named
[SA33546] Fedora update for bind
[SA33543] Fedora update for tqsllib
[SA33507] Debian update for ntp
[SA33504] Debian update for bind9
[SA33499] Debian update for gforge
[SA33494] FreeBSD update for bind
[SA33485] libmikmod Denial of Service Vulnerabilities
[SA33454] Red Hat update for bind
[SA33527] rPath update for samba, samba-client, and samba-server
[SA33520] Red Hat update for avahi
[SA33492] rPath update for samba
[SA33475] Gentoo update for avahi
[SA33545] Fedora update for nfs-utils
[SA33540] Red Hat Certificate Server Information Disclosure
[SA33539] Ubuntu hplip Privilege Escalation Security Issue
[SA33530] Ubuntu update for cups and cupsys
[SA33512] Gentoo update for jhead
[SA33477] Linux Kernel 64bit ABI System Call Parameter Sign Extension
Security Issue
[SA33455] Red Hat update for kernel
[SA33453] Asterisk User Account Enumeration Weakness
[SA33516] Sun Solaris "aio_suspend()" Integer Overflow Vulnerability
[SA33510] Gentoo update for dbus
[SA33498] Debian update for zaptel
[SA33488] Sun Solaris "lpadmin" and "ppdmgr" Denial of Service
Vulnerabilities

Other:
[SA33519] pfSense update for lukemftpd and openssl
[SA33479] Cisco IronPort Products Multiple Vulnerabilities
[SA33456] WebSphere DataPower XML Security Gateway XS40 Denial of
Service
[SA33461] Cisco IOS HTTP Server Two Cross-Site Scripting
Vulnerabilities
[SA33464] Cisco ONS Products Denial of Service Vulnerability

Cross Platform:
[SA33534] BlackBerry Products PDF Distiller Multiple Vulnerabilities
[SA33526] Oracle BEA WebLogic Server Multiple Vulnerabilities
[SA33525] Oracle Products Multiple Vulnerabilities
[SA33465] Realtor 747 "INC_DIR" File Inclusion Vulnerability
[SA33535] Oracle BEA WebLogic Portal Security Bypass Vulnerability
[SA33533] phpList "_SERVER[ConfigFile]" Local File Inclusion
Vulnerability
[SA33490] AN Guestbook "country" Script Insertion Vulnerability
[SA33486] Joomla JA Showcase Component "catid" SQL Injection
Vulnerability
[SA33484] Fast Guest Book Two SQL Injection Vulnerabilities
[SA33480] phpMDJ "id_animateur" SQL Injection Vulnerability
[SA33476] Weight Loss Recipe Book Two SQL Injection Vulnerabilities
[SA33474] SocialEngine "classifiedcat_id" SQL Injection Vulnerability
[SA33471] Photobase "language" Local File Inclusion Vulnerability
[SA33470] DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities
[SA33459] Joomla Fantasy Tournament Component Multiple SQL Injection
[SA33554] Sun Java System Access Manager Privilege Escalation
Vulnerability
[SA33553] Sun Java System Access Manager Password Disclosure Security
Issue
[SA33550] Drupal Content Translation Module Security Bypass
Vulnerability
[SA33549] Drupal Internationalization (i18n) Translation Module
Security Bypass
[SA33542] Drupal Notify Module Privilege Escalation Security Issue
[SA33452] Openfire Multiple Vulnerabilities
[SA33529] IBM DB2 Denial of Service Vulnerabilities
[SA33463] RackTables Authentication Bypass Security Issue

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA33496] Triologic Media Player Playlist Processing Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-13

A vulnerability has been discovered in Triologic Media Player, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33496/

 --

[SA33483] Browse3D ".sfs" Processing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-12

Houssamix has discovered a vulnerability in Browse3D, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33483/

 --

[SA33478] Winamp AIFF Processing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-13

securfrog has discovered a vulnerability in Winamp, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33478/

 --

[SA33541] Avira Antivir RAR Processing Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-15

Thierry Zoller has reported some vulnerabilities in Avira Antivir,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33541/

 --

[SA33489] DMXReady SDK "download_link.asp" Security Bypass
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2009-01-15

ajann has reported a vulnerability in DMXReady SDK, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33489/

 --

[SA33487] Members Area Manager "cid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-14

ajann has reported a vulnerability in Members Area Manager, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33487/

 --

[SA33482] DMXReady Multiple Products "cid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-15

ajann has reported a vulnerability in multiple DMXReady products, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33482/

 --

[SA33537] AAA EasyGrid ActiveX Control "DoSaveFile()" Insecure Method

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-15

Houssamix has discovered a vulnerability in AAA EasyGrid ActiveX, which
can be exploited by malicious people to overwrite arbitrary files.

