February 22nd 2005
25 issues handled (SF)
1. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R...
2. gFTP Remote Directory Traversal Vulnerability
3. Debian Toolchain-Source Multiple Insecure Temporary File Cre...
4. AWStats Plugin Multiple Remote Command Execution Vulnerabili...
5. AWStats Debug Remote Information Disclosure Vulnerability
6. Synaesthesia Local File Disclosure Vulnerability
7. Opera Web Browser Multiple Remote Vulnerabilities
8. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
9. VMWare Workstation For Linux Local Privilege Escalation Vuln...
10. Linux Kernel Multiple Local Buffer Overflow And Memory Discl...
11. ELOG Web Logbook Multiple Remote Vulnerabilities
12. CitrusDB CSV File Upload Access Validation Vulnerability
13. CitrusDB Remote Authentication Bypass Vulnerability
14. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities
15. CitrusDB Arbitrary Local PHP File Include Vulnerability
16. Lighttpd Remote CGI Script Disclosure Vulnerability
17. Typespeed Local Format String Vulnerability
18. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi...
19. AWStats Logfile Parameter Remote Command Execution Vulnerabi...
20. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ...
21. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service...
22. GProFTPD GProstats Remote Format String Vulnerability
23. Gaim Multiple Remote Denial of Service Vulnerabilities
24. Bidwatcher Remote Format String Vulnerability
25. Tarantella Enterprise/Secure Global Desktop Remote Informati...

February 24th 2005
47 issues handled (SN)
[SA14346] Apple Mac OS X update for Java
[SA14364] cURL/libcURL NTLM and Kerberos Authentication Buffer Overflows
[SA14363] Gentoo update for putty
[SA14361] Gentoo update for gproftpd
[SA14352] SUSE Updates for Multiple Packages
[SA14340] GProftpd Log Parser Format String Vulnerability
[SA14331] Gentoo update for mc
[SA14330] Astaro update for BIND
[SA14334] Fedora update for kdeedu
[SA14376] Debian update for libapache-mod-python
[SA14375] SUSE update for squid
[SA14370] Fedora update for squid
[SA14368] Debian update for squid
[SA14355] Red Hat update for imap
[SA14354] glFTPd "SITE NFO" Directory Traversal Vulnerability
[SA14348] Tarantella Products User Account Enumeration Security Issue
[SA14347] Debian update for bidwatcher
[SA14343] Ubuntu update for squid
[SA14341] Gentoo update for gftp
[SA14339] Gentoo update for squid
[SA14332] Debian update for gftp
[SA14325] Mono ASP.NET Unicode Conversion Cross-Site Scripting
[SA14324] Bidwatcher eBay Format String Vulnerability
[SA14323] Mandrake update for kdelibs
[SA14320] Mandrake update for postgresql
[SA14371] Fedora update for postgresql
[SA14328] fallback-reboot Daemon Status Denial of Service Vulnerability
[SA14321] Ulog-php SQL Injection Vulnerabilities
[SA14357] Red Hat update for cpio
[SA14356] Red Hat update for vim
[SA14345] IBM AIX Perl Interpreter Privilege Escalation Vulnerabilities
[SA14338] Sun Solaris kcms_configure Arbitrary File Manipulation Vulnerability
[SA14374] Fedora update for gaim
[SA14322] Gaim Two Denial of Service Weaknesses
[SA14337] Mambo "GLOBALS['mosConfig_absolute_path']" File Inclusion
[SA14369] iGeneric iG Shop SQL Injection Vulnerabilities
[SA14362] phpBB Avatar Functions Information Disclosure and Deletion
[SA14359] unace Directory Traversal and Buffer Overflow Vulnerabilities
[SA14351] Biz Mail Form Open Mail Relay Vulnerability
[SA14342] IRM LDAP Login Security Bypass Vulnerability
[SA14336] Batik Squiggle Browser Unspecified Security Bypass
[SA14333] PuTTY Two Integer Overflow Vulnerabilities
[SA14326] vBulletin "template" PHP Code Injection Vulnerability
[SA14319] WebCalendar "webcalendar_session" SQL Injection
[SA14327] Arkeia Backup Client Type 77 Request Processing Buffer Overflow
[SA14360] MediaWiki Multiple Vulnerabilities
[SA14329] Invision Power Board SML Codes Script Insertion Vulnerability

