March 15th 2005
13 issues handled (SF)
1. PaX VMA Mirroring Privilege Escalation Vulnerability
2. Abuse Multiple Local Privilege Escalation Vulnerabilities
3. PHPBB Session.PHP Autologin User_Level Privilege Escalation ...
4. RedHat Linux Less Remote Buffer Overflow Vulnerability
5. Xoops Custom Avatar Remote Arbitrary PHP File Upload Vulnera...
6. YaBB Remote UsersRecentPosts Cross-Site Scripting Vulnerabil...
7. Drupal Unspecified Cross-Site Scripting Vulnerability
8. PHP Arena PAFileDB Multiple Remote Cross Site Scripting Vuln...
9. Linux Kernel SYS_EPoll_Wait Local Integer Overflow Vulnerabi...
10. Perl Local Race Condition Privilege Escalation Vulnerability
11. Grip CDDB Response Multiple Matches Buffer Overflow Vulnerab...
12. PHPOutsourcing Zorum Multiple Remote Vulnerabilities
13. MySQL AB MySQL Multiple Remote Vulnerabilities

March 17th 2005
46 issues handled (SN)
[SA14597] Mandrake update for cyrus-sasl
[SA14574] Gentoo update for libexif
[SA14572] Gentoo update for xorg-x11
[SA14552] SUSE update for realplayer
[SA14606] Fedora update for sylpheed
[SA14603] Gentoo update for ringtonetools
[SA14596] Mandrake update for ethereal
[SA14594] Ubuntu update for kernel
[SA14587] Fedora update for ipsec-tools
[SA14586] IPsec-Tools ISAKMP Header Parsing Denial of Service
[SA14584] KAME Racoon ISAKMP Header Parsing Denial of Service
[SA14573] Gentoo update for ethereal
[SA14570] Linux Kernel PPP Server Denial of Service Vulnerability
[SA14598] Mandrake update for openslp
[SA14581] SUSE update for openslp
[SA14561] OpenSLP Buffer Overflow Vulnerabilities
[SA14593] Ubuntu update for mysql
[SA14582] Debian luxman Privilege Escalation Vulnerability
[SA14562] rxvt-unicode Terminal Input Buffer Overflow Vulnerability
[SA14563] Conectiva update for gaim
[SA14558] Red Hat update for gaim
[SA14591] KDE Desktop Communication Protocol Denial of Service
[SA14600] PHPOpenChat "sourcedir" File Inclusion Vulnerability
[SA14577] VoteBox "VoteBoxPath" File Inclusion Vulnerability
[SA14566] holaCMS "vote_filename" Directory Traversal Vulnerability
[SA14559] WEBInsta Limbo "absolute_path" File Inclusion Vulnerability
[SA14602] ZPanel "uname" SQL Injection and Security Bypass
[SA14595] Symantec Products Unspecified DNS Cache Poisoning Vulnerability
[SA14590] paBox "posticon" Script Insertion Vulnerability
[SA14583] SimpGB "quote" SQL Injection Vulnerability
[SA14579] Spinworks Application Server Web Server Denial of Service
[SA14578] UBB.threads "Number" SQL Injection Vulnerability
[SA14576] PhotoPost PHP Pro Multiple Vulnerabilities
[SA14555] LimeWire Gnutella Disclosure of Sensitive Information
[SA14599] phpMyAdmin "_" Wildcard Permissions Security Bypass
[SA14592] phpPgAds / phpAdsNew "refresh" Cross-Site Scripting Vulnerability
[SA14589] WebSphere Commerce Private Information Disclosure
[SA14554] Phorum Script Insertion Vulnerabilities
[SA14588] Cosminexus Server Component Container Tomcat Denial of Service
[SA14575] MaxDB Web Agent Denial of Service Vulnerabilities
[SA14569] Apache Tomcat AJP12 Protocol Denial of Service Vulnerability
[SA14607] Novell iChain miniFTP Server Brute Force Weakness
[SA14568] Mozilla "Save Link Target As..." Status Bar Spoofing Weakness
[SA14567] Thunderbird "Save Link Target As..." Status Bar Spoofing Weakness
[SA14565] Firefox "Save Link As..." Status Bar Spoofing Weakness
[SA14560] Citrix MetaFrame Password Manager Secondary Password Disclosure

