Sep 14th 2004
21 of 40 issues handled (SF)
1. Engenio Storage Controller Remote Denial Of Service Vulnerab...
6. OpenCA HTML Injection Vulnerability
7. Fujitsu-Siemens ServerView Insecure Permissions Vulnerabilit...
8. Multi Gnome Terminal Information Leak Vulnerability
11. Oracle Database 9i SQL Command Buffer Overflow Vulnerability
12. MPG123 Remote Stereo Boundary Buffer Overflow Vulnerability
13. Webmin / Usermin HTML Email Command Execution Vulnerability
14. gnubiff Multiple Remote POP3 Protocol Vulnerabilities
15. PSnews No Parameter Cross-Site Scripting Vulnerability
16. Net-Acct Symbolic Link Vulnerability
17. UtilMind Solutions Site News Authentication Bypass Vulnerabi...
18. Tutti Nova Multiple Unspecified Vulnerabilities
21. PHPGroupWare Wiki Cross-Site Scripting Vulnerability
22. SAFE TEAM Regulus Staffile Information Disclosure Vulnerabil...
23. SAFE TEAM Regulus Custchoice.PHP Update Your Password Action...
24. SAFE TEAM Regulus Customer Statistics Information Disclosure...
27. OpenLDAP Ambiguous Password Attribute Weakness
32. Ulrik Petersen Emdros Database Engine Denial Of Service Vuln...
37. PostNuke Modules Factory Subjects Module SQL Injection Vulne...
38. GetSolutions GetIntranet Multiple Remote Input Validation Vu...
40. OpenOffice/StarOffice Local File Disclosure Vulnerability

Sep 16th 2004
29 issues handled (SN)
GTK+ Multiple Image Decoding Vulnerabilities
GdkPixbuf Multiple Image Decoding Vulnerabilities
Red Hat update for imlib
Gentoo update for Webmin / Usermin
Conectiva update for krb5
Fedora update for imlib
Red Hat update for mc
Mandrake update for squid
Conectiva update for kde
ripMIME MIME Decoding Vulnerabilities
Regulus Multiple Vulnerabilities
Red Hat update for httpd
Mandrake update for apache2
Gentoo update for SUS
GNU Radius SNMP String Length Denial of Service
Fedora update for samba
Gentoo update for samba
Samba Denial of Service Vulnerabilities
Squid "clientAbortBody()" Denial of Service Vulnerability
Red Hat update for openoffice.org
Debian update for webmin
Gentoo update for cdrtools
SUS Logging Format String Vulnerability
Fedora update for cdrtools
Mozilla Multiple Vulnerabilities
Apache apr-util Library and Environment Variable Expansion
vBulletin "x_invoice_num" SQL Injection Vulnerability
Apache "mod_dav" LOCK Request Denial of Service
Lexar JumpDrive Secure Password Disclosure Security Issue

SecurityFocus


1. Engenio Storage Controller Remote Denial Of Service Vulnerab...
BugTraq ID: 11108
Remote: Yes
Date Published: Sep 04 2004
Relevant URL: http://www.securityfocus.com/bid/11108
Summary:
It is reported that hardware based on Engenio Storage Controllers are prone to a remote denial of service vulnerability. This could also result reportedly result in unrecoverable corruption of data.

Affected hardware includes Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches. Other devices may be affected such as other Storagetek and IBM FastT storage controllers, SGI, and Teradata storage controllers though this has not confirmed. The problem may exist in the underlying vxWorks operating system though this has also not been confirmed.

6. OpenCA HTML Injection Vulnerability
BugTraq ID: 11113
Remote: Yes
Date Published: Sep 06 2004
Relevant URL: http://www.securityfocus.com/bid/11113
Summary:
It has been reported that OpenCA is vulnerable to a HTML injection attack due to inadequate validation / filtering of user input into a web form frontend. The vulnerability is present in the OpenCA PKI software. According to the report, malicious user-data containing embedded HTML will persist in the system after it is injected.

7. Fujitsu-Siemens ServerView Insecure Permissions Vulnerabilit...
BugTraq ID: 11114
Remote: No
Date Published: Sep 06 2004
Relevant URL: http://www.securityfocus.com/bid/11114
Summary:
It has been reported that local, unprivileged users may corrupt the SNMP MIB and, possibly, other sensitive system components. This is reportedly due to insecure permissions set on file "/usr/share/snmp/mibs/.index", which specifies the location of files used to build the MIB tree.

