|
LQ Security Report - April 18th 2005
April 12th 2005
27 issues handled (SF) 1. Remstats Local Insecure Temporary File Creation Vulnerabilit... 2. Remstats Remote Command Execution Vulnerability 3. GNU Sharutils Unshar Local Insecure Temporary File Creation ... 4. PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities 5. Linux Kernel Asynchronous Input/Output Local Denial Of Servi... 6. IBM iSeries AS400 LDAP Server Remote Information Disclosure ... 7. GNU GZip CHMod File Permission Modification Race Condition W... 8. Gaim Gaim_Markup_Strip_HTML Remote Denial Of Service Vulnera... 9. CommuniGate Pro LIST Unspecified Denial of Service Vulnerabi... 10. Gaim IRC Protocol Plug-in Markup Language Injection Vulnerab... 11. Gaim Jabber File Request Remote Denial Of Service Vulnerabil... 12. PHP-Nuke Your_Account Module Username Cross-Site Scripting V... 13. PHP-Nuke Your_Account Module Avatarcategory Cross-Site Scrip... 14. PHP-Nuke Downloads Module Lid Parameter Cross-Site Scripting... 15. Vixie Cron Crontab File Disclosure Vulnerability 16. PHP-Nuke Web_Links Module Multiple Cross-Site Scripting Vuln... 17. PHP-Nuke Banners.PHP Cross-Site Scripting Vulnerability 18. PHP-Nuke Top Module SQL Injection Vulnerability 19. SurgeFTP LEAK Command Denial of Service Vulnerability 20. PHP-Nuke Web_Links Module Multiple SQL Injection Vulnerabili... 21. Axel HTTP Redirection Buffer Overflow Vulnerability 22. Macromedia ColdFusion MX Updater Remote File Disclosure Vuln... 23. PHP-Nuke Downloads Module Multiple SQL Injection Vulnerabili... 24. SUSE Netapplet Unspecified Local Privilege Escalation Vulner... 25. SUSE Tetex tmp File Existence Disclosure Vulnerability 26. PostNuke Phoenix OP Parameter Remote Cross-Site Scripting Vu... 27. PostNuke Phoenix Module Parameter Remote Cross-Site Scriptin... April 14th 2005 63 issues handled (SN) [SA14949] Red Hat update for kdegraphics [SA14922] Microsoft Internet Explorer Multiple Vulnerabilities [SA14914] SUSE update for kdelibs3 [SA14908] KDE kdelibs PCX Image Buffer Overflow Vulnerability [SA14900] SUSE Updates for Multiple Packages [SA14893] UnixWare update for libtiff [SA14963] Fedora update for openoffice [SA14939] Debian update for axel [SA14933] Gentoo update for axel [SA14907] UnixWare update for telnet [SA14897] Access_user Class Undocumented Default Password [SA14873] Camino JavaScript Engine Information Disclosure Vulnerability [SA14951] Gentoo update for gld [SA14948] Red Hat update for dhcp [SA14941] Gld Multiple Vulnerabilities [SA14891] UnixWare CDE dtlogin XDMCP Parsing Vulnerability [SA14946] AIX Various Communication Protocol Security Issues [SA14945] Sun Solaris ICMP Message Handling Denial of Service [SA14925] KDE KMail User Interface Spoofing Vulnerability [SA14911] Gentoo update for phpmyadmin [SA14898] FirstClass Client Bookmark Files Can Launch Local Programs [SA14895] Fedora update for gftp [SA14877] Gentoo update for gnome-vfs/libcdaudio [SA14936] Debian update for mysql [SA14872] Mandrake update for mysql [SA14863] Ubuntu update for mysql-server [SA14956] Gentoo update for rsnapshot [SA14926] Ubuntu update for kernel Part 2 [SA14903] portupgrade Insecure Temporary File Creation Vulnerability [SA14894] UnixWare update for cdrecord [SA14892] OpenServer auditsh/atcronsh/termsh Buffer Overflow Vulnerabilities [SA14878] rsnapshot "copy_symlink()" Privilege Escalation Vulnerability [SA14876] OpenServer update for cscope [SA14875] SGI IRIX gr_osview Privilege Escalation and Information Disclosure [SA14952] Mandrake update for gaim [SA14947] Red Hat update for gaim [SA14886] Mandrake update for gtk+2.0 [SA14885] Mandrake update for gdk-pixbuf [SA14899] Pine rpdump File Creation Race Condition Vulnerability [SA14887] Mandrake update for sharutils [SA14883] Red Hat vixie-cron Exposure of Arbitrary Cron Files [SA14862] Fedora Core vixie-cron Exposure of Arbitrary Cron Files [SA14916] DokuWiki File Upload Vulnerability [SA14890] ModernBill Cross-Site Scripting and File Inclusion Vulnerabilities [SA14935] Oracle Products Multiple Unspecified Vulnerabilities [SA14929] Mambo zOOm Media Gallery Module "catid" SQL Injection [SA14919] jPortal Banner Module SQL Injection Vulnerability [SA14913] aeDating Multiple Vulnerabilities [SA14912] OpenOffice ".doc" Document Handling Buffer Overflow [SA14906] RadBids Gold Multiple Vulnerabilities [SA14888] SurgeFTP "LEAK" Command Denial of Service Vulnerability [SA14882] PunBB SQL Injection and Cross-Site Scripting Vulnerabilities [SA14881] Macromedia ColdFusion MX Exposure of Class Files [SA14869] Runcms / exoops Arbitrary File Upload Vulnerability [SA14866] PHP-Nuke Multiple SQL Injection Vulnerabilities [SA14934] Veritas i3 FocalPoint Server Unspecified Vulnerability [SA14940] eGroupWare Exposure of Mail Attachments [SA14924] Pinnacle Cart "pg" Cross-Site Scripting Vulnerability [SA14902] Sun Java JDK/SDK Jar Directory Traversal Vulnerability [SA14884] TowerBlog Exposure of Sensitive Information [SA14868] PostNuke Cross-Site Scripting and SQL Injection Vulnerabilities [SA14867] CubeCart "language" PHP Script Inclusion Vulnerability [SA14865] HP OpenView Network Node Manager Unspecified Denial of Service April 15 2005 19 issues handled over 6 distros (LAW) axel gftp wireless-tools glibc-2.3.5 selinux-policy-targeted kernel autofs gcc GnomeVFS/libcdaudio smarty phpMyAdmin shorewall gtk+2.0 sharutils gdk-pixbuf dhcp kdegraphics gaim KDE |