March 18th 2005
33 issues handled across 7 distros (LAW)
gaim
kdenetwork
squirrelmail
luxman
hwbrowser
at
bind
openoffice.org
networkmanager
ipsec-tools
sylpheed
koffice
qt
ImageMagick
ethereal
system-config-samba
udev
libXpm
libexif
RingtoneTools
Perl rmtree
mySQL
curl
lvm2
cyrus-sasl
gnupg
openslp
evolution
kdelibs
tetex
postfix
squid
Mozilla Firefox

Security Focus

1. PaX VMA Mirroring Privilege Escalation Vulnerability
BugTraq ID: 12729
Remote: Yes
Date Published: Mar 05 2005
Relevant URL: http://www.securityfocus.com/bid/12729
Summary:
It is reported that PaX contains a privilege escalation vulnerability. Local unprivileged users may exploit this vulnerability to execute arbitrary code with the privileges of any targeted user. It is also conjectured that remote attackers may also be able to exploit this vulnerability, but exploitability depends on the ability of an attacker to control the executable file mappings of a targeted application. This issue is only exploitable if SEGMEXEC or RANDEXEC are enabled in the kernel configuration. This vulnerability is reported to affect all versions of PaX since September, 2003, when VMA mirroring was introduced.

2. Abuse Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 12734
Remote: No
Date Published: Mar 07 2005
Relevant URL: http://www.securityfocus.com/bid/12734
Summary:
Abuse is reported prone to multiple vulnerabilities. The following individual issues are reported: Abuse is reported prone to multiple local buffer overflow vulnerabilities. It is reported that a local attacker may exploit these issues to execute arbitrary code with superuser privileges. Abuse is also reported prone to an insecure file creation vulnerability. Reports indicate that this issue may be leveraged to overwrite arbitrary files with superuser privileges.

3. PHPBB Session.PHP Autologin User_Level Privilege Escalation ...
BugTraq ID: 12736
Remote: Yes
Date Published: Mar 07 2005
Relevant URL: http://www.securityfocus.com/bid/12736
Summary:
phpBB is reported prone to a privilege escalation vulnerability. The issue is reported to exist when an autologin fails. A remote attacker may potentially exploit this vulnerability to gain access to parts of the affected website that should only be visible to a website administrator. Information harvested through exploitation of this vulnerability may be employed to aid in further attacks against the affected site. This vulnerability is reported to affect phpBB versions up to up to 2.0.13.

4. RedHat Linux Less Remote Buffer Overflow Vulnerability
BugTraq ID: 12753
Remote: Yes
Date Published: Mar 08 2005
Relevant URL: http://www.securityfocus.com/bid/12753
Summary:
A remote, client-side buffer overflow vulnerability affects RedHat Linux less. This issue is due to a failure of the application to securely copy file data into finite process buffers. An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user.

5. Xoops Custom Avatar Remote Arbitrary PHP File Upload Vulnera...
BugTraq ID: 12754
Remote: Yes
Date Published: Mar 08 2005
Relevant URL: http://www.securityfocus.com/bid/12754
Summary:
Xoops is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded using custom avatar upload functionality. A subsequent request for an uploaded script will result in the execution of the script code in the context of the hosting web server. This vulnerability is reported to affect Xoops version 2.0.9.2 and previous versions.

6. YaBB Remote UsersRecentPosts Cross-Site Scripting Vulnerabil...
BugTraq ID: 12756
Remote: Yes
Date Published: Mar 08 2005
Relevant URL: http://www.securityfocus.com/bid/12756
Summary:
A remote cross-site scripting vulnerability affects YaBB. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

7. Drupal Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 12757
Remote: Yes
Date Published: Mar 08 2005
Relevant URL: http://www.securityfocus.com/bid/12757
Summary:
An unspecified remote cross-site scripting vulnerability affects Drupal. This issue is due to a failure of thapplication to properly sanitize user-supplied input prior to using it in dynamically generated Web page content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This vulnerability is reported to affect Drupal versions prior to version 4.5.2.