8. Multi Gnome Terminal Information Leak Vulnerability
BugTraq ID: 11117
Remote: No
Date Published: Sep 06 2004
Relevant URL: http://www.securityfocus.com/bid/11117
Summary:
It has been reported that Multi Gnome Terminal may output active user keystrokes to a file that is potentially world readable. According to the report, Gnome Multi Terminal "has been known to" (i.e. under some circumstances, which are unclear at this time) write keystroke data to ~/.xsession-errors. As this file can be world readable, this may result in a leak of confidential information to other local users.

11. Oracle Database 9i SQL Command Buffer Overflow Vulnerability
BugTraq ID: 11120
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11120
Summary:
This issue corresponds to one of the unspecified vulnerabilities mentioned in BID 10871 (Oracle Multiple Unspecified Vulnerabilities) and addressed by Oracle Alert #68. The issue is being assigned its own BID due to the release of specific technical information.

Reportedly Oracle Database 9i is affected by an SQL command buffer overflow vulnerability. This issue is due to a failure of the application to properly verify user-supplied string lengths prior to copying them into finite process buffers.

Successful exploitation of this issue would allow a malicious user to manipulate the memory of the affected database process. This issue will ultimately facilitate arbitrary code execution with the privileges of the affected process.

12. MPG123 Remote Stereo Boundary Buffer Overflow Vulnerability
BugTraq ID: 11121
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11121
Summary:
Reportedly mpg123 is affected by a remote stereo boundary buffer overflow vulnerability. This issue is due to a failure of the application to properly validate user-supplied string sizes prior to copying them into process buffers.

This issue will allow a malicious user to manipulate process memory ultimately leading to arbitrary code execution in the context of the user that started the vulnerable application.

13. Webmin / Usermin HTML Email Command Execution Vulnerability
BugTraq ID: 11122
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11122
Summary:
Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is due to a failure to sanitize HTML email messages and may allow an attacker to execute arbitrary commands on a vulnerable computer.

This issue is reported to affect Usermin versions 1.080 and prior.

14. gnubiff Multiple Remote POP3 Protocol Vulnerabilities
BugTraq ID: 11123
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11123
Summary:
Reportedly gnubiff is affected by multiple pop3 protocol vulnerabilities. The first issue is due to a design error in the pop3 protocol implementation that causes the application the crash. The second issue is a buffer overflow in the pop3 implementation.

An attacker might leverage these issues to cause the affected application to crash and to manipulate process memory ultimately facilitating arbitrary code execution.

15. PSnews No Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 11124
Remote: Yes
Date Published: Sep 05 2004
Relevant URL: http://www.securityfocus.com/bid/11124
Summary:
PSnews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

This vulnerability is reported to exist in version 1.1 of PSnews.

16. Net-Acct Symbolic Link Vulnerability
BugTraq ID: 11125
Remote: No
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11125
Summary:
Net-Acct is reportedly affected by a symbolic link vulnerability. This issue is due to a design error that fails to properly verify files prior to writing to them.

This issue will allow an attacker to overwrite arbitrary files. Reportedly, this issue could be leveraged to facilitate privilege escalation.

17. UtilMind Solutions Site News Authentication Bypass Vulnerabi...
BugTraq ID: 11126
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11126
Summary:
Reportedly UtilMind Solutions Site News is affected by an authentication bypass vulnerability. This issue is due to an access validation error.

An unauthenticated attacker can leverage this issue to display and manipulate arbitrary news items.

18. Tutti Nova Multiple Unspecified Vulnerabilities
BugTraq ID: 11127
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11127
Summary:
Tutti Nova is reported prone to multiple unspecified vulnerabilities. Because these issues are related to a fix that unsets all global variables during initialization, it is conjectured that these issues may be of a remote script include nature, this is not confirmed.

Further details regarding these vulnerabilities is not available at this time. This BID will be updated, as further details are made available.

21. PHPGroupWare Wiki Cross-Site Scripting Vulnerability
BugTraq ID: 11130
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11130
Summary:
It is reported that PHPGroupWare is affected by a cross-site scripting vulnerability in its wiki application. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

This vulnerability is reported to exist in versions prior to 0.9.16.003 of PHPGroupWare.

