LQ Security Report - February 27th 2005
February 22nd 2005
25 issues handled (SF) 1. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R... 2. gFTP Remote Directory Traversal Vulnerability 3. Debian Toolchain-Source Multiple Insecure Temporary File Cre... 4. AWStats Plugin Multiple Remote Command Execution Vulnerabili... 5. AWStats Debug Remote Information Disclosure Vulnerability 6. Synaesthesia Local File Disclosure Vulnerability 7. Opera Web Browser Multiple Remote Vulnerabilities 8. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne... 9. VMWare Workstation For Linux Local Privilege Escalation Vuln... 10. Linux Kernel Multiple Local Buffer Overflow And Memory Discl... 11. ELOG Web Logbook Multiple Remote Vulnerabilities 12. CitrusDB CSV File Upload Access Validation Vulnerability 13. CitrusDB Remote Authentication Bypass Vulnerability 14. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities 15. CitrusDB Arbitrary Local PHP File Include Vulnerability 16. Lighttpd Remote CGI Script Disclosure Vulnerability 17. Typespeed Local Format String Vulnerability 18. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi... 19. AWStats Logfile Parameter Remote Command Execution Vulnerabi... 20. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ... 21. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service... 22. GProFTPD GProstats Remote Format String Vulnerability 23. Gaim Multiple Remote Denial of Service Vulnerabilities 24. Bidwatcher Remote Format String Vulnerability 25. Tarantella Enterprise/Secure Global Desktop Remote Informati... February 24th 2005 47 issues handled (SN) [SA14346] Apple Mac OS X update for Java [SA14364] cURL/libcURL NTLM and Kerberos Authentication Buffer Overflows [SA14363] Gentoo update for putty [SA14361] Gentoo update for gproftpd [SA14352] SUSE Updates for Multiple Packages [SA14340] GProftpd Log Parser Format String Vulnerability [SA14331] Gentoo update for mc [SA14330] Astaro update for BIND [SA14334] Fedora update for kdeedu [SA14376] Debian update for libapache-mod-python [SA14375] SUSE update for squid [SA14370] Fedora update for squid [SA14368] Debian update for squid [SA14355] Red Hat update for imap [SA14354] glFTPd "SITE NFO" Directory Traversal Vulnerability [SA14348] Tarantella Products User Account Enumeration Security Issue [SA14347] Debian update for bidwatcher [SA14343] Ubuntu update for squid [SA14341] Gentoo update for gftp [SA14339] Gentoo update for squid [SA14332] Debian update for gftp [SA14325] Mono ASP.NET Unicode Conversion Cross-Site Scripting [SA14324] Bidwatcher eBay Format String Vulnerability [SA14323] Mandrake update for kdelibs [SA14320] Mandrake update for postgresql [SA14371] Fedora update for postgresql [SA14328] fallback-reboot Daemon Status Denial of Service Vulnerability [SA14321] Ulog-php SQL Injection Vulnerabilities [SA14357] Red Hat update for cpio [SA14356] Red Hat update for vim [SA14345] IBM AIX Perl Interpreter Privilege Escalation Vulnerabilities [SA14338] Sun Solaris kcms_configure Arbitrary File Manipulation Vulnerability [SA14374] Fedora update for gaim [SA14322] Gaim Two Denial of Service Weaknesses [SA14337] Mambo "GLOBALS['mosConfig_absolute_path']" File Inclusion [SA14369] iGeneric iG Shop SQL Injection Vulnerabilities [SA14362] phpBB Avatar Functions Information Disclosure and Deletion [SA14359] unace Directory Traversal and Buffer Overflow Vulnerabilities [SA14351] Biz Mail Form Open Mail Relay Vulnerability [SA14342] IRM LDAP Login Security Bypass Vulnerability [SA14336] Batik Squiggle Browser Unspecified Security Bypass [SA14333] PuTTY Two Integer Overflow Vulnerabilities [SA14326] vBulletin "template" PHP Code Injection Vulnerability [SA14319] WebCalendar "webcalendar_session" SQL Injection [SA14327] Arkeia Backup Client Type 77 Request Processing Buffer Overflow [SA14360] MediaWiki Multiple Vulnerabilities [SA14329] Invision Power Board SML Codes Script Insertion Vulnerability February 25th 2005 30 issues handled across 6 distros(LAW) emacs21 gftp bidwatcher mailman squid mod_python kdeedu selinux-policy-targeted policycoreutils gamin pcmcia-cs gaim openssh postgresql gimp-help Midnight Commander GProFTPD PuTTY Cyrus IMAP server cups gpdf kdelibs KDE xpdf tetex uim cpio imap vim kernel |
February 22nd 2005 (SF)
Security Focus
1. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R... BugTraq ID: 12536 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12536 Summary: A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve/Enterprise. This issue is due to a failure of the application to securely copy data from the network. It should be noted that this issue is reportedly distinct from that outlined in BID 12522 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability). A remote attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well. 2. gFTP Remote Directory Traversal Vulnerability BugTraq ID: 12539 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12539 Summary: A remote directory traversal vulnerability reportedly affects gFTP. This issue is due to a failure of the application to sanitize input supplied by malicious FTP server. An attacker may leverage this issue to overwrite or create arbitrary files on an affected computer with the privileges of an unsuspecting user running the vulnerable application. This may lead to a compromise of the affected computer, denial of service attacks, as well as others. 