8. PHP Arena PAFileDB Multiple Remote Cross Site Scripting Vuln...
BugTraq ID: 12758
Remote: Yes
Date Published: Mar 08 2005
Relevant URL: http://www.securityfocus.com/bid/12758
Summary:
Multiple remote cross-site scripting vulnerabilities affect PHP Arena PaFileDB. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

9. Linux Kernel SYS_EPoll_Wait Local Integer Overflow Vulnerabi...
BugTraq ID: 12763
Remote: No
Date Published: Mar 09 2005
Relevant URL: http://www.securityfocus.com/bid/12763
Summary:
A Local integer overflow vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to properly handle user-supplied size values. An attacker may leverage this issue to overwrite low kernel memory. This may potentially facilitate privilege escalation.

10. Perl Local Race Condition Privilege Escalation Vulnerability
BugTraq ID: 12767
Remote: No
Date Published: Mar 09 2005
Relevant URL: http://www.securityfocus.com/bid/12767
Summary:
Perl is reported prone to a local race condition vulnerability. The vulnerability is present in the 'rmtree()' function provided by the 'File::Path.pm' module. A successful attack may allow an attacker to gain elevated privileges on a vulnerable computer.

11. Grip CDDB Response Multiple Matches Buffer Overflow Vulnerab...
BugTraq ID: 12770
Remote: Yes
Date Published: Mar 10 2005
Relevant URL: http://www.securityfocus.com/bid/12770
Summary:
A buffer overflow vulnerability exists in Grip. The vulnerability occurs when the software processes a response to a CDDB query that has in excess of 16 matches. For an attacker to exploit this issue, they must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through other means. Successful exploitation will result in execution of arbitrary code. This vulnerability is reported to affect versions 3.1.2 and 3.2.0. It is not known if other versions are also affected.

12. PHPOutsourcing Zorum Multiple Remote Vulnerabilities
BugTraq ID: 12777
Remote: Yes
Date Published: Mar 10 2005
Relevant URL: http://www.securityfocus.com/bid/12777
Summary:
Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. Multiple remote vulnerabilities affect Zorum. These issues are due to a failure of the application to validate access rights and user-supplied input. The issues reported are an HTML injection vulnerability, multiple cross-site scripting vulnerabilities, an SQL injection vulnerability, and an authentication bypass issue. An attacker may leverage these issues to execute script code in an unsuspecting user's browser, to manipulate SQL queries and to bypass authentication requirements.

13. MySQL AB MySQL Multiple Remote Vulnerabilities
BugTraq ID: 12781
Remote: Yes
Date Published: Mar 11 2005
Relevant URL: http://www.securityfocus.com/bid/12781
Summary:
MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The following individual issues are reported: MySQL is reported prone to an insecure temporary file creation vulnerability. Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process. MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database. Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process. Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures. This issue may be exploited to execute arbitrary code in the context of the database process. These issues are reported to exist in MySQL versions prior to MySQL 4.0.24 and 4.1.10a.

Secunia

[SA14597] Mandrake update for cyrus-sasl
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-16
MandrakeSoft has issued an update for cyrus-sasl. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14597/

[SA14574] Gentoo update for libexif
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2005-03-14
Gentoo has issued an update for libexif. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14574/

[SA14572] Gentoo update for xorg-x11
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-14
Gentoo has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14572/

[SA14552] SUSE update for realplayer
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-10
SUSE has issued an update for realplayer. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14552/

[SA14606] Fedora update for sylpheed
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-16
Fedora has issued an update for sylpheed. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14606/

[SA14603] Gentoo update for ringtonetools
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-16
Gentoo has issued an update for ringtonetools. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/14603/

[SA14596] Mandrake update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-16
MandrakeSoft has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14596/

