Information Security News mailing list archives
Secunia Weekly Summary - Issue: 2003-50
From: InfoSec News <isn () c4i org>
Date: Fri, 12 Dec 2003 03:28:24 -0600 (CST)
========================================================================
The Secunia Weekly Advisory Summary
2003-12-04 - 2003-12-11
This week : 51 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://www.secunia.com/
========================================================================
2) This Week in Brief:
A vulnerability in the rsync service has been identified, which
reportedly has been used in the compromise of several servers in the
past few months. The vulnerability allows malicious people to execute
arbitrary code with privileges of the rsync service.
Also, almost all Linux distributors have been very fast to issue fixed
packages for this vulnerability, and all administrators are advised to
check for available updates.
Ref.: [SA10353]
Another vulnerability in Internet Explorer has been revealed. This time
it is possible to completely spoof content in the address bar. This
could easily be used to trick users into believing they are on a
trusted domain rather than on a malicious web site trying to get users
to reveal sensitive information.
Users are advised not to follow links from untrusted sources or to
verify digital certificates before entering any sensitive information.
Ref.: [SA10395]
Yahoo! Messenger has been reported vulnerable to Cross-Site Scripting
attacks. The vulnerability can be used to execute HTML or script code
in context of Yahoo! Messenger.
All users of Yahoo! Messenger are advised to install the fixed version.
Ref.: [SA10370]
TIP:
Finding Secunia advisories is easily done through the Secunia web site.
Simply enter the SA ID in the URL:
http://secunia.com/SA10395
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10353] rsync Unspecified Heap Overflow Vulnerability
2. [SA10395] Internet Explorer URL Spoofing Vulnerability
3. [SA10289] Internet Explorer System Compromise Vulnerabilities
4. [SA10252] Apple Safari Cookie Stealing Vulnerability
5. [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow
Vulnerability
6. [SA10328] Linux Kernel "do_brk()" Privilege Escalation
Vulnerability
7. [SA10371] Oracle Multiple Product OpenSSL Vulnerabilities
8. [SA9711] Microsoft Internet Explorer Multiple Vulnerabilities
9. [SA8742] Microsoft Windows Media Player skin download
vulnerability
10. [SA10372] Novell eDirectory SSL/TLS ASN.1 Parser Vulnerabilities
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10379] eZnetwork HTTP Request Buffer Overflow Vulnerability
[SA10395] Internet Explorer URL Spoofing Vulnerability
[SA10370] Yahoo! Messenger IMVironment Cross-Site Scripting
Vulnerability
[SA10382] VP-ASP Shopping Cart "shopdisplayproducts.asp" Cross-Site
Scripting
[SA10375] A-CART "register.asp" Cross-Site Scripting Vulnerability
[SA10368] WebSense Cross Site Scripting Vulnerability
UNIX/Linux:
[SA10378] Immunix update for rsync
[SA10364] Mandrake update for rsync
[SA10363] Red Hat update for rsync
[SA10362] EnGarde update for rsync
[SA10361] Conectiva update for rsync
[SA10360] Fedora update for rsync
[SA10359] OpenPKG update for rsync
[SA10357] SuSE update for rsync
[SA10356] Debian update for rsync
[SA10354] Slackware update for rsync
[SA10353] rsync Unspecified Heap Overflow Vulnerability
[SA10391] Tarantella Enterprise OpenSSL Vulnerabilities
[SA10385] Mathopd Remotely Exploitable Buffer Overflow
[SA10374] Ebola AV Daemon Authentication Buffer Overflow Vulnerability
[SA10401] Mandrake update for ethereal
[SA10400] Red Hat update for gnupg
[SA10399] Fedora update for gnupg
[SA10386] Abyss Web Server Directory Protection Bypass Vulnerability
[SA10377] Conectiva update for kernel
[SA10407] Gentoo update for cvs
[SA10390] Sun Cobalt update for Apache / mod_ssl
[SA10388] CVS Creation of Arbitrary Directories
[SA10392] cdwrite Insecure Temporary File Creation Vulnerability
[SA10387] Mandrake update for screen
[SA10384] Sun Solaris dtprintinfo Privilege Escalation Vulnerability
[SA10367] Fedora update for xboard
[SA10366] Gentoo update for kernel
[SA10365] SuSE update for kernel
[SA10402] Fedora update for Quagga
[SA10369] Sun Cluster TCP Port Conflict Denial of Service
Vulnerability
Other:
[SA10373] Novell NFS Server Incorrect Hostname Alias Handling
Vulnerability
[SA10383] Webgate Web Eye Exposure of Users and Passwords
Cross Platform:
[SA10371] Oracle Multiple Product OpenSSL Vulnerabilities
[SA10398] Multiple Vendor SOAP Server XML Parser Denial of Service
[SA10397] @mail WebMail System Multiple Vulnerabilities
[SA10396] Land Down Under SQL Injection Vulnerability
[SA10381] MyServer Unspecified DoS Vulnerabilities
[SA10376] Xoops SQL Injection and Banner Manipulation Vulnerabilities
[SA10372] Novell eDirectory SSL/TLS ASN.1 Parser Vulnerabilities
[SA10394] Ben's Guestbook Comments Field Cross-Site Scripting
Vulnerability
[SA10393] Snif "path" Cross-Site Scripting Vulnerability
[SA10380] Mantis Unspecified Cross-Site Scripting Vulnerabilities
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA10379] eZnetwork HTTP Request Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-08
A vulnerability has been identified in eZnetwork, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10379/
--
[SA10395] Internet Explorer URL Spoofing Vulnerability
Critical: Moderately critical
Where: From remote
Impact: ID Spoofing
Released: 2003-12-09
A vulnerability has been identified in Internet Explorer, which can be
exploited by malicious people to display a fake URL in the address
bar.