22. SAFE TEAM Regulus Staffile Information Disclosure Vulnerabil...
BugTraq ID: 11132
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11132
Summary:
SAFE TEAM Regulus is reported prone to an information disclosure vulnerability. It is reported that any user may make a request for the Regulus 'staffile' file hosted on a target server. This file contains a list of Regulus 'staff' users and their corresponding password hashes.

An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software.

23. SAFE TEAM Regulus Custchoice.PHP Update Your Password Action...
BugTraq ID: 11133
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11133
Summary:
Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. =20

An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software.

This vulnerability is reported to affect all versions of SAFE TEAM Regulus.

24. SAFE TEAM Regulus Customer Statistics Information Disclosure...
BugTraq ID: 11134
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11134
Summary:
Regulus is reported prone to an information disclosure vulnerability. It is reported that it is possible to view a target users connection statistics without requiring valid credentials.

An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software.

This vulnerability is reported to affect all versions of SAFE TEAM Regulus.

27. OpenLDAP Ambiguous Password Attribute Weakness
BugTraq ID: 11137
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11137
Summary:
It is reported that in certain undisclosed cases, OpenLDAP is susceptible to an ambiguous password attribute weakness.

If an attacker is able to retrieve a password hash as contained in the OpenLDAP database, they are possibly able to directly authenticate to the LDAP database. An attacker is able to gain unauthorized access if they can sniff password hashes from the network, or retrieve the contents of the 'userPassword' attribute from a database backup, or through weak permissions on the database.

The OpenLDAP that is included with Apple Mac OS X, versions 10.3.4 and 10.3.5 is reported to be affected. Versions of OpenLDAP included in other operating systems are also possibly affected.

32. Ulrik Petersen Emdros Database Engine Denial Of Service Vuln...
BugTraq ID: 11143
Remote: Yes
Date Published: Sep 08 2004
Relevant URL: http://www.securityfocus.com/bid/11143
Summary:
It is reported that Emdros is prone to a denial of service vulnerability, due to a memory leak while running as a daemon.

This vulnerability is present in the 'mql' process. This process contains a memory leak, and if it is run as a daemon, a remote attacker has the ability to consume all available memory until the process crashes.

Versions prior to 1.1.20 are reported susceptible to this vulnerability.

37. PostNuke Modules Factory Subjects Module SQL Injection Vulne...
BugTraq ID: 11148
Remote: Yes
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11148
Summary:
Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameters.

An attacker might exploit this issue to manipulate SQL queries carried out against the database; it may be possible to disclose sensitive information such as the administrator password hash, as well as corrupt arbitrary data. SQL injection issues may also facilitate attacks against latent vulnerabilities in the underlying database.

38. GetSolutions GetIntranet Multiple Remote Input Validation Vu...
BugTraq ID: 11149
Remote: Yes
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11149
Summary:
Reportedly getSolutions getIntranet is affected by multiple remote input validation vulnerabilities. These issues are caused by a failure of the application to properly sanitize user-supplied input.

These issues may be leveraged to carry out SQL injection attacks, HTML injection attacks, arbitrary file uploads, privilege escalation, command execution in the context of the vulnerable application, and command execution in the context of the affected system.

40. OpenOffice/StarOffice Local File Disclosure Vulnerability
BugTraq ID: 11151
Remote: No
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11151
Summary:
StarOffice and OpenOffice are reported prone to a local file disclosure vulnerability. This issue presents itself because the application creates insecure temporary files. Each time a user saves a file, a compressed copy of the file is saved in a temporary direcotry. This can allow a local attacker to disclose files of other users.

OpenOffice 1.1.2 and StarOffice 7.0 are reported prone to this vulnerability.