[SA14594] Ubuntu update for kernel
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Privilege escalation, DoS
Released: 2005-03-16
Ubuntu has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited disclose kernel memory, gain
escalated privileges or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14594/

[SA14587] Fedora update for ipsec-tools
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-15
Fedora has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14587/

[SA14586] IPsec-Tools ISAKMP Header Parsing Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-15
A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14586/

[SA14584] KAME Racoon ISAKMP Header Parsing Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-15
Sebastian Krahmer has reported a vulnerability in KAME Racoon, which
can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14584/

[SA14573] Gentoo update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-14
Gentoo has issued an update for ethereal. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14573/

[SA14570] Linux Kernel PPP Server Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-16
Ben Martel and Stephen Blackheath have reported a vulnerability in the
Linux kernel, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/14570/

[SA14598] Mandrake update for openslp
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-03-16
MandrakeSoft has issued an update for openslp. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14598/

[SA14581] SUSE update for openslp
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-03-15
SUSE has issued an update for openslp. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14581/

[SA14561] OpenSLP Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-03-15
SUSE Security Team has reported some vulnerabilities in OpenSLP, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14561/

[SA14593] Ubuntu update for mysql
Critical: Less critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-03-16
Ubuntu has issued an update for mysql. This fixes some vulnerabilities,
which potentially can be exploited by malicious users to compromise a
vulnerable system and by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14593/

[SA14582] Debian luxman Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-15
Debian has issued an update for luxman. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/14582/

[SA14562] rxvt-unicode Terminal Input Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-15
A vulnerability has been reported in rxvt-unicode, which potentially
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14562/

[SA14563] Conectiva update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-15
Conectiva has issued an update for gaim. This fixes three weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14563/

[SA14558] Red Hat update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-11
Red Hat has issued an update for gaim. This fixes three weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14558/

[SA14591] KDE Desktop Communication Protocol Denial of Service Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2005-03-16
Sebastian Krahmer has reported a vulnerability in KDE, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14591/

[SA14600] PHPOpenChat "sourcedir" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-16
Mafia_Boy has reported a vulnerability in PHPOpenChat, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14600/

[SA14577] VoteBox "VoteBoxPath" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-15
SmOk3 has reported a vulnerability in VoteBox, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14577/

[SA14566] holaCMS "vote_filename" Directory Traversal Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-14
Virginity has reported a vulnerability in holaCMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14566/

[SA14559] WEBInsta Limbo "absolute_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-11
Fidel Costa has discovered a vulnerability in WEBInsta Limbo, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14559/

[SA14602] ZPanel "uname" SQL Injection and Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-03-16
Mikhail has reported a vulnerability and a security issue in ZPanel,
which can be exploited by malicious people to conduct SQL injection
attacks and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14602/

[SA14595] Symantec Products Unspecified DNS Cache Poisoning Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Spoofing, Manipulation of data
Released: 2005-03-16
A vulnerability has been reported in various Symantec gateway products,
which can be exploited by malicious people to poison the DNS cache.
Full Advisory:
http://secunia.com/advisories/14595/

[SA14590] paBox "posticon" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-15
Rift has discovered a vulnerability in paBox, which can be exploited by
malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14590/

[SA14583] SimpGB "quote" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-15
Alexander Müller has reported a vulnerability in SimpGB, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14583/

[SA14579] Spinworks Application Server Web Server Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-14
Dr_insane has discovered a vulnerability in Spinworks Application
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/14579/

[SA14578] UBB.threads "Number" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-14
ADZ Security Team has reported a vulnerability in UBB.threads, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14578/

[SA14576] PhotoPost PHP Pro Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of data
Released: 2005-03-14
Igor Franchuk has reported some vulnerabilities in PhotoPost PHP Pro,
which can be exploited to conduct script insertion and SQL injection
attacks, bypass certain security restrictions and manipulate
potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/14576/

[SA14555] LimeWire Gnutella Disclosure of Sensitive Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-15
Kevin Walsh has reported two vulnerabilities in LimeWire, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14555/