3. Debian Toolchain-Source Multiple Insecure Temporary File Cre... BugTraq ID: 12540 Remote: No Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12540 Summary: toolchain-source is reportedly affected by multiple local insecure temporary file creation vulnerabilities. These issues are likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. These issues affect some Debian-specific scripts supplied with the package. Debian toolchain-source versions prior to 3.0.4-1woody1 are reported vulnerable to these issues. 4. AWStats Plugin Multiple Remote Command Execution Vulnerabili... BugTraq ID: 12543 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12543 Summary: Multiple remote command execution vulnerabilities reportedly affect AWStats. These issues are due to an input validation error that allows a remote attacker to specify commands to be executed in the context of the affected application. The first problem presents itself due to the potential of malicious use of the 'loadplugin' and 'pluginmode' parameters of the 'awstats.pl' script. The second issue arises from an insecure implementation of the 'loadplugin' parameter functionality. An attacker may leverage these issues to execute arbitrary commands with the privileges of the affected web server running the vulnerable scripts. This may facilitate unauthorized access to the affected computer, as well as other attacks. Multiple sources have reported that AWStats 6.3 and subsequent versions are not vulnerable to these issues. 5. AWStats Debug Remote Information Disclosure Vulnerability BugTraq ID: 12545 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12545 Summary: A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may leverage this issue to gain access to potentially sensitive data, possibly facilitating further attacks against an affected computer. 6. Synaesthesia Local File Disclosure Vulnerability BugTraq ID: 12546 Remote: No Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12546 Summary: A local file disclosure vulnerability affects Synaesthesia. This issue is due to a failure of the application to securely access files. An attacker may leverage this issue to read arbitrary files on an affected computer. Information gained in this way may lead to further attacks. 7. Opera Web Browser Multiple Remote Vulnerabilities BugTraq ID: 12550 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12550 Summary: Opera Web Browser is reported prone to multiple vulnerabilities that are exploitable remotely. The following issues are reported: Opera Web Browser is prone to a vulnerability that presents itself when the browser handles 'data' URIs. A remote malicious website may exploit this condition to execute arbitrary code in the context of a user that is running a vulnerable version of the affected browser. Opera Web Browser is prone to an unspecified security vulnerability that exists in the Opera Java LiveConnect class. Few details are known in regards to this vulnerability. However, it is believed that the issue may be exploited by a remote malicious web site to access dangerous private Java methods. This is not confirmed. This BID will be updated as soon as further research into these issues is completed. 8. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne... BugTraq ID: 12551 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12551 Summary: A remote denial of service vulnerability is reported to exist in Squid. The issue is reported to present itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response. The vendor reports that under the above circumstances the affected service will crash due to an assertion error, effectively denying service to legitimate users. 9. VMWare Workstation For Linux Local Privilege Escalation Vuln... BugTraq ID: 12552 Remote: No Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12552 Summary: It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location. A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application. 10. Linux Kernel Multiple Local Buffer Overflow And Memory Discl... BugTraq ID: 12555 Remote: No Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12555 Summary: Multiple local buffer overflow and memory disclosure vulnerabilities affect the Linux kernel. These issues are due to a failure to securely copy user-controlled data, a race condition error, and a failure to secure memory written by the kernel. The first issue is a buffer overflow vulnerability in the procfs functionality. The second issue is a kernel memory disclosure vulnerability. The third issue is a race condition error in the Radeon driver that leads to a potential buffer overflow condition. The fourth issue is a buffer overflow vulnerability in the i2c-viapro driver. A local attacker may leverage these issues to execute arbitrary code, potentially facilitating privilege escalation, and to disclose sensitive kernel memory. 11. ELOG Web Logbook Multiple Remote Vulnerabilities BugTraq ID: 12556 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12556 Summary: ELOG is reported prone to multiple remote vulnerabilities. These issues may allow an attacker to disclose sensitive information and potentially execute arbitrary code on a vulnerable computer. The following specific issues were identified: The application is reported prone to an unspecified buffer overflow vulnerability. The vendor has reported that this vulnerability is exploitable and allows attackers to gain unauthorized access to a vulnerable computer. Another vulnerability affecting the application can allow remote attackers to obtain sensitive information such as authentication credentials stored in an unspecified configuration file. ELOG 2.5.0 and prior versions are affected by these vulnerabilities. 