Secunia


[SA12548] GTK+ Multiple Image Decoding Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-16

Multiple vulnerabilities have been reported in GTK+, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12548/

[SA12542] GdkPixbuf Multiple Image Decoding Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-16

Multiple vulnerabilities have been reported in GdkPixBuf, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12542/

[SA12539] Red Hat update for imlib

Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2004-09-15

Red Hat has issued an update for imlib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12539/

[SA12505] Gentoo update for Webmin / Usermin

Critical: Highly critical
Where: From remote
Impact: Unknown, System access
Released: 2004-09-13

Gentoo has issued updates for Webmin / Usermin. These fix two
vulnerabilities, where the most critical can be exploited by malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12505/

[SA12503] Conectiva update for krb5

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-10

Conectiva has issued an update for krb5. This fixes multiple
vulnerabilities, where the most critical potentially can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12503/

[SA12502] Fedora update for imlib

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-10

Fedora has issued an update for imlib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12502/

[SA12544] Red Hat update for mc

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-09-15

Red Hat has issued an update for mc. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/12544/

[SA12536] Mandrake update for squid

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-09-15

MandrakeSoft has issued an update for squid. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12536/

[SA12521] Conectiva update for kde

Critical: Moderately critical
Where: From remote
Impact: Hijacking, Spoofing, Privilege escalation
Released: 2004-09-14

Conectiva has issued an update for kde. This fixes multiple
vulnerabilities, which can be exploited to perform certain actions on a
vulnerable system with escalated privileges, spoof the content of
websites, or hijack sessions.

Full Advisory:
http://secunia.com/advisories/12521/

[SA12515] ripMIME MIME Decoding Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-09-15

The vendor has acknowledged some vulnerabilities in ripMIME, which
potentially can be exploited by malicious people to bypass filters.

Full Advisory:
http://secunia.com/advisories/12515/

[SA12513] Regulus Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2004-09-14

masud_libra has reported some vulnerabilities in Regulus, which can be
exploited by malicious people to access sensitive information or bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12513/

[SA12547] Red Hat update for httpd

Critical: Less critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2004-09-15

Red Hat has issued an update for httpd. This fixes multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/12547/

[SA12541] Mandrake update for apache2

Critical: Less critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2004-09-15

MandrakeSoft has issued an update for apache2. This fixes multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/12541/

[SA12534] Gentoo update for SUS

Critical: Less critical
Where: From remote
Impact: Privilege escalation
Released: 2004-09-15

Gentoo has issued an update for SUS. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/12534/

[SA12552] GNU Radius SNMP String Length Denial of Service
Vulnerability

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-15

A vulnerability has been reported in GNU Radius, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12552/

[SA12518] Fedora update for samba

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-14

Fedora has issued an update for samba. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12518/

[SA12517] Gentoo update for samba

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-14

Gentoo has issued an update for samba. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12517/

[SA12516] Samba Denial of Service Vulnerabilities

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-14

Two vulnerabilities have been reported in Samba, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12516/

[SA12508] Squid "clientAbortBody()" Denial of Service Vulnerability

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-13

M.A.Young has reported a vulnerability in Squid, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12508/

[SA12546] Red Hat update for openoffice.org

Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-09-15

Red Hat has issued an update for openoffice.org. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/12546/

[SA12537] Debian update for webmin

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-15

Debian has issued an update for webmin. This fixes a vulnerability,
which potentially can be exploited by malicious people to perform
certain actions on a system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/12537/

[SA12532] Gentoo update for cdrtools

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-15

Gentoo has issued an update for cdrtools. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/12532/

[SA12530] SUS Logging Format String Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-15

Leon Juranic has reported a vulnerability in SUS, allowing malicious
users to escalate their privileges.

Full Advisory:
http://secunia.com/advisories/12530/

[SA12501] Fedora update for cdrtools

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-10

Fedora has issued an update for cdrtools. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12501/


[SA12526] Mozilla Multiple Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2004-09-14

Details have been released about several vulnerabilities in Mozilla,
Mozilla Firefox, and Thunderbird. These can potentially be exploited by
malicious people to conduct cross-site scripting attacks, access and
modify sensitive information, and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12526/


[SA12540] Apache apr-util Library and Environment Variable Expansion
Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2004-09-15

Two vulnerabilities have been reported in Apache, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a system, or by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/12540/

[SA12531] vBulletin "x_invoice_num" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-09-15

al3ndaleeb has reported a vulnerability in vBulletin, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/12531/


[SA12527] Apache "mod_dav" LOCK Request Denial of Service
Vulnerability

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-09-14

A vulnerability has been reported in Apache, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12527/

[SA12522] Lexar JumpDrive Secure Password Disclosure Security Issue

Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-09-14

@stake has reported a security issue in Lexar Lexar JumpDrive Secure,
which can be exploited by malicious people to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/12522/