February 25th 2005
30 issues handled across 6 distros(LAW)
emacs21
gftp
bidwatcher
mailman
squid
mod_python
kdeedu
selinux-policy-targeted
policycoreutils
gamin
pcmcia-cs
gaim
openssh
postgresql
gimp-help
Midnight Commander
GProFTPD
PuTTY
Cyrus IMAP server
cups
gpdf
kdelibs
KDE
xpdf
tetex
uim
cpio
imap
vim
kernel

Security Focus

1. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R...
BugTraq ID: 12536
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12536
Summary:
A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve/Enterprise. This issue is due to a failure of the application to securely copy data from the network. It should be noted that this issue is reportedly distinct from that outlined in BID 12522 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability). A remote attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well.

2. gFTP Remote Directory Traversal Vulnerability
BugTraq ID: 12539
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12539
Summary:
A remote directory traversal vulnerability reportedly affects gFTP. This issue is due to a failure of the application to sanitize input supplied by malicious FTP server. An attacker may leverage this issue to overwrite or create arbitrary files on an affected computer with the privileges of an unsuspecting user running the vulnerable application. This may lead to a compromise of the affected computer, denial of service attacks, as well as others.

3. Debian Toolchain-Source Multiple Insecure Temporary File Cre...
BugTraq ID: 12540
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12540
Summary:
toolchain-source is reportedly affected by multiple local insecure temporary file creation vulnerabilities. These issues are likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. These issues affect some Debian-specific scripts supplied with the package. Debian toolchain-source versions prior to 3.0.4-1woody1 are reported vulnerable to these issues.

4. AWStats Plugin Multiple Remote Command Execution Vulnerabili...
BugTraq ID: 12543
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12543
Summary:
Multiple remote command execution vulnerabilities reportedly affect AWStats. These issues are due to an input validation error that allows a remote attacker to specify commands to be executed in the context of the affected application. The first problem presents itself due to the potential of malicious use of the 'loadplugin' and 'pluginmode' parameters of the 'awstats.pl' script. The second issue arises from an insecure implementation of the 'loadplugin' parameter functionality. An attacker may leverage these issues to execute arbitrary commands with the privileges of the affected web server running the vulnerable scripts. This may facilitate unauthorized access to the affected computer, as well as other attacks. Multiple sources have reported that AWStats 6.3 and subsequent versions are not vulnerable to these issues.

5. AWStats Debug Remote Information Disclosure Vulnerability
BugTraq ID: 12545
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12545
Summary:
A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may leverage this issue to gain access to potentially sensitive data, possibly facilitating further attacks against an affected computer.

6. Synaesthesia Local File Disclosure Vulnerability
BugTraq ID: 12546
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12546
Summary:
A local file disclosure vulnerability affects Synaesthesia. This issue is due to a failure of the application to securely access files. An attacker may leverage this issue to read arbitrary files on an affected computer. Information gained in this way may lead to further attacks.

7. Opera Web Browser Multiple Remote Vulnerabilities
BugTraq ID: 12550
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12550
Summary:
Opera Web Browser is reported prone to multiple vulnerabilities that are exploitable remotely. The following issues are reported: Opera Web Browser is prone to a vulnerability that presents itself when the browser handles 'data' URIs. A remote malicious website may exploit this condition to execute arbitrary code in the context of a user that is running a vulnerable version of the affected browser. Opera Web Browser is prone to an unspecified security vulnerability that exists in the Opera Java LiveConnect class. Few details are known in regards to this vulnerability. However, it is believed that the issue may be exploited by a remote malicious web site to access dangerous private Java methods. This is not confirmed. This BID will be updated as soon as further research into these issues is completed.

8. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
BugTraq ID: 12551
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12551
Summary:
A remote denial of service vulnerability is reported to exist in Squid. The issue is reported to present itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response. The vendor reports that under the above circumstances the affected service will crash due to an assertion error, effectively denying service to legitimate users.

9. VMWare Workstation For Linux Local Privilege Escalation Vuln...
BugTraq ID: 12552
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12552
Summary:
It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location. A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application.