12. CitrusDB CSV File Upload Access Validation Vulnerability BugTraq ID: 12557 Remote: Yes Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12557 Summary: CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import. These issues are reported to affect CitrusDB 0.3.6; earlier versions may also be affected. 13. CitrusDB Remote Authentication Bypass Vulnerability BugTraq ID: 12560 Remote: Yes Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12560 Summary: CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information. An attacker could exploit this vulnerability to log in as any existing user, including the 'admin' account. This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected. 14. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 12561 Remote: Yes Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12561 Summary: It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials 15. CitrusDB Arbitrary Local PHP File Include Vulnerability BugTraq ID: 12564 Remote: Unknown Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12564 Summary: CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected. This issue may also allow remote file includes, although this has not been confirmed. 16. Lighttpd Remote CGI Script Disclosure Vulnerability BugTraq ID: 12567 Remote: Yes Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12567 Summary: lighttpd is reported prone to an information disclosure vulnerability. Reports indicate that a NULL sequence appended to the filename of a CGI or FastCGI script will result in the script contents being served to the requestor. Information that is harvested by exploiting this vulnerability may be used to aid in further attacks launched against the target computer. This vulnerability is reported to affect lighttpd 1.3.7 and previous versions. 17. Typespeed Local Format String Vulnerability BugTraq ID: 12569 Remote: No Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12569 Summary: typespeed is prone to a local format string vulnerability. Successful could allow privilege escalation. 18. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi... BugTraq ID: 12570 Remote: Yes Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12570 Summary: Multiple buffer overflow vulnerabilities affect KDE KStar fliccd. These issues are due to a failure of the utility to securely copy user-supplied data into process memory. An attacker may leverage these issues to gain escalated privileges locally and, if the affected utility is run as a daemon, may facilitate remote code execution with superuser privileges. 19. AWStats Logfile Parameter Remote Command Execution Vulnerabi... BugTraq ID: 12572 Remote: Yes Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12572 Summary: AWStats is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl open() routine. It is beleived that this issue is distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability). AWStats versions 5.4 to 6.1 are reported vulnerable to this issue. 20. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ... BugTraq ID: 12575 Remote: No Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12575 Summary: A security weakness is reported to affect the Advanced Linux Sound Architecture (ALSA) 'libasound.so' module; specifically the issue is reported to be present in the ALSA mixer code. It is reported that the weakness can be leveraged to disable stack-based memory code execution protection on binaries that are linked to the library. 21. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service... BugTraq ID: 12584 Remote: Yes Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12584 Summary: OpenLDAP is reported prone to multiple unspecified remotely exploitable denial of service vulnerabilities. The vulnerabilities are reported to exist in the 'slapd' daemon. A remote attacker may exploit these vulnerabilities to deny LDAP service for legitimate users. This BID will be updated as soon as further information regarding these issues is made available. 22. GProFTPD GProstats Remote Format String Vulnerability BugTraq ID: 12588 Remote: Yes Date Published: Feb 18 2005 Relevant URL: http://www.securityfocus.com/bid/12588 Summary: GProftpd gprostats utility is reported prone to a remote format string handling vulnerability. A remote attacker may exploit this vulnerability to execute arbitrary attacker-supplied code in the context of the affected utility. This vulnerability is reported to affect GProftpd version 8.1.7 and precious versions. 23. Gaim Multiple Remote Denial of Service Vulnerabilities BugTraq ID: 12589 Remote: Yes Date Published: Feb 18 2005 Relevant URL: http://www.securityfocus.com/bid/12589 Summary: Gaim is prone to multiple remote denial of service vulnerabilities. These issues can allow remote attackers to crash an affected client. The following specific issues were identified: Remote AIM or ICQ users may trigger a crash in a client by sending malformed SNAC packets. Another vulnerability in the client arises during the parsing of malformed HTML data. Gaim versions prior to 1.1.3 are affected by these issues. 