[SA14599] phpMyAdmin "_" Wildcard Permissions Security Bypass
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-16
A vulnerability has been reported in phpMyAdmin, which can be exploited
by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14599/

[SA14592] phpPgAds / phpAdsNew "refresh" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-15
Maksymilian Arciemowicz has reported a vulnerability in phpPgAds and
phpAdsNew, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14592/

[SA14589] WebSphere Commerce Private Information Disclosure
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-15
A security issue has been reported in WebSphere Commerce, which may
result in sensitive information being disclosed to malicious people.
Full Advisory:
http://secunia.com/advisories/14589/

[SA14554] Phorum Script Insertion Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-11
Jon Oberheide has reported some vulnerabilities in Phorum, which can be
exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14554/

[SA14588] Cosminexus Server Component Container Tomcat Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-03-15
The vendor has acknowledged a vulnerability in Cosminexus Server
Component Container and Cosminexus Server Component Container for Java,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14588/

[SA14575] MaxDB Web Agent Denial of Service Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-03-15
Some vulnerabilities have been reported in MaxDB, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14575/

[SA14569] Apache Tomcat AJP12 Protocol Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-03-15
Hitachi Incident Response Team has reported a vulnerability in Tomcat,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14569/

[SA14607] Novell iChain miniFTP Server Brute Force Weakness
Critical: Not critical
Where: From remote
Impact: Brute force
Released: 2005-03-16
Francisco Amato has reported a weakness in Novell iChain, which can be
exploited by malicious people to potentially brute force a user's
password.
Full Advisory:
http://secunia.com/advisories/14607/

[SA14568] Mozilla "Save Link Target As..." Status Bar Spoofing Weakness
Critical: Not critical
Where: From remote
Impact: Spoofing
Released: 2005-03-14
bitlance winter has discovered a weakness in Mozilla, which can be
exploited by malicious people to trick users into saving malicious
files by obfuscating URLs.
Full Advisory:
http://secunia.com/advisories/14568/

[SA14567] Thunderbird "Save Link Target As..." Status Bar Spoofing Weakness
Critical: Not critical
Where: From remote
Impact: Spoofing
Released: 2005-03-14
bitlance winter has discovered a weakness in Thunderbird, which can be
exploited by malicious people to trick users into saving malicious
files by obfuscating URLs.
Full Advisory:
http://secunia.com/advisories/14567/

[SA14565] Firefox "Save Link As..." Status Bar Spoofing Weakness
Critical: Not critical
Where: From remote
Impact: Spoofing
Released: 2005-03-14
bitlance winter has discovered a weakness in Firefox, which can be
exploited by malicious people to trick users into saving malicious
files by obfuscating URLs.
Full Advisory:
http://secunia.com/advisories/14565/

[SA14560] Citrix MetaFrame Password Manager Secondary Password Disclosure
Critical: Not critical
Where: From local network
Impact: Security Bypass, Exposure of sensitive information
Released: 2005-03-16
A security issue has been reported in MetaFrame Password Manager, which
can be exploited by malicious users to gain knowledge of potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/14560/

Linux Advisory Watch

Distribution: Conectiva

* Conectiva: gaim Fixes for gaim's vulnerabilities
14th, March, 2005
Gaim[1] is a multi-protocol instant messaging (IM) client.
This announcement fixes three denial of service vulnerabilities that
were encountered in Gaim.
http://www.linuxsecurity.com/content/view/118571

* Conectiva: kdenetwork Fix for kppp vulnerability
16th, March, 2005
kppp[1] is the KDE[2] internet dialer. This announcement fixes a
privileged file descriptors leak vulnerability[3,4] which could
allow local attackers to hijack a system's domain name
resolution function.
http://www.linuxsecurity.com/content/view/118617

Distribution: Debian

* Debian: New squirrelmail package fixes regression
14th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118572

* Debian: New luxman packages fix local root exploit
14th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118574

Distribution: Fedora

* Fedora Core 3 Update: hwbrowser-0.20-0.fc3.1
11th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118553