10. Linux Kernel Multiple Local Buffer Overflow And Memory Discl...
BugTraq ID: 12555
Remote: No
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12555
Summary:
Multiple local buffer overflow and memory disclosure vulnerabilities affect the Linux kernel. These issues are due to a failure to securely copy user-controlled data, a race condition error, and a failure to secure memory written by the kernel. The first issue is a buffer overflow vulnerability in the procfs functionality. The second issue is a kernel memory disclosure vulnerability. The third issue is a race condition error in the Radeon driver that leads to a potential buffer overflow condition. The fourth issue is a buffer overflow vulnerability in the i2c-viapro driver. A local attacker may leverage these issues to execute arbitrary code, potentially facilitating privilege escalation, and to disclose sensitive kernel memory.

11. ELOG Web Logbook Multiple Remote Vulnerabilities
BugTraq ID: 12556
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12556
Summary:
ELOG is reported prone to multiple remote vulnerabilities. These issues may allow an attacker to disclose sensitive information and potentially execute arbitrary code on a vulnerable computer. The following specific issues were identified: The application is reported prone to an unspecified buffer overflow vulnerability. The vendor has reported that this vulnerability is exploitable and allows attackers to gain unauthorized access to a vulnerable computer. Another vulnerability affecting the application can allow remote attackers to obtain sensitive information such as authentication credentials stored in an unspecified configuration file. ELOG 2.5.0 and prior versions are affected by these vulnerabilities.

12. CitrusDB CSV File Upload Access Validation Vulnerability
BugTraq ID: 12557
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12557
Summary:
CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import. These issues are reported to affect CitrusDB 0.3.6; earlier versions may also be affected.

13. CitrusDB Remote Authentication Bypass Vulnerability
BugTraq ID: 12560
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12560
Summary:
CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information. An attacker could exploit this vulnerability to log in as any existing user, including the 'admin' account. This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.

14. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12561
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12561
Summary:
It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials

15. CitrusDB Arbitrary Local PHP File Include Vulnerability
BugTraq ID: 12564
Remote: Unknown
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12564
Summary:
CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected. This issue may also allow remote file includes, although this has not been confirmed.

16. Lighttpd Remote CGI Script Disclosure Vulnerability
BugTraq ID: 12567
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12567
Summary:
lighttpd is reported prone to an information disclosure vulnerability. Reports indicate that a NULL sequence appended to the filename of a CGI or FastCGI script will result in the script contents being served to the requestor. Information that is harvested by exploiting this vulnerability may be used to aid in further attacks launched against the target computer. This vulnerability is reported to affect lighttpd 1.3.7 and previous versions.

17. Typespeed Local Format String Vulnerability
BugTraq ID: 12569
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12569
Summary:
typespeed is prone to a local format string vulnerability. Successful could allow privilege escalation.

18. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi...
BugTraq ID: 12570
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12570
Summary:
Multiple buffer overflow vulnerabilities affect KDE KStar fliccd. These issues are due to a failure of the utility to securely copy user-supplied data into process memory. An attacker may leverage these issues to gain escalated privileges locally and, if the affected utility is run as a daemon, may facilitate remote code execution with superuser privileges.

19. AWStats Logfile Parameter Remote Command Execution Vulnerabi...
BugTraq ID: 12572
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12572
Summary:
AWStats is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl open() routine. It is beleived that this issue is distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability). AWStats versions 5.4 to 6.1 are reported vulnerable to this issue.

20. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ...
BugTraq ID: 12575
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12575
Summary:
A security weakness is reported to affect the Advanced Linux Sound Architecture (ALSA) 'libasound.so' module; specifically the issue is reported to be present in the ALSA mixer code. It is reported that the weakness can be leveraged to disable stack-based memory code execution protection on binaries that are linked to the library.

21. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service...
BugTraq ID: 12584
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12584
Summary:
OpenLDAP is reported prone to multiple unspecified remotely exploitable denial of service vulnerabilities. The vulnerabilities are reported to exist in the 'slapd' daemon. A remote attacker may exploit these vulnerabilities to deny LDAP service for legitimate users. This BID will be updated as soon as further information regarding these issues is made available.

22. GProFTPD GProstats Remote Format String Vulnerability
BugTraq ID: 12588
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12588
Summary:
GProftpd gprostats utility is reported prone to a remote format string handling vulnerability. A remote attacker may exploit this vulnerability to execute arbitrary attacker-supplied code in the context of the affected utility. This vulnerability is reported to affect GProftpd version 8.1.7 and precious versions.