April 12th 2005 (SF)
Security Focus
1. Remstats Local Insecure Temporary File Creation Vulnerabilit... BugTraq ID: 12979 Remote: No Date Published: Apr 04 2005 Relevant URL: http://www.securityfocus.com/bid/12979 Summary: A local insecure file creation vulnerability affects Remstats. This issue is due to a design error that causes a file to be insecurely opened or created and subsequently written to. An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the affected application. 2. Remstats Remote Command Execution Vulnerability BugTraq ID: 12980 Remote: Yes Date Published: Apr 04 2005 Relevant URL: http://www.securityfocus.com/bid/12980 Summary: A remote command execution vulnerability affects Remstats. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. An attacker may leverage this issue to execute arbitrary commands with the privileges of the unsuspecting users that activated the affected application. 3. GNU Sharutils Unshar Local Insecure Temporary File Creation ... BugTraq ID: 12981 Remote: No Date Published: Apr 04 2005 Relevant URL: http://www.securityfocus.com/bid/12981 Summary: A local insecure temporary file creation vulnerability affects the GNU Sharutils 'unshar' utility. This issue is due to a design error that causes a file to be insecurely opened or created and subsequently written to. An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the affected application. 4. PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities BugTraq ID: 12983 Remote: Yes Date Published: Apr 03 2005 Relevant URL: http://www.securityfocus.com/bid/12983 Summary: PHPNuke is reported prone to multiple cross-site scripting vulnerabilities affecting various modules. The affected modules include 'Search', 'FAQ', and 'Encyclopedia'. The 'banners.php' script is also affected. An attacker can exploit these issues by creating a malicious link containing HTML and script code and send this link to a vulnerable user. This can allow for theft of cookie-based authentication credentials and other attacks. PHPNuke 7.6 and prior versions are reportedly affected by these issues. 5. Linux Kernel Asynchronous Input/Output Local Denial Of Servi... BugTraq ID: 12987 Remote: No Date Published: Apr 04 2005 Relevant URL: http://www.securityfocus.com/bid/12987 Summary: A local denial of service vulnerability affects the Linux kernel. This issue arises due to a failure of the application to properly manage input/output resources. A local attacker may leverage this issue to cause an affected Linux kernel to panic, effectively denying service to legitimate users. 6. IBM iSeries AS400 LDAP Server Remote Information Disclosure ... BugTraq ID: 12991 Remote: Yes Date Published: Apr 04 2005 Relevant URL: http://www.securityfocus.com/bid/12991 Summary: A remote information disclosure issue affects IBM iSeries AS400 LDAP Server. This issue is due to a failure of the application to properly secure sensitive information. An authenticated attacker may leverage this issue to disclose user names and account information of users in their group. This may facilitate further attacks against the affected server. 7. GNU GZip CHMod File Permission Modification Race Condition W... BugTraq ID: 12996 Remote: No Date Published: Apr 05 2005 Relevant URL: http://www.securityfocus.com/bid/12996 Summary: gzip is reported prone to a security weakness; the issue is only present when an archive is extracted into a world or group writeable directory. It is reported that gzip employs non-atomic procedures to write a file and later change the permissions on the newly extracted file. A local attacker may leverage this issue to modify file permissions of target files. This weakness is reported to affect gzip versions 1.2.4 and 1.3.3 and previous versions. 