24. Bidwatcher Remote Format String Vulnerability BugTraq ID: 12590 Remote: Yes Date Published: Feb 18 2005 Relevant URL: http://www.securityfocus.com/bid/12590 Summary: A remote format string vulnerability affects bidwatcher. This issue is due to a failure of the application to properly implement a formatted string function. An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of an unsuspecting user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. 25. Tarantella Enterprise/Secure Global Desktop Remote Informati... BugTraq ID: 12591 Remote: Yes Date Published: Feb 18 2005 Relevant URL: http://www.securityfocus.com/bid/12591 Summary: Tarantella Enterprise 3 and Secure Global Desktop products are prone to an information disclosure vulnerability. This issue arises from a design error that may allow an attacker to gather sensitive information about a vulnerable computer. Information gathered by exploiting this vulnerability may be used to launch other attacks against a computer. Specifically, computers running Tarantella Enterprise 3 and Secure Global Desktop products in combination with RSA SecurID and multiple users with the same username are affected. |
February 24th 2005 (SN)
Secunia
[SA14346] Apple Mac OS X update for Java Critical: Highly critical Where: From remote Impact: System access Released: 2005-02-23 Apple has acknowledged a vulnerability in Java for Mac OS X, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14346/ [SA14364] cURL/libcURL NTLM and Kerberos Authentication Buffer Overflows Critical: Moderately critical Where: From remote Impact: System access Released: 2005-02-22 infamous41md has reported two vulnerabilities in cURL/libcURL, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14364/ [SA14363] Gentoo update for putty Critical: Moderately critical Where: From remote Impact: System access Released: 2005-02-22 Gentoo has issued an update for putty. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14363/ [SA14361] Gentoo update for gproftpd Critical: Moderately critical Where: From remote Impact: System access Released: 2005-02-21 Gentoo has issued an update for gproftpd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14361/ [SA14352] SUSE Updates for Multiple Packages Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, DoS, System access Released: 2005-02-22 SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited to gain escalated privileges, bypass certain security restrictions, enumerate valid users, overwrite files, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14352/ [SA14340] GProftpd Log Parser Format String Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2005-02-21 Tavis Ormandy has reported a vulnerability in GProftpd, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14340/ [SA14331] Gentoo update for mc Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-02-18 Gentoo has issued an update for mc. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or execute arbitrary code. Full Advisory: http://secunia.com/advisories/14331/ [SA14330] Astaro update for BIND Critical: Moderately critical Where: From remote Impact: Unknown Released: 2005-02-18 Full Advisory: http://secunia.com/advisories/14330/ [SA14334] Fedora update for kdeedu Critical: Moderately critical Where: From local network Impact: Privilege escalation, System access Released: 2005-02-18 Fedora has issued an update for kdeedu. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14334/ [SA14376] Debian update for libapache-mod-python Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-02-23 Debian has issued an update for libapache-mod-python. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/14376/ [SA14375] SUSE update for squid Critical: Less critical Where: From remote Impact: DoS Released: 2005-02-23 SUSE has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14375/ [SA14370] Fedora update for squid Critical: Less critical Where: From remote Impact: DoS Released: 2005-02-23 Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14370/ [SA14368] Debian update for squid Critical: Less critical Where: From remote Impact: DoS Released: 2005-02-23 Debian has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14368/ [SA14355] Red Hat update for imap Critical: Less critical Where: From remote Impact: System access Released: 2005-02-21 Red Hat has issued an update for imap. This fixes an older vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14355/ [SA14354] glFTPd "SITE NFO" Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2005-02-22 Paul Craig has reported a vulnerability in glFTPd, which can be exploited by malicious users to detect the presence of local files and disclose some system and sensitive information. Full Advisory: http://secunia.com/advisories/14354/ [SA14348] Tarantella Products User Account Enumeration Security Issue Critical: Less critical Where: From remote Impact: Exposure of system information Released: 2005-02-21 A security issue has been reported in Secure Global Desktop Enterprise Edition and Tarantella Enterprise, which can be exploited by malicious people to enumerate valid user accounts and disclose some system information. Full Advisory: http://secunia.com/advisories/14348/ [SA14347] Debian update for bidwatcher Critical: Less critical Where: From remote Impact: System access Released: 2005-02-21 Debian has issued an update for bidwatcher. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14347/ [SA14343] Ubuntu update for squid Critical: Less critical Where: From remote Impact: DoS Released: 2005-02-21 Ubuntu has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14343/ [SA14341] Gentoo update for gftp Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-02-21 Gentoo has issued an update for gftp. This fixes a vulnerability, which can be exploited by malicious people to conduct directory traversal attacks. Full Advisory: http://secunia.com/advisories/14341/ [SA14339] Gentoo update for squid Critical: Less critical Where: From remote Impact: DoS Released: 2005-02-21 Gentoo has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14339/ [SA14332] Debian update for gftp Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-02-18 Debian has issued an update for gftp. This fixes a vulnerability, which can be exploited by malicious people to conduct directory traversal attacks. Full Advisory: http://secunia.com/advisories/14332/ [SA14325] Mono ASP.NET Unicode Conversion Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-02-22 Andrey Rusyaev has discovered a vulnerability in Mono, which potentially can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/14325/ [SA14324] Bidwatcher eBay Format String Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2005-02-18 Ulf Härnhammar has reported a vulnerability in Bidwatcher, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14324/ [SA14323] Mandrake update for kdelibs Critical: Less critical Where: From remote Impact: Manipulation of data, Privilege escalation Released: 2005-02-18 MandrakeSoft has issued an update for kdelibs. This fixes two vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct FTP command injection attacks. Full Advisory: http://secunia.com/advisories/14323/ [SA14320] Mandrake update for postgresql Critical: Less critical Where: From remote Impact: Security Bypass, Privilege escalation, DoS Released: 2005-02-18 MandrakeSoft has issued an update for postgresql. This fixes various vulnerabilities, which can be exploited by malicious users to gain escalated privileges, cause a DoS (Denial of Service), or bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14320/ [SA14371] Fedora update for postgresql Critical: Less critical Where: From local network Impact: Privilege escalation Released: 2005-02-23 Fedora has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/14371/ [SA14328] fallback-reboot Daemon Status Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2005-02-22 A vulnerability has been reported in fallback-reboot, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14328/ [SA14321] Ulog-php SQL Injection Vulnerabilities Critical: Less critical Where: From local network Impact: Manipulation of data Released: 2005-02-21 Some vulnerabilities have been reported in Ulog-php, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14321/ [SA14357] Red Hat update for cpio Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Manipulation of data Released: 2005-02-21 Red Hat has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious, local users to disclose and manipulate information. Full Advisory: http://secunia.com/advisories/14357/ [SA14356] Red Hat update for vim Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-02-21 Red Hat has issued an update for vim. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14356/ [SA14345] IBM AIX Perl Interpreter Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-02-21 IBM has acknowledged two vulnerabilities in the perl interpreter in AIX. These can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/14345/ [SA14338] Sun Solaris kcms_configure Arbitrary File Manipulation Vulnerability Critical: Less critical Where: Local system Impact: Manipulation of data Released: 2005-02-22 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to manipulate the contents of arbitrary files. Full Advisory: http://secunia.com/advisories/14338/ [SA14374] Fedora update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-02-23 Fedora has issued an update for gaim. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14374/ [SA14322] Gaim Two Denial of Service Weaknesses Critical: Not critical Where: From remote Impact: DoS Released: 2005-02-18 Two weaknesses have been reported in Gaim, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14322/ [SA14337] Mambo "GLOBALS['mosConfig_absolute_path']" File Inclusion Critical: Highly critical Where: From remote Impact: System access Released: 2005-02-21 A vulnerability has been reported in Mambo, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14337/ [SA14369] iGeneric iG Shop SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-02-23 John Cobb has reported some vulnerabilities in iG Shop, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14369/ [SA14362] phpBB Avatar Functions Information Disclosure and Deletion Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2005-02-22 AnthraX101 has reported two vulnerabilities in phpBB, which can be exploited by malicious users to disclose and delete sensitive information. Full Advisory: http://secunia.com/advisories/14362/ [SA14359] unace Directory Traversal and Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2005-02-23 Ulf Härnhammar has discovered some vulnerabilities in unace, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14359/ [SA14351] Biz Mail Form Open Mail Relay Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-02-22 Jason Frisvold has reported a vulnerability in Biz Mail Form, which can be exploited by malicious people to use it as an open mail relay. Full Advisory: http://secunia.com/advisories/14351/ [SA14342] IRM LDAP Login Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-02-21 Fulvio Civitareale has reported a vulnerability in IRM, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14342/ [SA14336] Batik Squiggle Browser Unspecified Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-02-22 A vulnerability has been reported in Batik, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14336/ [SA14333] PuTTY Two Integer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2005-02-21 Gaël Delalleau has reported two vulnerabilities in PuTTY, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14333/ [SA14326] vBulletin "template" PHP Code Injection Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2005-02-22 pokleyzz has reported a vulnerability in vBulletin, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14326/ [SA14319] WebCalendar "webcalendar_session" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-02-18 Michael Scovetta has reported a vulnerability in WebCalendar, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14319/ [SA14327] Arkeia Backup Client Type 77 Request Processing Buffer Overflow Critical: Moderately critical Where: From local network Impact: System access Released: 2005-02-21 John Doe has reported a vulnerability in Arkeia, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14327/ [SA14360] MediaWiki Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data Released: 2005-02-22 Some vulnerabilities have been reported in MediaWiki, which can be exploited by malicious users to delete arbitrary files, and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14360/ [SA14329] Invision Power Board SML Codes Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-02-21 Daniel A. has reported a vulnerability in Invision Power Board, which potentially can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/14329/ |
February 25th 2005 (LAW)
Linux Advisory Watch
Distribution: Debian * Debian: New emacs21 packages fix arbitrary code execution 17th, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118356 * Debian: New gftp packages fix directory traversal vulnerability 17th, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118362 * Debian: New bidwatcher packages fix format string vulnerability 18th, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118384 * Debian: New mailman packages really fix several vulnerabilities 21st, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118391 * Debian: New squid packages fix denial of service 23rd, February, 2005 Updated packages. http://www.linuxsecurity.com/content/view/118411 * Debian: New mod_python packages fix information leak 23rd, February, 2005 Updated packages. http://www.linuxsecurity.com/content/view/118416 Distribution: Fedora * Fedora Core 3 Update: kdeedu-3.3.1-2.3 17th, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118361 * Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.80 17th, February, 2005 Updated. http://www.linuxsecurity.com/content/view/118364 * Fedora Core 3 Update: policycoreutils-1.18.1-2.9 17th, February, 2005 Updated. http://www.linuxsecurity.com/content/view/118365 * Fedora Core 3 Update: gamin-0.0.24-1.FC3 18th, February, 2005 This update fixes a number of annoying bugs in gamin especially the Desktop update problem in the GNOME environment that affected a number of users. http://www.linuxsecurity.com/content/view/118386 * Fedora Core 3 Update: pcmcia-cs-3.2.7-2.2 21st, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118397 * Fedora Core 2 Update: gaim-1.1.3-1.FC2 22nd, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118404 * Fedora Core 3 Update: gaim-1.1.3-1.FC3 22nd, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118405 * Fedora Core 3 Update: openssh-3.9p1-8.0.1 22nd, February, 2005 This update changes default ssh client configuration so the trusted X11 forwarding is enabled. Untrusted X11 forwarding is not supported by X11 clients and doesn't work with Xinerama. http://www.linuxsecurity.com/content/view/118406 * Fedora Core 3 Update: postgresql-7.4.7-3.FC3.1 22nd, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118407 * Fedora Core 2 Update: postgresql-7.4.7-3.FC2.1 22nd, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118408 * Fedora Core 2 Update: squid-2.5.STABLE8-1.FC2.1 22nd, February, 2005 This update fixes CAN-2005-0446 Squid DoS from bad DNS response http://www.linuxsecurity.com/content/view/118409 * Fedora Core 3 Update: squid-2.5.STABLE8-1.FC3.1 22nd, February, 2005 This update fixes CAN-2005-0446 Squid DoS from bad DNS response http://www.linuxsecurity.com/content/view/118410 * Fedora Core 3 Update: gimp-help-2-0.1.0.7.0.fc3.1 24th, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118424 Distribution: Gentoo * Gentoo: Midnight Commander Multiple vulnerabilities 17th, February, 2005 Midnight Commander contains several format string errors, buffer overflows and one