23. Gaim Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 12589
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12589
Summary:
Gaim is prone to multiple remote denial of service vulnerabilities. These issues can allow remote attackers to crash an affected client. The following specific issues were identified: Remote AIM or ICQ users may trigger a crash in a client by sending malformed SNAC packets. Another vulnerability in the client arises during the parsing of malformed HTML data. Gaim versions prior to 1.1.3 are affected by these issues.

24. Bidwatcher Remote Format String Vulnerability
BugTraq ID: 12590
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12590
Summary:
A remote format string vulnerability affects bidwatcher. This issue is due to a failure of the application to properly implement a formatted string function. An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of an unsuspecting user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

25. Tarantella Enterprise/Secure Global Desktop Remote Informati...
BugTraq ID: 12591
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12591
Summary:
Tarantella Enterprise 3 and Secure Global Desktop products are prone to an information disclosure vulnerability. This issue arises from a design error that may allow an attacker to gather sensitive information about a vulnerable computer. Information gathered by exploiting this vulnerability may be used to launch other attacks against a computer. Specifically, computers running Tarantella Enterprise 3 and Secure Global Desktop products in combination with RSA SecurID and multiple users with the same username are affected.

Secunia

[SA14346] Apple Mac OS X update for Java
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-23
Apple has acknowledged a vulnerability in Java for Mac OS X, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14346/

[SA14364] cURL/libcURL NTLM and Kerberos Authentication Buffer Overflows
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-22
infamous41md has reported two vulnerabilities in cURL/libcURL, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14364/

[SA14363] Gentoo update for putty
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-22
Gentoo has issued an update for putty. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14363/

[SA14361] Gentoo update for gproftpd
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-21
Gentoo has issued an update for gproftpd. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14361/

[SA14352] SUSE Updates for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, DoS, System access
Released: 2005-02-22
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited to gain escalated privileges,
bypass certain security restrictions, enumerate valid users, overwrite
files, cause a DoS (Denial of Service), or potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14352/

[SA14340] GProftpd Log Parser Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-21
Tavis Ormandy has reported a vulnerability in GProftpd, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14340/

[SA14331] Gentoo update for mc
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-02-18
Gentoo has issued an update for mc. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or execute arbitrary code.
Full Advisory:
http://secunia.com/advisories/14331/

[SA14330] Astaro update for BIND
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-02-18
Full Advisory:
http://secunia.com/advisories/14330/

[SA14334] Fedora update for kdeedu
Critical: Moderately critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-02-18
Fedora has issued an update for kdeedu. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and potentially by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14334/

[SA14376] Debian update for libapache-mod-python
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-23
Debian has issued an update for libapache-mod-python. This fixes a
vulnerability, which potentially can be exploited by malicious people
to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14376/

[SA14375] SUSE update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-23
SUSE has issued an update for squid. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14375/

[SA14370] Fedora update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-23
Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14370/

[SA14368] Debian update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-23
Debian has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14368/

[SA14355] Red Hat update for imap
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-02-21
Red Hat has issued an update for imap. This fixes an older
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/14355/

[SA14354] glFTPd "SITE NFO" Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive information
Released: 2005-02-22
Paul Craig has reported a vulnerability in glFTPd, which can be
exploited by malicious users to detect the presence of local files and
disclose some system and sensitive information.
Full Advisory:
http://secunia.com/advisories/14354/

[SA14348] Tarantella Products User Account Enumeration Security Issue
Critical: Less critical
Where: From remote
Impact: Exposure of system information
Released: 2005-02-21
A security issue has been reported in Secure Global Desktop Enterprise
Edition and Tarantella Enterprise, which can be exploited by malicious
people to enumerate valid user accounts and disclose some system
information.
Full Advisory:
http://secunia.com/advisories/14348/

[SA14347] Debian update for bidwatcher
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-02-21
Debian has issued an update for bidwatcher. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14347/

[SA14343] Ubuntu update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-21
Ubuntu has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14343/

[SA14341] Gentoo update for gftp
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-02-21
Gentoo has issued an update for gftp. This fixes a vulnerability, which
can be exploited by malicious people to conduct directory traversal attacks.
Full Advisory:
http://secunia.com/advisories/14341/

[SA14339] Gentoo update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-21
Gentoo has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14339/