* Fedora Core 3 Update: at-3.1.8-68_FC3
11th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118554

* Fedora Core 3 Update: bind-9.2.5-1
11th, March, 2005
Upgraded to ISC BIND 9.2.5 (final release) o Added libbind man-pages
(see 'man libbind-resolver', 'man libbind-irs.conf') o Fixed libbind
h_errno handling (bug 150288)
http://www.linuxsecurity.com/content/view/118555

* Fedora Core 2 Update: openoffice.org-1.1.3-9.4.0.fc2
14th, March, 2005
This update makes the Fedora Core 2 version of OpenOffice.org
equivalent to the version in Fedora Core 3.
http://www.linuxsecurity.com/content/view/118575

* Fedora Core 3 Update: openoffice.org-1.1.3-9.5.0.fc3
14th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118576

* Fedora Core 3 Update: NetworkManager-0.3.4-1.1.0.fc3
14th, March, 2005
Many fixes. Check the changelog for details.
http://www.linuxsecurity.com/content/view/118577

* Fedora Core 3 Update: at-3.1.8-68_FC3
14th, March, 2005
Added check in at(1) to verify if atd PAM authentication will
succeed; Job submission will be denied if atd PAM authentication
fails.
http://www.linuxsecurity.com/content/view/118578

* Fedora Core 2 Update: ipsec-tools-0.5-2.fc2
14th, March, 2005
This update fixes a potential DoS in parsing ISAKMP headers in
racoon. (CAN-2005-0398)
http://www.linuxsecurity.com/content/view/118585

* Fedora Core 3 Update: ipsec-tools-0.5-2.fc3
14th, March, 2005
This update fixes a potential DoS in parsing ISAKMP headers in
racoon. (CAN-2005-0398)
http://www.linuxsecurity.com/content/view/118586

* Fedora Core 3 Update: sylpheed-1.0.3-0.FC3
15th, March, 2005
Updated pacakge.
http://www.linuxsecurity.com/content/view/118593

* Fedora Core 3 Update: koffice-1.3.5-0.FC3.2
15th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118594

* Fedora Core 3 Update: qt-3.3.4-0.fc3.0
15th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118595

* Fedora Core 3 Update: ImageMagick-6.0.7.1-5.fc3
15th, March, 2005
The updated packages fix a bug which could cause segfaults when
writing TIFF images to the standard output.
http://www.linuxsecurity.com/content/view/118598

* Fedora Core 3 Update: ethereal-0.10.10-1.FC3.1
16th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118612

* Fedora Core 2 Update: ethereal-0.10.10-1.FC2.1
16th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118613

* Fedora Core 3 Update: system-config-samba-1.2.28-0.fc3.1
16th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118614

* Fedora Core 3 Update: kdenetwork-3.3.1-3
16th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118615

* Fedora Core 3 Update: udev-039-10.FC3.7
16th, March, 2005
Fixed DRI permissions and SCSI hotplug replay in start_udev.
http://www.linuxsecurity.com/content/view/118616

Distribution: Gentoo

* Gentoo: X.org libXpm vulnerability
12th, March, 2005
A new vulnerability has been discovered in libXpm, which is included
in X.org, that can potentially lead to remote code execution.
http://www.linuxsecurity.com/content/view/118556

* Gentoo: Ethereal Multiple vulnerabilities
12th, March, 2005
Multiple vulnerabilities exist in Ethereal, which may allow an
attacker to run arbitrary code or crash the program.
http://www.linuxsecurity.com/content/view/118557

* Gentoo: libexif Buffer overflow vulnerability
12th, March, 2005
libexif fails to validate certain inputs, making it vulnerable to
buffer overflows.
http://www.linuxsecurity.com/content/view/118558

* Gentoo: Ringtone Tools Buffer overflow vulnerability
15th, March, 2005
The Ringtone Tools utilities contain a buffer overflow vulnerability,
potentially leading to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118591