8. Gaim Gaim_Markup_Strip_HTML Remote Denial Of Service Vulnera... BugTraq ID: 12999 Remote: Yes Date Published: Apr 05 2005 Relevant URL: http://www.securityfocus.com/bid/12999 Summary: Gaim is reported prone to a remote denial of service vulnerability. The issue manifests when the Gaim client handles a malformed HTML string triggering an out-of-bounds read operation. A remote attacker may exploit this vulnerability to deny service for legitimate users. This vulnerability is reported to affect Gaim version 1.2.0 and previous versions. 9. CommuniGate Pro LIST Unspecified Denial of Service Vulnerabi... BugTraq ID: 13001 Remote: Yes Date Published: Apr 05 2005 Relevant URL: http://www.securityfocus.com/bid/13001 Summary: CommuniGate Pro is prone to a denial of service when multipart messages are sent to a list. Successful exploitation could cause the server to crash. 10. Gaim IRC Protocol Plug-in Markup Language Injection Vulnerab... BugTraq ID: 13003 Remote: Yes Date Published: Apr 05 2005 Relevant URL: http://www.securityfocus.com/bid/13003 Summary: Gaim IRC protocol plug-in is reported prone to an input validation vulnerability. The issue is reported to exist due to a lack of sufficient sanitization performed on 'irc_msg' data. A remote attacker may exploit this vulnerability to execute arbitrary Gaim and Pango Markup language in the context of the user that is running the affected software. This vulnerability is reported to affect Gaim version 1.2.0 and previous versions 11. Gaim Jabber File Request Remote Denial Of Service Vulnerabil... BugTraq ID: 13004 Remote: Yes Date Published: Apr 05 2005 Relevant URL: http://www.securityfocus.com/bid/13004 Summary: Gaim is reported prone to a remote denial of service vulnerability. The issue manifests when the Gaim client handles an unspecified Jabber file transfer request, triggering an out-of-bounds read operation. A remote attacker may exploit this vulnerability to deny service for legitimate users. This vulnerability is reported to affect Gaim version 1.2.0 and previous versions. 12. PHP-Nuke Your_Account Module Username Cross-Site Scripting V... BugTraq ID: 13007 Remote: Yes Date Published: Apr 05 2005 Relevant URL: http://www.securityfocus.com/bid/13007 Summary: It is reported that the PHP-Nuke 'Your_Account' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious HTML and script code is sent to the application through the 'username' parameter of the 'Your_Account' module. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. This vulnerability is reported to affect PHP-Nuke version 7.6 and previous versions. 13. PHP-Nuke Your_Account Module Avatarcategory Cross-Site Scrip... BugTraq ID: 13010 Remote: Yes Date Published: Apr 05 2005 Relevant URL: http://www.securityfocus.com/bid/13010 Summary: It is reported that the PHP-Nuke 'Your_Account' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious HTML and script code is sent to the application through the 'Avatarcategory' parameter of the 'Your_Account' module. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. This vulnerability is reported to affect PHP-Nuke version 7.6 and previous versions. 14. PHP-Nuke Downloads Module Lid Parameter Cross-Site Scripting... BugTraq ID: 13011 Remote: Yes Date Published: Apr 05 2005 Relevant URL: http://www.securityfocus.com/bid/13011 Summary: It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious HTML and script code is sent to the application through the 'Downloads' module. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. This vulnerability is reported to affect PHP-Nuke version 7.6 and previous versions. 15. Vixie Cron Crontab File Disclosure Vulnerability BugTraq ID: 13024 Remote: No Date Published: Apr 06 2005 Relevant URL: http://www.securityfocus.com/bid/13024 Summary: Vixie cron crontab is reported prone to an information disclosure vulnerability that may allow local attackers to disclose users' crontab files. It is reported that this issue arises due to a design error resulting in the insecure creation of a temporary file in the '/tmp' directory. This occurs when crontab is executed with the '-e' option used for editing the current crontab. An attacker may leverage this issue to disclose potentially sensitive data, which may be used to carry out further attacks against a computer. Vixie cron 4.1-24_FC3 running on Fedora Core 3 is reported vulnerable. It is possible that other versions on different operating systems are affected as well. This issue may be specific to Red Hat operating systems. It is also possible that this issue is related to BID 1845 (HP-UX crontab /tmp File Vulnerability). 16. PHP-Nuke Web_Links Module Multiple Cross-Site Scripting Vuln... BugTraq ID: 13025 Remote: Yes Date Published: Apr 06 2005 Relevant URL: http://www.securityfocus.com/bid/13025 Summary: PHP-Nuke is reportedly affected by multiple cross-site scripting vulnerabilities in the Web_Links Module. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 17. PHP-Nuke Banners.PHP Cross-Site Scripting Vulnerability BugTraq ID: 13026 Remote: Yes Date Published: Apr 06 2005 Relevant URL: http://www.securityfocus.com/bid/13026 Summary: PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 18. PHP-Nuke Top Module SQL Injection Vulnerability BugTraq ID: 13047 Remote: Yes Date Published: Apr 06 2005 Relevant URL: http://www.securityfocus.com/bid/13047 Summary: PHP-Nuke is prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation. 19. SurgeFTP LEAK Command Denial of Service Vulnerability BugTraq ID: 13054 Remote: Yes Date Published: Apr 07 2005 Relevant URL: http://www.securityfocus.com/bid/13054 Summary: SurgeFTP is prone to a denial of service condition. This issue exists when the LEAK command is issued to the FTP server. Successful exploitation will cause the FTP server to either refuse new connections or not be able to send or receive files. 20. PHP-Nuke Web_Links Module Multiple SQL Injection Vulnerabili... BugTraq ID: 13055 Remote: Yes Date Published: Apr 07 2005 Relevant URL: http://www.securityfocus.com/bid/13055 Summary: The Web_Links module of PHP-Nuke is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. These issues are reported to affect PHP-Nuke version 7.6; earlier versions may also be affected. 21. Axel HTTP Redirection Buffer Overflow Vulnerability BugTraq ID: 13059 Remote: Yes Date Published: Apr 07 2005 Relevant URL: http://www.securityfocus.com/bid/13059 Summary: Axel is prone to a buffer overflow vulnerability when handling HTTP redirection. A malicious HTTP response can trigger this issue, potentially allowing for arbitrary code execution. 22. Macromedia ColdFusion MX Updater Remote File Disclosure Vuln... BugTraq ID: 13060 Remote: Yes Date Published: Apr 07 2005 Relevant URL: http://www.securityfocus.com/bid/13060 Summary: A remote file disclosure vulnerability affects Macromedia ColdFusion MX. The problem presents itself due to a design error that causes potentially sensitive files to be stored in insecure locations. An attacker may leverage this issue to gain access to compiled Java class files processed by the affected application server. This may facilitate further attacks and application code disclosure. 23. PHP-Nuke Downloads Module Multiple SQL Injection Vulnerabili... BugTraq ID: 13061 Remote: Yes Date Published: Apr 07 2005 Relevant URL: http://www.securityfocus.com/bid/13061 Summary: PHP-Nuke Downloads module is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. These issues are reported to affect PHP-Nuke version 7.6; earlier versions may also be affected. 24. SUSE Netapplet Unspecified Local Privilege Escalation Vulner... BugTraq ID: 13068 Remote: No Date Published: Apr 08 2005 Relevant URL: http://www.securityfocus.com/bid/13068 Summary: Netapplet is prone to a local input validation issue. This could allow a local user to gain elevated privileges. Specific details of this vulnerability are not currently known. 25. SUSE Tetex tmp File Existence Disclosure Vulnerability BugTraq ID: 13072 Remote: No Date Published: Apr 08 2005 Relevant URL: http://www.securityfocus.com/bid/13072 Summary: teTex is prone to a symbolic link issue that could allow users to determine the existence of files in directories they do not have permission to access. Information gathered through this vulnerability could be used to carry out further attacks against the computer. 26. PostNuke Phoenix OP Parameter Remote Cross-Site Scripting Vu... BugTraq ID: 13075 Remote: Yes Date Published: Apr 08 2005 Relevant URL: http://www.securityfocus.com/bid/13075 Summary: A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 27. PostNuke Phoenix Module Parameter Remote Cross-Site Scriptin... BugTraq ID: 13076 Remote: Yes Date Published: Apr 08 2005 Relevant URL: http://www.securityfocus.com/bid/13076 Summary: A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. |
April 14th 2005 (SN) - Part 1
Secunia
[SA14949] Red Hat update for kdegraphics Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-04-13 Red Hat has issued an update for kdegraphics. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14949/ [SA14922] Microsoft Internet Explorer Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2005-04-12 Some vulnerabilities has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14922/ [SA14914] SUSE update for kdelibs3 Critical: Highly critical Where: From remote Impact: Spoofing, DoS, System access Released: 2005-04-12 SUSE has issued an update for kdelibs3. This fixes some vulnerabilities, which can be exploited to cause a DoS (Denial of Service), spoof the URL displayed in an address bar and status bar, or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14914/ [SA14908] KDE kdelibs PCX Image Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-04-12 Bruno Rohee has reported a vulnerability in KDE kdelibs, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14908/ [SA14900] SUSE Updates for Multiple Packages Critical: Highly critical Where: From remote Impact: Exposure of system information, Privilege escalation, System access Released: 2005-04-11 SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious, local users to escalate their privileges and by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14900/ [SA14893] UnixWare update for libtiff Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-04-08 SCO has issued an update for libtiff. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14893/ [SA14963] Fedora update for openoffice Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-04-14 Fedora has issued an update for openoffice. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14963/ [SA14939] Debian update for axel Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-13 Debian has issued an update for axel. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14939/ [SA14933] Gentoo update for axel Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-13 Gentoo has issued an update for axel. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14933/ [SA14907] UnixWare update for telnet Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-11 Unixware has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14907/ [SA14897] Access_user Class Undocumented Default Password Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-04-08 The vendor has reported a security issue in Access_user Class, which can be exploited by malicious people to get access to arbitrary accounts. Full Advisory: http://secunia.com/advisories/14897/ [SA14873] Camino JavaScript Engine Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2005-04-08 A vulnerability has been discovered in Camino, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Full Advisory: http://secunia.com/advisories/14873/ [SA14951] Gentoo update for gld Critical: Moderately critical Where: From local network Impact: System access Released: 2005-04-13 Gentoo has issued an update for gld. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14951/ [SA14948] Red Hat update for dhcp Critical: Moderately critical Where: From local network Impact: System access Released: 2005-04-13 Red Hat has issued an update for dhcp. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14948/ [SA14941] Gld Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: System access Released: 2005-04-13 dong-hun you has reported some vulnerabilities in Gld, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14941/ [SA14891] UnixWare CDE dtlogin XDMCP Parsing Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2005-04-08 SCO has acknowledged a vulnerability in UnixWare, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14891/ [SA14946] AIX Various Communication Protocol Security Issues Critical: Less critical Where: From remote Impact: DoS Released: 2005-04-13 IBM has acknowledged some security issues in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14946/ [SA14945] Sun Solaris ICMP Message Handling Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2005-04-13 Sun has acknowledged some security issues in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14945/ [SA14925] KDE KMail User Interface Spoofing Vulnerability Critical: Less critical Where: From remote Impact: Spoofing Released: 2005-04-11 Noam Rathaus has discovered a vulnerability in KMail, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/14925/ [SA14911] Gentoo update for phpmyadmin Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-04-12 Gentoo has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attack. Full Advisory: http://secunia.com/advisories/14911/ [SA14898] FirstClass Client Bookmark Files Can Launch Local Programs Critical: Less critical Where: From remote Impact: System access Released: 2005-04-08 dila has reported a vulnerability in FirstClass, which can be exploited by malicious people to execute arbitrary commands on a vulnerable system. Full Advisory: http://secunia.com/advisories/14898/ [SA14895] Fedora update for gftp Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-04-08 Fedora has issued an update for gftp. This fixes a vulnerability, which can be exploited by malicious people to conduct directory traversal attacks. Full Advisory: http://secunia.com/advisories/14895/ [SA14877] Gentoo update for gnome-vfs/libcdaudio Critical: Less critical Where: From remote Impact: System access Released: 2005-04-08 Gentoo has issued updates for gnome-vfs and libcdaudio. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14877/ [SA14936] Debian update for mysql Critical: Less critical Where: From local network Impact: Security Bypass, Privilege escalation, System access Released: 2005-04-14 Debian has issued an update for mysql. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and potentially compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14936/ [SA14872] Mandrake update for mysql Critical: Less critical Where: From local network Impact: Security Bypass Released: 2005-04-13 MandrakeSoft has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14872/ [SA14863] Ubuntu update for mysql-server Critical: Less critical Where: From local network Impact: Security Bypass Released: 2005-04-07 Ubuntu has issued an update for mysql-server. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14863/ [SA14956] Gentoo update for rsnapshot Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-04-14 Gentoo has issued an update for rsnapshot. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14956/ [SA14926] Ubuntu update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2005-04-11 Ubuntu has issued updates for the kernel. These fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. Full Advisory: http://secunia.com/advisories/14926/ |
April 14th 2005 (SN) - Part 2
[SA14903] portupgrade Insecure Temporary File Creation Vulnerability
Critical: Less critical Where: Local system Impact: Manipulation of data Released: 2005-04-12 Simon L. Nielsen has reported a vulnerability in portupgrade, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14903/ [SA14894] UnixWare update for cdrecord Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-04-08 SCO has issued an update for cdrecord. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/14894/ [SA14892] OpenServer auditsh/atcronsh/termsh Buffer Overflow Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-04-08 Joel Soderberg and Christer Oberg have reported some vulnerabilities in SCO OpenServer, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/14892/ [SA14878] rsnapshot "copy_symlink()" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-04-11 A vulnerability has been reported in rsnapshot, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14878/ [SA14876] OpenServer update for cscope Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-04-08 SCO has issued an update for cscope. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14876/ [SA14875] SGI IRIX gr_osview Privilege Escalation and Information Disclosure Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2005-04-08 Two vulnerabilities have been reported in SGI IRIX, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and disclose some sensitive information. Full Advisory: http://secunia.com/advisories/14875/ [SA14952] Mandrake update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-14 MandrakeSoft has issued an update for gaim. This fixes three weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14952/ [SA14947] Red Hat update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-13 Red Hat has issued an update for gaim. This fixes three weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14947/ [SA14886] Mandrake update for gtk+2.0 Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-08 MandrakeSoft has issued an update for gtk+2.0. This fixes a vulnerability, which can be exploited by malicious people to crash certain applications on a vulnerable system. Full Advisory: http://secunia.com/advisories/14886/ [SA14885] Mandrake update for gdk-pixbuf Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-08 MandrakeSoft has issued an update for gdk-pixbuf. This fixes a vulnerability, which can be exploited by malicious people to crash certain applications on a vulnerable system. Full Advisory: http://secunia.com/advisories/14885/ [SA14899] Pine rpdump File Creation Race Condition Vulnerability Critical: Not critical Where: Local system Impact: Manipulation of data Released: 2005-04-12 Imran Ghory has reported a vulnerability in Pine, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14899/ [SA14887] Mandrake update for sharutils Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-04-08 MandrakeSoft has issued an update for sharutils. This fixes a vulnerability, which potentially can be exploited by malicious, local users to conduct certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14887/ [SA14883] Red Hat vixie-cron Exposure of Arbitrary Cron Files Critical: Not critical Where: Local system Impact: Exposure of system information Released: 2005-04-08 Karol Wiêsek has discovered a vulnerability in vixie-cron on Red Hat Enterprise Linux, which can be exploited by