[SA14332] Debian update for gftp
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-02-18
Debian has issued an update for gftp. This fixes a vulnerability, which
can be exploited by malicious people to conduct directory traversal attacks.
Full Advisory:
http://secunia.com/advisories/14332/

[SA14325] Mono ASP.NET Unicode Conversion Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-02-22
Andrey Rusyaev has discovered a vulnerability in Mono, which
potentially can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14325/

[SA14324] Bidwatcher eBay Format String Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-02-18
Ulf Härnhammar has reported a vulnerability in Bidwatcher, which
potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14324/

[SA14323] Mandrake update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Privilege escalation
Released: 2005-02-18
MandrakeSoft has issued an update for kdelibs. This fixes two
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges and by malicious people to conduct FTP command injection
attacks.
Full Advisory:
http://secunia.com/advisories/14323/

[SA14320] Mandrake update for postgresql
Critical: Less critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS
Released: 2005-02-18
MandrakeSoft has issued an update for postgresql. This fixes various
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges, cause a DoS (Denial of Service), or bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14320/

[SA14371] Fedora update for postgresql
Critical: Less critical
Where: From local network
Impact: Privilege escalation
Released: 2005-02-23
Fedora has issued an update for postgresql. This fixes some
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/14371/

[SA14328] fallback-reboot Daemon Status Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-02-22
A vulnerability has been reported in fallback-reboot, which potentially
can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14328/

[SA14321] Ulog-php SQL Injection Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Manipulation of data
Released: 2005-02-21
Some vulnerabilities have been reported in Ulog-php, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14321/

[SA14357] Red Hat update for cpio
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Manipulation of data
Released: 2005-02-21
Red Hat has issued an update for cpio. This fixes a vulnerability,
which can be exploited by malicious, local users to disclose and
manipulate information.
Full Advisory:
http://secunia.com/advisories/14357/

[SA14356] Red Hat update for vim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-21
Red Hat has issued an update for vim. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions on
a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14356/

[SA14345] IBM AIX Perl Interpreter Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-21
IBM has acknowledged two vulnerabilities in the perl interpreter in
AIX. These can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14345/

[SA14338] Sun Solaris kcms_configure Arbitrary File Manipulation Vulnerability
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-02-22
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to manipulate the contents of
arbitrary files.
Full Advisory:
http://secunia.com/advisories/14338/

[SA14374] Fedora update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-02-23
Fedora has issued an update for gaim. This fixes two weaknesses, which
can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14374/

[SA14322] Gaim Two Denial of Service Weaknesses
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-02-18
Two weaknesses have been reported in Gaim, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14322/

[SA14337] Mambo "GLOBALS['mosConfig_absolute_path']" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-21
A vulnerability has been reported in Mambo, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14337/

[SA14369] iGeneric iG Shop SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-02-23
John Cobb has reported some vulnerabilities in iG Shop, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14369/

[SA14362] phpBB Avatar Functions Information Disclosure and Deletion
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2005-02-22
AnthraX101 has reported two vulnerabilities in phpBB, which can be
exploited by malicious users to disclose and delete sensitive
information.
Full Advisory:
http://secunia.com/advisories/14362/

[SA14359] unace Directory Traversal and Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-23
Ulf Härnhammar has discovered some vulnerabilities in unace, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14359/

[SA14351] Biz Mail Form Open Mail Relay Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-22
Jason Frisvold has reported a vulnerability in Biz Mail Form, which can
be exploited by malicious people to use it as an open mail relay.
Full Advisory:
http://secunia.com/advisories/14351/

[SA14342] IRM LDAP Login Security Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-21
Fulvio Civitareale has reported a vulnerability in IRM, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14342/

[SA14336] Batik Squiggle Browser Unspecified Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-22
A vulnerability has been reported in Batik, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14336/

[SA14333] PuTTY Two Integer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-21
Gaël Delalleau has reported two vulnerabilities in PuTTY, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14333/

[SA14326] vBulletin "template" PHP Code Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-22
pokleyzz has reported a vulnerability in vBulletin, which potentially
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14326/

[SA14319] WebCalendar "webcalendar_session" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-02-18
Michael Scovetta has reported a vulnerability in WebCalendar, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14319/

[SA14327] Arkeia Backup Client Type 77 Request Processing Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-02-21
John Doe has reported a vulnerability in Arkeia, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14327/