Full Advisory:
http://secunia.com/advisories/33537/

 --

[SA33561] TFTPUtil Directory Traversal Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-01-15

Rob Kraus has discovered  a vulnerability in TFTPUtil, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33561/


UNIX/Linux:--

[SA33547] Debian update for xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2009-01-15

Debian has issued an update for xulrunner. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33547/

 --

[SA33536] Red Hat update for java-1.5.0-ibm

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access, Exposure of sensitive information,
Exposure of system information, Security Bypass
Released:    2009-01-14

Red Hat has issued an update for java-1.5.0-ibm. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, cause a
DoS (Denial of service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33536/

 --

[SA33528] Red Hat update for java-1.6.0-ibm

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2009-01-14

Red Hat has issued an update for java-1.6.0-ibm. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, cause a
DoS (Denial of service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33528/

 --

[SA33505] Amarok Audible Audio Processing Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-12

Tobias Klein has reported some vulnerabilities in Amarok, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33505/

 --

[SA33503] Gentoo update for mplayer

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-13

Gentoo has issued an update for mplayer. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33503/

 --

[SA33493] SUSE Update for Mozilla Products

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2009-01-14

SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and
mozilla. This fixes some vulnerabilities, which can be exploited by
malicious people to bypass certain security restrictions, disclose
sensitive information, conduct cross-site scripting attacks, or
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33493/

 --

[SA33491] Sun Solaris Adobe Reader Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2009-01-12

Sun has acknowledged some vulnerabilities Adobe Reader included in
Solaris, which can be exploited by malicious, local users to gain
escalated privileges or by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33491/

 --

[SA33473] FTTSS A Free Text-To-Speech System "voz" Command Injection
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-12

A vulnerability has been discovered in FTTSS A Free Text-To-Speech
System, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/33473/

 --

[SA33462] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information, Privilege escalation, DoS, System access
Released:    2009-01-13

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions or to gain escalated privileges,
by malicious users to bypass certain security restrictions or to cause
a DoS (Denial of Service), and by malicious people to disclose
sensitive information, bypass certain security restrictions, conduct
SQL injection and cross-site scripting attacks, to cause a DoS, or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33462/

 --

[SA33460] Gentoo update for acroread

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2009-01-13

Gentoo has issued an update for acroread. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges or by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33460/

 --

[SA33457] SUSE update for Sun Java

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2009-01-12

SUSE has issued an update for Sun Java. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, cause a
DoS (Denial of service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33457/

 --

[SA33557] Slackware update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-15

Slackware has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33557/

 --

[SA33518] IBM HMC Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2009-01-15

A vulnerability with an unknown impact has been reported in IBM
Hardware Management Console (HMC).

Full Advisory:
http://secunia.com/advisories/33518/

 --

[SA33517] Red Hat update for squirrelmail

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-13

Red Hat has issued an update for squirrelmail. This fixes a
vulnerability, which can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33517/

 --

[SA33515] Debian update for openssl and openssl097

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-13

Debian has issued an update for openssl and openssl097. This fixes a
vulnerability, which can be exploited by malicious people to conduct
spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33515/

 --

[SA33513] Gentoo update for pdnsd

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-12

Gentoo has issued an update for pdnsd. This fixes some vulnerabilities,
which can be exploited by malicious people to poison the DNS cache and
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33513/

 --

[SA33511] Gentoo update for ndiswrapper

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-12

Gentoo has issued an update for ndiswrapper. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/33511/

 --

[SA33509] Gentoo update for streamripper

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-12

Gentoo has issued an update for streamripper. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33509/

 --

[SA33508] Gentoo tremulous Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-12

Gentoo has acknowledged a vulnerability in tremulous and tremulous-bin,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33508/

 --

[SA33502] Gentoo update for online-bookmarks

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2009-01-13

Gentoo has issued an update for online-bookmarks. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33502/

 --

[SA33501] Gentoo update for gnutls

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing
Released:    2009-01-15

Gentoo has issued an update for gnutls. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33501/

 --

[SA33497] Debian update for lasso

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-12

Debian has issued an update for lasso. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33497/

 --

[SA33559] Slackware update for bind

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-15

Slackware has issued an update for bind. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33559/

 --

[SA33558] Slackware update for ntp

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-15

Slackware has issued an update for ntp. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33558/