malicious, local users to read arbitrary cron files. Full Advisory: http://secunia.com/advisories/14883/ [SA14862] Fedora Core vixie-cron Exposure of Arbitrary Cron Files Critical: Not critical Where: Local system Impact: Exposure of system information Released: 2005-04-08 Karol Wiêsek has discovered a vulnerability in vixie-cron on Fedora Core, which can be exploited by malicious, local users to read arbitrary cron files. Full Advisory: http://secunia.com/advisories/14862/ [SA14916] DokuWiki File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-04-13 Håvar Henriksen has reported a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14916/ [SA14890] ModernBill Cross-Site Scripting and File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2005-04-11 James Bercegay has reported some vulnerabilities in ModernBill, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14890/ [SA14935] Oracle Products Multiple Unspecified Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS Released: 2005-04-13 Multiple vulnerabilities have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to gain knowledge of sensitive information, manipulate data, or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14935/ [SA14929] Mambo zOOm Media Gallery Module "catid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-04-12 Andreas Constantinides has reported a vulnerability in the zOOm Media Gallery module for Mambo, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14929/ [SA14919] jPortal Banner Module SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2005-04-12 Marcin "CiNU5" Krupowicz has reported a vulnerability in jPortal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14919/ [SA14913] aeDating Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2005-04-12 dionisio has reported some vulnerabilities in aeDating, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/14913/ [SA14912] OpenOffice ".doc" Document Handling Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-04-13 AD-LAB has reported a vulnerability in OpenOffice, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14912/ [SA14906] RadBids Gold Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2005-04-11 Diabolic Crab has reported some vulnerabilities in RadBids Gold, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and potentially disclose sensitive information. Full Advisory: http://secunia.com/advisories/14906/ [SA14888] SurgeFTP "LEAK" Command Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-04-08 Tan Chew Keong has reported a vulnerability in SurgeFTP, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14888/ [SA14882] PunBB SQL Injection and Cross-Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-04-08 Some vulnerabilities have been reported in PunBB, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14882/ [SA14881] Macromedia ColdFusion MX Exposure of Class Files Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2005-04-08 Sean Waddell has reported a security issue in Macromedia ColdFusion MX, which can be exploited by malicious people to disclose some potentially sensitive information. Full Advisory: http://secunia.com/advisories/14881/ [SA14869] Runcms / exoops Arbitrary File Upload Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-07 pokleyzz has reported a vulnerability in Runcms and exoops, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14869/ [SA14866] PHP-Nuke Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information Released: 2005-04-07 Some vulnerabilities have been reported in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14866/ [SA14934] Veritas i3 FocalPoint Server Unspecified Vulnerability Critical: Moderately critical Where: From local network Impact: Unknown Released: 2005-04-13 NGSSoftware has reported a vulnerability with an unknown impact in Veritas i3 FocalPoint server. Full Advisory: http://secunia.com/advisories/14934/ [SA14940] eGroupWare Exposure of Mail Attachments Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-04-13 Gerald Quakenbush has discovered a security issue in eGroupWare, which may expose sensitive information to malicious people. Full Advisory: http://secunia.com/advisories/14940/ [SA14924] Pinnacle Cart "pg" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-04-13 SmOk3 has reported a vulnerability in Pinnacle Cart, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14924/ [SA14902] Sun Java JDK/SDK Jar Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2005-04-11 Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14902/ [SA14884] TowerBlog Exposure of Sensitive Information Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-04-11 CorryL has reported a vulnerability in