[SA14360] MediaWiki Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of data
Released: 2005-02-22
Some vulnerabilities have been reported in MediaWiki, which can be
exploited by malicious users to delete arbitrary files, and by
malicious people to conduct cross-site scripting attacks and bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14360/

[SA14329] Invision Power Board SML Codes Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-02-21
Daniel A. has reported a vulnerability in Invision Power Board, which
potentially can be exploited by malicious users to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/14329/

Linux Advisory Watch

Distribution: Debian

* Debian: New emacs21 packages fix arbitrary code execution
17th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118356

* Debian: New gftp packages fix directory traversal vulnerability
17th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118362

* Debian: New bidwatcher packages fix format string vulnerability
18th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118384

* Debian: New mailman packages really fix several vulnerabilities
21st, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118391

* Debian: New squid packages fix denial of service
23rd, February, 2005
Updated packages.
http://www.linuxsecurity.com/content/view/118411

* Debian: New mod_python packages fix information leak
23rd, February, 2005
Updated packages.
http://www.linuxsecurity.com/content/view/118416

Distribution: Fedora

* Fedora Core 3 Update: kdeedu-3.3.1-2.3
17th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118361

* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.80
17th, February, 2005
Updated.
http://www.linuxsecurity.com/content/view/118364

* Fedora Core 3 Update: policycoreutils-1.18.1-2.9
17th, February, 2005
Updated.
http://www.linuxsecurity.com/content/view/118365

* Fedora Core 3 Update: gamin-0.0.24-1.FC3
18th, February, 2005
This update fixes a number of annoying bugs in gamin especially the
Desktop update problem in the GNOME environment that affected a
number of users.
http://www.linuxsecurity.com/content/view/118386

* Fedora Core 3 Update: pcmcia-cs-3.2.7-2.2
21st, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118397

* Fedora Core 2 Update: gaim-1.1.3-1.FC2
22nd, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118404

* Fedora Core 3 Update: gaim-1.1.3-1.FC3
22nd, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118405

* Fedora Core 3 Update: openssh-3.9p1-8.0.1
22nd, February, 2005
This update changes default ssh client configuration so the trusted
X11 forwarding is enabled. Untrusted X11 forwarding is not
supported by X11 clients and doesn't work with Xinerama.
http://www.linuxsecurity.com/content/view/118406

* Fedora Core 3 Update: postgresql-7.4.7-3.FC3.1
22nd, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118407

* Fedora Core 2 Update: postgresql-7.4.7-3.FC2.1
22nd, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118408

* Fedora Core 2 Update: squid-2.5.STABLE8-1.FC2.1
22nd, February, 2005
This update fixes
CAN-2005-0446 Squid DoS from bad DNS response
http://www.linuxsecurity.com/content/view/118409

* Fedora Core 3 Update: squid-2.5.STABLE8-1.FC3.1
22nd, February, 2005
This update fixes CAN-2005-0446 Squid DoS from bad DNS response
http://www.linuxsecurity.com/content/view/118410

* Fedora Core 3 Update: gimp-help-2-0.1.0.7.0.fc3.1
24th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118424

Distribution: Gentoo

* Gentoo: Midnight Commander Multiple vulnerabilities
17th, February, 2005
Midnight Commander contains several format string errors, buffer
overflows and one buffer underflow leading to execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118363

* Gentoo: Squid Denial of Service through DNS responses
18th, February, 2005
Squid contains a bug in the handling of certain DNS responses
resulting in a Denial of Service.
http://www.linuxsecurity.com/content/view/118382

* Gentoo: GProFTPD gprostats format string vulnerability
18th, February, 2005
gprostats, distributed with GProFTPD, is vulnerable to a format
string vulnerability, potentially leading to the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/118383

* Gentoo: gFTP Directory traversal vulnerability
19th, February, 2005
gFTP is vulnerable to directory traversal attacks, possibly leading
to the creation or overwriting of arbitrary files.
http://www.linuxsecurity.com/content/view/118388

* Gentoo: PuTTY Remote code execution
21st, February, 2005
PuTTY was found to contain vulnerabilities that can allow a malicious
SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP clients.
http://www.linuxsecurity.com/content/view/118395

* Gentoo: Cyrus IMAP Server Multiple overflow vulnerabilities
23rd, February, 2005
The Cyrus IMAP Server is affected by several overflow vulnerabilities
which could potentially lead to the remote execution of arbitrary
code.
http://www.linuxsecurity.com/content/view/118417