 --

[SA33556] Red Hat update for kernel

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-01-15

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users and
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33556/

 --

[SA33551] OpenBSD update for named

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-15

OpenBSD has issued an update for named. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33551/

 --

[SA33546] Fedora update for bind

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-15

Fedora has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33546/

 --

[SA33543] Fedora update for tqsllib

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-15

Fedora has issued an update for tqsllib. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33543/

 --

[SA33507] Debian update for ntp

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-13

Debian has issued an update for ntp. This fixes a vulnerability, which
can be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33507/

 --

[SA33504] Debian update for bind9

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-13

Debian has issued an update for bind9. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33504/

 --

[SA33499] Debian update for gforge

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-12

Debian has issued an update for gforge. This fixes a vulnerability,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33499/

 --

[SA33494] FreeBSD update for bind

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-15

FreeBSD has issued an update for bind. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33494/

 --

[SA33485] libmikmod Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-01-15

Some vulnerabilities have been reported in libmikmod, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33485/

 --

[SA33454] Red Hat update for bind

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-09

Red Hat has issued an update for bind. This fixes a vulnerability,
which potentially can be exploited by malicious people to conduct
spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33454/

 --

[SA33527] rPath update for samba, samba-client, and samba-server

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2009-01-14

rPath has issued an update for samba, samba-client, and samba-server.
This fixes a vulnerability, which can potentially be exploited by
malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33527/

 --

[SA33520] Red Hat update for avahi

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-01-13

Red Hat has issued an update for avahi. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33520/

 --

[SA33492] rPath update for samba

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2009-01-14

rPath has issued an update for samba. This fixes a vulnerability, which
potentially can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33492/

 --

[SA33475] Gentoo update for avahi

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-01-15

Gentoo has issued an update for avahi. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33475/

 --

[SA33545] Fedora update for nfs-utils

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2009-01-15

Fedora has acknowledged a weakness in nfs-utils, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33545/

 --

[SA33540] Red Hat Certificate Server Information Disclosure

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2009-01-15

Red Hat has acknowledged some security issues in Red Hat Certificate
Server, which can be exploited by malicious, local users to disclose
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/33540/

 --

[SA33539] Ubuntu hplip Privilege Escalation Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-14

Ubuntu has acknowledged a security issue in hplip, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33539/

 --

[SA33530] Ubuntu update for cups and cupsys

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-13

Ubuntu has issued an update for cups and cupsys. This fixes a security
issue, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33530/

 --

[SA33512] Gentoo update for jhead

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-12

Gentoo has issued an update for jhead. This fixes some security issues,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33512/

 --

[SA33477] Linux Kernel 64bit ABI System Call Parameter Sign Extension
Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2009-01-14

A security issue has been reported in the Linux Kernel, which can be
exploited by malicious, local users to potentially cause a DoS (Denial
of Service) or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33477/

 --

[SA33455] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released:    2009-01-09

Red Hat has issued an update for the kernel. This fixes some security
issues and vulnerabilities, which can be exploited by malicious, local
users to cause a DoS (Denial of Service), disclose potentially
sensitive information, bypass certain security restrictions, and gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/33455/

 --

[SA33453] Asterisk User Account Enumeration Weakness

Critical:    Not critical
Where:       From local network
Impact:      Exposure of system information
Released:    2009-01-09

A weakness has been reported in Asterisk, which can be exploited by
malicious people to identify valid user accounts.

Full Advisory:
http://secunia.com/advisories/33453/

 --

[SA33516] Sun Solaris "aio_suspend()" Integer Overflow Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-12

Tobias Klein has reported a vulnerability in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33516/

 --

[SA33510] Gentoo update for dbus

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-12

Gentoo has issued an update for dbus. This fixes a weakness, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33510/

 --

[SA33498] Debian update for zaptel

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-12

Debian has issued an update for zaptel. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service) and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33498/

 --

[SA33488] Sun Solaris "lpadmin" and "ppdmgr" Denial of Service
Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-15

Some vulnerabilities have been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33488/


Other:--

[SA33519] pfSense update for lukemftpd and openssl

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing
Released:    2009-01-12

pfSense has acknowledged some vulnerabilities in pfSense, which can be
exploited by malicious people to conduct cross-site request forgery or
spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33519/

 --

[SA33479] Cisco IronPort Products Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2009-01-15

Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33479/

 --

[SA33456] WebSphere DataPower XML Security Gateway XS40 Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-13

A vulnerability has been reported in IBM DataPower XS40, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33456/