TowerBlog, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/14884/ [SA14868] PostNuke Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-04-08 Diabolic Crab has reported some vulnerabilities in PostNuke, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14868/ [SA14867] CubeCart "language" PHP Script Inclusion Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of system information Released: 2005-04-07 John Cobb has reported a vulnerability in CubeCart, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14867/ [SA14865] HP OpenView Network Node Manager Unspecified Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2005-04-07 A vulnerability has been reported in OpenView Network Node Manager (OV NNM), which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14865/ |
April 15th 2005 (LAW)
Distribution: Debian
* Debian: New axel packages fix arbitrary code execution 13th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/118866 Distribution: Fedora * Fedora Core 3 Update: gftp-2.0.18-0.FC3 7th, April, 2005 Updated package http://www.linuxsecurity.com/content/view/118824 * Fedora Core 2 Update: gftp-2.0.18-0.FC2 7th, April, 2005 Updated package http://www.linuxsecurity.com/content/view/118825 * Fedora Core 3 Update: wireless-tools-27-1.2.0.fc3 7th, April, 2005 Please see below for changes. http://www.linuxsecurity.com/content/view/118827 * Fedora Core 3 Update: glibc-2.3.5-0.fc3.1 7th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/118836 * Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.94 8th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/118839 * Fedora Core 3 Update: kernel-2.6.11-1.14_FC3 11th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/118851 * Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.96 11th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/118852 * Fedora Core 3 Update: autofs-4.1.3-114 12th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/118862 * Fedora Core 3 Update: gcc-3.4.3-22.fc3 12th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/118864 * Fedora Core 3 Update: gcc4-4.0.0-0.41.fc3 12th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/118865 Distribution: Gentoo * Gentoo: GnomeVFS, libcdaudio CDDB response overflow 8th, April, 2005 The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code. http://www.linuxsecurity.com/content/view/118837 * Gentoo: Smarty Template vulnerability 10th, April, 2005 New ways of bypassing Smarty's "Template security" were found and fixed in Smarty. Users making use of that feature are encouraged to upgrade to version 2.6.9. The updated sections appear below. http://www.linuxsecurity.com/content/view/118843 * Gentoo: phpMyAdmin Cross-site scripting vulnerability 11th, April, 2005 phpMyAdmin is vulnerable to a cross-site scripting attack. http://www.linuxsecurity.com/content/view/118850 * Gentoo: Axel Vulnerability in HTTP redirection handling 12th, April, 2005 A buffer overflow vulnerability has been found in Axel which could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/118863 Distribution: Mandrake * Mandrake: Updated shorewall packages 7th, April, 2005 The shorewall package is being updated to provide appropriate bogons information and other minor fixes. http://www.linuxsecurity.com/content/view/118823 * Mandrake: Updated gtk+2.0 packages fix 7th, April, 2005 A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/118832 * Mandrake: Updated sharutils packages 7th, April, 2005 Shaun Colley discovered a buffer overflow in shar that was triggered by output files (using -o) with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code. http://www.linuxsecurity.com/content/view/118833 * Mandrake: Updated gdk-pixbuf packages 7th, April, 2005 A bug was discovered in the way that gdk-pixbuf processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gdk-pixbuf. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/118834 Distribution: Red Hat * RedHat: Moderate: kdegraphics security update 12th, April, 2005 Updated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team http://www.linuxsecurity.com/content/view/118856 * RedHat: Moderate: dhcp security update 12th, April, 2005 An updated dhcp package that fixes a string format issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118857 * RedHat: Important: gaim security update 12th, April, 2005 An updated gaim package that fixes multiple denial of service issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118858 Distribution: SuSE * SuSE: various KDE security problems 11th, April, 2005 Several vulnerabilities have been identified and fixed in the KDE desktop environment. http://www.linuxsecurity.com/content/view/118849 |
| All times are GMT -5. The time now is 11:30 PM. |