Distribution: Mandrake

* Mandrake: Updated cups packages fix
17th, February, 2005
Previous updates to correct integer overflow issues affecting xpdf
overlooked certain conditions when built for a 64 bit platform.
(formerly CAN-2004-0888). This also affects applications like cups,
that use embedded versions of xpdf. The updated packages are patched
to deal with these issues.
http://www.linuxsecurity.com/content/view/118367

* Mandrake: Updated gpdf packages fix
17th, February, 2005
Previous updates to correct integer overflow issues affecting xpdf
overlooked certain conditions when built for a 64 bit platform.
(formerly CAN-2004-0888). This also affects applications like gpdf,
that use embedded versions of xpdf. The updated packages are patched
to deal with these issues.
http://www.linuxsecurity.com/content/view/118368

* Mandrake: Updated kdelibs packages fix
17th, February, 2005
A bug in the way kioslave handles URL-encoded newline (%0a)
characters before the FTP command was discovered. Because of this,
it is possible that a specially crafted URL could be used to execute
any ftp command on a remote server, or even send unsolicited email.
http://www.linuxsecurity.com/content/view/118369

* Mandrake: Updated KDE packages address
17th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118370

* Mandrake: Updated xpdf packages fix
17th, February, 2005
Previous updates to correct integer overflow issues affecting xpdf
overlooked certain conditions when built for a 64 bit platform.
(formerly CAN-2004-0888). This also affects applications that use
embedded versions of xpdf. The updated packages are patched to
deal with these issues.
http://www.linuxsecurity.com/content/view/118371

* Mandrake: Updated PostgreSQL packages
17th, February, 2005
A number of vulnerabilities were found.
http://www.linuxsecurity.com/content/view/118372

* Mandrake: Updated tetex packages fix
17th, February, 2005
Previous updates to correct integer overflow issues affecting xpdf
overlooked certain conditions when built for a 64 bit platform.
(formerly CAN-2004-0888). This also affects applications like tetex,
that use embedded versions of xpdf. The updated packages are patched
to deal with these issues.
http://www.linuxsecurity.com/content/view/118373

* Mandrake: Updated uim packages fix
24th, February, 2005
Takumi ASAKI discovered that uim always trusts environment variables
which can allow a local attacker to obtain elevated privileges when
libuim is linked against an suid/sgid application. This problem is
only exploitable in 'immodule for Qt' enabled Qt applications.
The updated packages are patched to fix the problem.
http://www.linuxsecurity.com/content/view/118425

* Mandrake: Updated squid packages fix
24th, February, 2005
The squid developers discovered that a remote attacker could cause
squid to crash via certain DNS responses. The updated packages are
patched to fix the problem.
http://www.linuxsecurity.com/content/view/118426

Distribution: Red Hat

* RedHat: Low: cpio security update
18th, February, 2005
An updated cpio package that fixes a umask bug and supports large
files (>2GB) is now available. This update has been rated as having
low security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118378

* RedHat: Low: imap security update
18th, February, 2005
Updated imap packages that fix a security issue are now available for

Red Hat Enterprise Linux 2.1. This update has been rated as having
low security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118379

* RedHat: Low: vim security update
18th, February, 2005
Updated vim packages that fix a security vulnerability are now
available. This update has been rated as having low security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118380

* RedHat: Important: cups security update
18th, February, 2005
Updated cups packages that fix a security issue are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118381

* RedHat: Important: kernel security update
18th, February, 2005
Updated kernel packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. This update has been rated
as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/118385

* RedHat: Moderate: imap security update
23rd, February, 2005
Updated imap packages to correct a security vulnerability in CRAM-MD5
authentication are now available for Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118418

Distribution: SuSE

* SuSE: squid remote denial of service
22nd, February, 2005
Squid is an Open Source web proxy.
A remote attacker was potentially able to crash the Squid web proxy
if the log_fqdn option was set to "on" and the DNS replies were
manipulated.
http://www.linuxsecurity.com/content/view/118403

* SuSE: cyrus-imapd buffer overflows
24th, February, 2005
This update fixes one-byte buffer overruns in the cyrus-imapd IMAP
server package.
http://www.linuxsecurity.com/content/view/118423