Full Advisory:
http://www.secunia.com/advisories/10395/
--
[SA10370] Yahoo! Messenger IMVironment Cross-Site Scripting
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-08
A vulnerability has been reported in Yahoo! Messenger, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10370/
--
[SA10382] VP-ASP Shopping Cart "shopdisplayproducts.asp" Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-08
A vulnerability has been reported in VP-ASP Shopping Cart, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10382/
--
[SA10375] A-CART "register.asp" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2003-12-05
A vulnerability has been reported in A-CART, which can be exploited by
malicious people to conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10375/
--
[SA10368] WebSense Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-05
A vulnerability has been reported in WebSense, allowing malicious
people to conduct Cross Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10368/
UNIX/Linux:--
[SA10378] Immunix update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-08
Immunix has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10378/
--
[SA10364] Mandrake update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-05
MandrakeSoft has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10364/
--
[SA10363] Red Hat update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-05
Red Hat has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10363/
--
[SA10362] EnGarde update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-04
EnGarde has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10362/
--
[SA10361] Conectiva update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-04
Conectiva has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10361/
--
[SA10360] Fedora update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-04
Red Hat has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10360/
--
[SA10359] OpenPKG update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-04
OpenPKG has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10359/
--
[SA10357] SuSE update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-04
SuSE has issued updated packages for rsync. These fix a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10357/
--
[SA10356] Debian update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-04
Debian has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10356/
--
[SA10354] Slackware update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-04
Slackware has issued updated packages for rsync. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10354/
--
[SA10353] rsync Unspecified Heap Overflow Vulnerability
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2003-12-04
A vulnerability has been identified in rsync, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10353/
--
[SA10391] Tarantella Enterprise OpenSSL Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-09
Tarantella has acknowledged some OpenSSL vulnerabilities in Tarantella
Enterprise 3, which can be exploited by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10391/
--
[SA10385] Mathopd Remotely Exploitable Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-08
A vulnerability has been identified in Mathopd, allowing malicious
people to cause a Denial of Service and possibly execute arbitrary
code.
Full Advisory:
http://www.secunia.com/advisories/10385/
--
[SA10374] Ebola AV Daemon Authentication Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-05
A vulnerability has been reported in Ebola AV Daemon, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10374/
--
[SA10401] Mandrake update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-11
MandrakeSoft has issued updated packages for Ethereal. These fix
multiple vulnerabilities, which potentially can be exploited by
malicious people to compromise a vulnerable system running Ethereal.
Full Advisory:
http://www.secunia.com/advisories/10401/
--
[SA10400] Red Hat update for gnupg
Critical: Moderately critical
Where: From remote
Impact: ID Spoofing, Exposure of sensitive information
Released: 2003-12-11
Red Hat has issued updated packages for gnupg. These fix a
vulnerability, which exposes the private key when using El-Gamal type
20 keys.
Full Advisory:
http://www.secunia.com/advisories/10400/
--
[SA10399] Fedora update for gnupg
Critical: Moderately critical
Where: From remote
Impact: ID Spoofing, Exposure of sensitive information
Released: 2003-12-11
Red Hat has issued updated packages for gnupg. These fix a
vulnerability, which exposes the private key when using El-Gamal type
20 keys.
Full Advisory:
http://www.secunia.com/advisories/10399/
--
[SA10386] Abyss Web Server Directory Protection Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-08
A vulnerability has been identified in Abyss web server, which can be
exploited by malicious people to access certain password protected
directories.
Full Advisory:
http://www.secunia.com/advisories/10386/
--
[SA10377] Conectiva update for kernel
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2003-12-08
Conectiva has issued updated packages for the kernel. These fix
multiple known vulnerabilities, which can be exploited to cause a DoS
(Denial of Service) or to escalate privileges on a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10377/
--
[SA10407] Gentoo update for cvs
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-11
Gentoo has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to create arbitrary folders
and possibly files in the root of the host's file system.