buffer underflow leading to execution of arbitrary code. http://www.linuxsecurity.com/content/view/118363 * Gentoo: Squid Denial of Service through DNS responses 18th, February, 2005 Squid contains a bug in the handling of certain DNS responses resulting in a Denial of Service. http://www.linuxsecurity.com/content/view/118382 * Gentoo: GProFTPD gprostats format string vulnerability 18th, February, 2005 gprostats, distributed with GProFTPD, is vulnerable to a format string vulnerability, potentially leading to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/118383 * Gentoo: gFTP Directory traversal vulnerability 19th, February, 2005 gFTP is vulnerable to directory traversal attacks, possibly leading to the creation or overwriting of arbitrary files. http://www.linuxsecurity.com/content/view/118388 * Gentoo: PuTTY Remote code execution 21st, February, 2005 PuTTY was found to contain vulnerabilities that can allow a malicious SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP clients. http://www.linuxsecurity.com/content/view/118395 * Gentoo: Cyrus IMAP Server Multiple overflow vulnerabilities 23rd, February, 2005 The Cyrus IMAP Server is affected by several overflow vulnerabilities which could potentially lead to the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/118417 Distribution: Mandrake * Mandrake: Updated cups packages fix 17th, February, 2005 Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CAN-2004-0888). This also affects applications like cups, that use embedded versions of xpdf. The updated packages are patched to deal with these issues. http://www.linuxsecurity.com/content/view/118367 * Mandrake: Updated gpdf packages fix 17th, February, 2005 Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CAN-2004-0888). This also affects applications like gpdf, that use embedded versions of xpdf. The updated packages are patched to deal with these issues. http://www.linuxsecurity.com/content/view/118368 * Mandrake: Updated kdelibs packages fix 17th, February, 2005 A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email. http://www.linuxsecurity.com/content/view/118369 * Mandrake: Updated KDE packages address 17th, February, 2005 Updated package. http://www.linuxsecurity.com/content/view/118370 * Mandrake: Updated xpdf packages fix 17th, February, 2005 Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CAN-2004-0888). This also affects applications that use embedded versions of xpdf. The updated packages are patched to deal with these issues. http://www.linuxsecurity.com/content/view/118371 * Mandrake: Updated PostgreSQL packages 17th, February, 2005 A number of vulnerabilities were found. http://www.linuxsecurity.com/content/view/118372 * Mandrake: Updated tetex packages fix 17th, February, 2005 Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CAN-2004-0888). This also affects applications like tetex, that use embedded versions of xpdf. The updated packages are patched to deal with these issues. http://www.linuxsecurity.com/content/view/118373 * Mandrake: Updated uim packages fix 24th, February, 2005 Takumi ASAKI discovered that uim always trusts environment variables which can allow a local attacker to obtain elevated privileges when libuim is linked against an suid/sgid application. This problem is only exploitable in 'immodule for Qt' enabled Qt applications. The updated packages are patched to fix the problem. http://www.linuxsecurity.com/content/view/118425 * Mandrake: Updated squid packages fix 24th, February, 2005 The squid developers discovered that a remote attacker could cause squid to crash via certain DNS responses. The updated packages are patched to fix the problem. http://www.linuxsecurity.com/content/view/118426 Distribution: Red Hat * RedHat: Low: cpio security update 18th, February, 2005 An updated cpio package that fixes a umask bug and supports large files (>2GB) is now available. This update has been rated as having low security impact by the Red Hat Security Response Team http://www.linuxsecurity.com/content/view/118378 * RedHat: Low: imap security update 18th, February, 2005 Updated imap packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118379 * RedHat: Low: vim security update 18th, February, 2005 Updated vim packages that fix a security vulnerability are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118380 * RedHat: Important: cups security update 18th, February, 2005 Updated cups packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118381 * RedHat: Important: kernel security update 18th, February, 2005 Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118385 * RedHat: Moderate: imap security update 23rd, February, 2005 Updated imap packages to correct a security vulnerability in CRAM-MD5 authentication are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118418 Distribution: SuSE * SuSE: squid remote denial of service 22nd, February, 2005 Squid is an Open Source web proxy. A remote attacker was potentially able to crash the Squid web proxy if the log_fqdn option was set to "on" and the DNS replies were manipulated. http://www.linuxsecurity.com/content/view/118403 * SuSE: cyrus-imapd buffer overflows 24th, February, 2005 This update fixes one-byte buffer overruns in the cyrus-imapd IMAP server package. http://www.linuxsecurity.com/content/view/118423 |
All times are GMT -5. The time now is 08:33 AM. |