* Gentoo: Perl rmtree and DBI tmpfile vulnerabilities
15th, March, 2005
The rmtree race conditions were only partly fixed in the original
GLSA. New versions of dev-lang/perl have been released to address the
remaining issues (CAN-2005-0448). The updated sections appear below.
http://www.linuxsecurity.com/content/view/118592

* Gentoo: Ringtone Tools Buffer overflow vulnerability
15th, March, 2005
The Ringtone Tools utilities contain a buffer overflow vulnerability,
potentially leading to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118597

* Gentoo: MySQL Multiple vulnerabilities
16th, March, 2005
MySQL contains several vulnerabilities potentially leading to the
overwriting of local files or to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118610

* Gentoo: curl NTLM response buffer overflow
16th, March, 2005
curl is vulnerable to a buffer overflow which could lead to the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118611

Distribution: Mandrake

* Mandrake: Updated lvm2 packages fix
14th, March, 2005
A bug in the lvm2 packages caused it to recurse symlinked directories
indefinitely which caused lvm commands to be really slow or timeout.
A patch has been applied to correct this problem.
http://www.linuxsecurity.com/content/view/118587

* Mandrake: Updated cyrus-sasl packages
15th, March, 2005
A buffer overflow was discovered in cyrus-sasl's digestmd5 code.
This could lead to a remote attacker executing code in the context of
the service using SASL authentication. This vulnerability was fixed
upstream in version 2.1.19. The updated packages are patched to deal
with this issue.
http://www.linuxsecurity.com/content/view/118599

* Mandrake: Updated gnupg packages fix
15th, March, 2005
The OpenPGP protocol is vulnerable to a timing-attack in order to
gain plain text from cipher text. The timing difference appears as a
side effect of the so-called "quick scan" and is only exploitable on
systems that accept an arbitrary amount of cipher text for automatic
decryption.
http://www.linuxsecurity.com/content/view/118600

* Mandrake: Updated ethereal packages
15th, March, 2005
A number of issues were discovered in Ethereal versions prior to
0.10.10, which is provided by this update.
http://www.linuxsecurity.com/content/view/118601

* Mandrake: Updated openslp packages fix
15th, March, 2005
An audit by the SUSE Security Team of critical parts of the OpenSLP
package revealed various buffer overflow and out of bounds memory
access issues. These problems can be triggered by remote attackers
by sending malformed SLP packets. The packages have been patched
to prevent these problems.
http://www.linuxsecurity.com/content/view/118602

* Mandrake: Updated evolution packages
16th, March, 2005
It was discovered that certain types of messages could be used to
crash the Evolution mail client. Fixes have been applied to correct
this behaviour.
http://www.linuxsecurity.com/content/view/118618

* Mandrake: Updated kdelibs packages fix
16th, March, 2005
A vulnerability in dcopserver was discovered by Sebastian Krahmer of
the SUSE security team. A local user can lock up the dcopserver of
other users on the same machine by stalling the DCOP authentication
process, causing a local Denial of Service.
http://www.linuxsecurity.com/content/view/118619

Distribution: Red Hat

* RedHat: Important: gaim security update
10th, March, 2005
An updated gaim package that fixes various security issues as well as
a number of bugs is now available. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118548

* RedHat: Moderate: tetex security update
16th, March, 2005
Updated tetex packages that resolve security issues are now available
for Red Hat Enterprise Linux 4. This update has been rated as
having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/118607

* RedHat: Low: postfix security update
16th, March, 2005
Updated postfix packages that include a security fix and two other
bug fixes are now available for Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the
Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118608

* RedHat: Moderate: squid security update
16th, March, 2005
An updated squid package that fixes a denial of service issue is now
available for Red Hat Enterprise Linux 4. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/118609

Distribution: SuSE

* SuSE: openslp (SUSE-SA:2005:015)
14th, March, 2005
The SUSE Security Team reviewed critical parts of the OpenSLP
package, an open source implementation of the Service Location
Protocol (SLP).
http://www.linuxsecurity.com/content/view/118573

* SuSE: multiple Mozilla Firefox
16th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118606