Full Advisory:
http://www.secunia.com/advisories/10407/
--
[SA10390] Sun Cobalt update for Apache / mod_ssl
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2003-12-09
Sun has issued updated packages for Apache and mod_ssl. These fix some
vulnerabilities, which can be exploited by malicious people to
manipulate Apache access and error log files and force mod_ssl to use a
weaker cipher suite than intended.
Full Advisory:
http://www.secunia.com/advisories/10390/
--
[SA10388] CVS Creation of Arbitrary Directories
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-09
A vulnerability has been identified in CVS, allowing malicious users to
create arbitrary folders and possibly files in the root of the host's
file system.
Full Advisory:
http://www.secunia.com/advisories/10388/
--
[SA10392] cdwrite Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-09
A vulnerability has been reported in cdwrite, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://www.secunia.com/advisories/10392/
--
[SA10387] Mandrake update for screen
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-09
MandrakeSoft has issued updated packages for screen. These fix a
vulnerability, which potentially may allow users to escalate their
privileges.
Full Advisory:
http://www.secunia.com/advisories/10387/
--
[SA10384] Sun Solaris dtprintinfo Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-08
Sun has reported a vulnerability in Solaris, which can be exploited by
malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10384/
--
[SA10367] Fedora update for xboard
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-05
Red Hat has issued updated packages for xboard. These fix a
vulnerability, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://www.secunia.com/advisories/10367/
--
[SA10366] Gentoo update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-05
Gentoo has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://www.secunia.com/advisories/10366/
--
[SA10365] SuSE update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-05
SuSE has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://www.secunia.com/advisories/10365/
--
[SA10402] Fedora update for Quagga
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2003-12-11
Red Hat has issued updated packages for Quagga. These fix a
vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10402/
--
[SA10369] Sun Cluster TCP Port Conflict Denial of Service
Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2003-12-05
Sun has reported a vulnerability in Sun Cluster, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10369/
Other:--
[SA10373] Novell NFS Server Incorrect Hostname Alias Handling
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Security Bypass
Released: 2003-12-05
Novell has reported a vulnerability in NetWare 6.5, which potentially
can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://www.secunia.com/advisories/10373/
--
[SA10383] Webgate Web Eye Exposure of Users and Passwords
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2003-12-08
A vulnerability has been reported in Web Eye, which can be exploited
through HTTP by malicious people to view usernames and passwords.
Full Advisory:
http://www.secunia.com/advisories/10383/
Cross Platform:--
[SA10371] Oracle Multiple Product OpenSSL Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2003-12-05
Oracle has confirmed that various products are affected by some OpenSSL
vulnerabilities, which can be exploited by malicious people to gain
knowledge of sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10371/
--
[SA10398] Multiple Vendor SOAP Server XML Parser Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-10
A vulnerability has been identified in various products, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10398/
--
[SA10397] @mail WebMail System Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information
Released: 2003-12-10
Multiple vulnerabilities have been reported in @mail, allowing
malicious people to conduct Cross Site Scripting attacks and users to
view the emails of other users.
Full Advisory:
http://www.secunia.com/advisories/10397/
--
[SA10396] Land Down Under SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2003-12-10
A vulnerability has been reported in Land Down Under, allowing
malicious people to manipulate SQL queries.
Full Advisory:
http://www.secunia.com/advisories/10396/
--
[SA10381] MyServer Unspecified DoS Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-08
Some unspecified vulnerabilities have been reported in MyServer, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://www.secunia.com/advisories/10381/
--
[SA10376] Xoops SQL Injection and Banner Manipulation Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2003-12-08
Some vulnerabilities have been reported in Xoops, which can be
exploited by malicious people to conduct SQL injection attacks and
manipulate banner content.
Full Advisory:
http://www.secunia.com/advisories/10376/
--
[SA10372] Novell eDirectory SSL/TLS ASN.1 Parser Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2003-12-05
Novell has reported that eDirectory is affected by the SSL/TLS ASN.1
parser vulnerabilities, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10372/
--
[SA10394] Ben's Guestbook Comments Field Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-09
A vulnerability has been reported in Ben's Guestbook, which can be
exploited by malicious users to conduct Cross-Site Scripting attacks
against other users.
Full Advisory:
http://www.secunia.com/advisories/10394/
--
[SA10393] Snif "path" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-09
A vulnerability has been reported in Snif, allowing malicious people to
conduct Cross Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10393/
--
[SA10380] Mantis Unspecified Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-09
Some unspecified vulnerabilities have been identified in Mantis, which
can be exploited by malicious people to conduct Cross-Site Scripting
attacks.
Full Advisory:
http://www.secunia.com/advisories/10380/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Subscribe:
http://www.secunia.com/secunia_weekly_summary/
Contact details:
Web : http://www.secunia.com/
E-mail : support () secunia com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Current thread:
- Secunia Weekly Summary - Issue: 2003-50 InfoSec News (Dec 12)