 --

[SA33461] Cisco IOS HTTP Server Two Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-15

Two vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33461/

 --

[SA33464] Cisco ONS Products Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-01-15

A vulnerability has been reported in several Cisco ONS products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33464/


Cross Platform:--

[SA33534] BlackBerry Products PDF Distiller Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-13

Some vulnerabilities have been reported in BlackBerry Enterprise Server
and BlackBerry Unite!, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33534/

 --

[SA33526] Oracle BEA WebLogic Server Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2009-01-14

Some vulnerabilities have been reported in Oracle BEA WebLogic Server,
which can be exploited by malicious people to bypass certain security
restrictions, disclose potentially sensitive information, cause a DoS
(Denial of Service), and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33526/

 --

[SA33525] Oracle Products Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting, Manipulation of data,
Privilege escalation, DoS, System access
Released:    2009-01-14

Some vulnerabilities have been reported in various Oracle products.
Some have unknown impact while others can be exploited by malicious
users to conduct SQL injection attacks or manipulate certain data, and
by malicious people to conduct cross-site scripting attacks, cause a
DoS (Denial of Service), or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33525/

 --

[SA33465] Realtor 747 "INC_DIR" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-14

ahmadbady has discovered a vulnerability in Realtor 747, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33465/

 --

[SA33535] Oracle BEA WebLogic Portal Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-01-14

A vulnerability has been reported in Oracle BEA WebLogic Portal, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33535/

 --

[SA33533] phpList "_SERVER[ConfigFile]" Local File Inclusion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-01-15

AmnPardaz Security Research Team has discovered a vulnerability in
phpList, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/33533/

 --

[SA33490] AN Guestbook "country" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-15

A vulnerability has been discovered in AN Guestbook, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33490/

 --

[SA33486] Joomla JA Showcase Component "catid" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-12

EcHoLL has reported a vulnerability in the JA Showcase component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33486/

 --

[SA33484] Fast Guest Book Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-14

Moudi has discovered two vulnerabilities in Fast Guest Book, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33484/

 --

[SA33480] phpMDJ "id_animateur" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-14

darkjoker has discovered a vulnerability in phpMDJ, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33480/

 --

[SA33476] Weight Loss Recipe Book Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-14

x0r has discovered two vulnerabilities in Weight Loss Recipe Book,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33476/

 --

[SA33474] SocialEngine "classifiedcat_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-12

A vulnerability has been reported in SocialEngine, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33474/

 --

[SA33471] Photobase "language" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-01-12

A vulnerability has been reported in Photobase, which can be exploited
by malicious people to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/33471/

 --

[SA33470] DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-13

Secunia Research has discovered two vulnerabilities in DevIL, which can
be exploited by malicious people to compromise an application using the
library.

Full Advisory:
http://secunia.com/advisories/33470/

 --

[SA33459] Joomla Fantasy Tournament Component Multiple SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-14

H!tm_at_N has reported some vulnerabilities in the Fantasy Tournament
Component for Joomla, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33459/

 --

[SA33554] Sun Java System Access Manager Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation
Released:    2009-01-15

A vulnerability has been reported in Sun Java System Access Manager,
which can be exploited by malicious users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33554/

 --

[SA33553] Sun Java System Access Manager Password Disclosure Security
Issue

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-01-15

A security issue has been reported in Sun Java System Access Manager,
which can be exploited by malicious users to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33553/

 --

[SA33550] Drupal Content Translation Module Security Bypass
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-01-15

A vulnerability has been reported in the Content Translation module for
Drupal, which can be exploited by malicious users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/33550/

 --

[SA33549] Drupal Internationalization (i18n) Translation Module
Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-01-15

A vulnerability has been reported in the Internationalization (i18n)
Translation module for Drupal, which can be exploited by malicious
users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33549/

 --

[SA33542] Drupal Notify Module Privilege Escalation Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation
Released:    2009-01-15

A security issue has been reported in the Notify module for Drupal,
which can be exploited by malicious users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33542/

 --

[SA33452] Openfire Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2009-01-09

Some vulnerabilities have been discovered in Openfire, which can be
exploited by malicious people to conduct cross-site scripting attacks,
and by malicious users to conduct script insertion attacks and disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/33452/

 --

[SA33529] IBM DB2 Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-01-14

Some vulnerabilities have been reported in IBM DB2, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33529/

 --

[SA33463] RackTables Authentication Bypass Security Issue

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2009-01-13

A security issue has been reported in RackTables, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33463/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Fri Jan 16 2009 - 07:48:10 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 16 2009 - 07:57:05 PST