LQ Security Report - June 12th 2005
June 9th 2005
45 issues reported (SN) [SA15637] Red Hat update for xorg-x11 [SA15629] SUSE Updates for Multiple Packages [SA15628] Conectiva update for gaim [SA15625] SGI Advanced Linux Environment Multiple Updates [SA15616] Conectiva update for ethereal [SA15610] Debian update for mailutils [SA15582] tattle "getemails()" Shell Command Injection Vulnerability [SA15579] Conectiva update for php4 [SA15617] Conectiva update for krb5 [SA15611] Gentoo update for wordpress [SA15609] Sun ONE Application Server Unspecified File Disclosure [SA15607] Gentoo update for mailutils [SA15602] Camino Frame Injection Vulnerability [SA15588] GNU Mailutils "sql_escape_string()" SQL Injection Vulnerability [SA15587] Avaya Various Products Kernel Vulnerabilities [SA15624] Avaya CMS FTP Daemon Wildcard Denial of Service [SA15620] UnixWare update for wu-ftp [SA15614] Gentoo update for dzip [SA15578] Conectiva update for gftp [SA15621] UnixWare update for mysql [SA15619] SGI IRIX rpc.mountd "read-mostly" Exports Read/Write Access [SA15640] Red Hat update for kernel [SA15638] Red Hat update for dbus [SA15622] Mandriva update for a2ps [SA15615] Backup Manager Exposure of Archive Repository [SA15613] Sun Solaris Unspecified C Library Privilege Escalation [SA15612] Mandriva update for openssl [SA15580] Red Hat update for kdbg [SA15581] Red Hat update for ImageMagick [SA15604] GIPTables Firewall Insecure Temporary File Creation [SA15603] FlatNuke Multiple Vulnerabilities [SA15600] YaPiG Multiple Vulnerabilities [SA15596] MWChat "CONFIG[MWCHAT_Libs]" File Inclusion Vulnerability [SA15584] Popper "form" File Inclusion Vulnerability [SA15626] Invision Community Blog Module Two Vulnerabilities [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability [SA15597] RakNet Empty UDP Datagram Denial of Service Vulnerability [SA15586] phpCMS "language" Local File Inclusion Vulnerability [SA15583] Exhibit Engine SQL Injection Vulnerability [SA15598] WebSphere Application Server Administrative Console Buffer Overflow [SA15599] Dzip Directory Traversal Vulnerability [SA15594] CuteNews Template Creation PHP Code Execution Vulnerability [SA15590] MediaWiki HTML Attributes Cross-Site Scripting Vulnerability [SA15589] Lpanel Multiple Vulnerabilities [SA15627] C-JDBC Exposure of Cached Results June 10th 2005 12 issues reported across 3 distros (LAW) krb4 mailutils dzip Wordpress SilverCity kdbg ImageMagick openSSH dbus rsh xorg-x11 kernel |
June 9th 2005 (SN)
Secunia
[SA15637] Red Hat update for xorg-x11 Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-09 Red Hat has issued an update for xorg-x11. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15637/ [SA15629] SUSE Updates for Multiple Packages Critical: Highly critical Where: From remote Impact: Unknown, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2005-06-08 SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, by malicious users to conduct SQL injection attacks and by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks, disclose sensitive information and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15629/ [SA15628] Conectiva update for gaim Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-06-08 Conectiva has issued an update for gaim. This fixes a vulnerability and a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. Full Advisory: http://secunia.com/advisories/15628/ [SA15625] SGI Advanced Linux Environment Multiple Updates Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Privilege escalation, DoS, System access Released: 2005-06-08 SGI has issued a patch for SGI Advanced Linux Environment. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain knowledge of certain information or gain escalated privileges, or by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), potentially overwrite arbitrary files on a user's system or compromise it. Full Advisory: http://secunia.com/advisories/15625/ [SA15616] Conectiva update for ethereal Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-06-07 Conectiva has issued an update for ethereal. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15616/ [SA15610] Debian update for mailutils Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-06-06 Debian has issued an update for mailutils. This fixes some vulnerabilities, which can be exploited to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15610/ [SA15582] tattle "getemails()" Shell Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-08 b0iler has reported a vulnerability in tattle, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15582/ [SA15579] Conectiva update for php4 Critical: Highly critical Where: From remote Impact: Unknown, DoS, System access Released: 2005-06-01 Conectiva has issued an update for php4. This fixes some vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15579/ [SA15617] Conectiva update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2005-06-07 Conectiva has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15617/ [SA15611] Gentoo update for wordpress Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information Released: 2005-06-07 Gentoo has issued an update for wordpress. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/15611/ [SA15609] Sun ONE Application Server Unspecified File Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2005-06-07 A vulnerability has been reported in Sun ONE Application Server, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/15609/ [SA15607] Gentoo update for mailutils Critical: Moderately critical Where: From remote Impact: Manipulation of data, Security Bypass Released: 2005-06-07 Gentoo has issued an update for mailutils. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15607/ [SA15602] Camino Frame Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2005-06-06 A seven year old vulnerability has been re-introduced in Camino, which can be exploited by malicious people to spoof the contents of web sites. Full Advisory: http://secunia.com/advisories/15602/ [SA15588] GNU Mailutils "sql_escape_string()" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-06-07 Primoz Bratanic has reported a vulnerability in GNU Mailutils, which potentially can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15588/ [SA15587] Avaya Various Products Kernel Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS Released: 2005-06-03 Avaya has acknowledged some vulnerabilities in various products, which can be exploited to disclose information, gain escalated privileges, or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15587/ [SA15624] Avaya CMS FTP Daemon Wildcard Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-08 Avaya has acknowledged a vulnerability in Call Management System (CMS), which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15624/ [SA15620] UnixWare update for wu-ftp Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-08 SCO has issued an update for wu-ftp. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15620/ [SA15614] Gentoo update for dzip Critical: Less critical Where: From remote Impact: System access Released: 2005-06-07 Gentoo has issued an update for dzip. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15614/ [SA15578] Conectiva update for gftp Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-06-01 Conectiva has issued an update for gftp. This fixes a vulnerability, which can be exploited by malicious people to conduct directory traversal attacks. Full Advisory: http://secunia.com/advisories/15578/ [SA15621] UnixWare update for mysql Critical: Less critical Where: From local network Impact: Security Bypass Released: 2005-06-08 SCO has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/15621/ [SA15619] SGI IRIX rpc.mountd "read-mostly" Exports Read/Write Access Critical: Less critical Where: From local network Impact: Manipulation of data, Exposure of sensitive information Released: 2005-06-08 A security issue has been reported in SGI IRIX, which potentially can be exploited by malicious users to disclose and modify sensitive information. Full Advisory: http://secunia.com/advisories/15619/ [SA15640] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2005-06-09 Red Hat has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/15640/ [SA15638] Red Hat update for dbus Critical: Less critical Where: Local system Impact: Hijacking Released: 2005-06-09 Red Hat has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to hijack a session bus. Full Advisory: http://secunia.com/advisories/15638/ [SA15622] Mandriva update for a2ps Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-06-08 Mandriva has issued an update for a2ps. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/15622/ [SA15615] Backup Manager Exposure of Archive Repository Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2005-06-08 A security issue has been reported in Backup Manager, which can be exploited by malicious, local users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/15615/ [SA15613] Sun Solaris Unspecified C Library Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-06-06 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15613/ [SA15612] Mandriva update for openssl Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2005-06-07 Mandriva has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/15612/ [SA15580] Red Hat update for kdbg Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-06-03 Red Hat has issued an update for kdbg. This fixes an old vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15580/ [SA15581] Red Hat update for ImageMagick Critical: Not critical Where: From remote Impact: DoS Released: 2005-06-02 Red Hat has issued an update for imagemagick. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15581/ [SA15604] GIPTables Firewall Insecure Temporary File Creation Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-06-06 Eric Romang has reported a vulnerability in GIPTables Firewall, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/15604/ [SA15603] FlatNuke Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2005-06-07 Some vulnerabilities have been reported in FlatNuke, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15603/ [SA15600] YaPiG Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, System access Released: 2005-06-06 Some vulnerabilities have been reported in YaPiG, which can be exploited to remove or create arbitrary directories, conduct cross-site scripting attacks, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15600/ [SA15596] MWChat "CONFIG[MWCHAT_Libs]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System accessReleased: 2005-06-03 Status-x has reported a vulnerability in MWChat, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15596/ [SA15584] Popper "form" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-03 Leon Juranic has reported a vulnerability in Popper, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15584/ [SA15626] Invision Community Blog Module Two Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-06-09 James Bercegay has reported two vulnerabilities in the Invision Community Blog module for Invision Power Board, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/15626/ [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2005-06-06 A seven year old vulnerability has been re-introduced in Mozilla and Firefox, which can be exploited by malicious people to spoof the contents of web sites. Full Advisory: http://secunia.com/advisories/15601/ [SA15597] RakNet Empty UDP Datagram Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-06-06 Luigi Auriemma has reported a vulnerability in RakNet, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15597/ [SA15586] phpCMS "language" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2005-06-03 Bernhard Müller has reported a vulnerability in phpCMS, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/15586/ [SA15583] Exhibit Engine SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-06-03 sk0L has reported a vulnerability in Exhibit Engine, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15583/ [SA15598] WebSphere Application Server Administrative Console Buffer Overflow Critical: Moderately critical Where: From local network Impact: System access Released: 2005-06-03 Esteban Martínez Fayó has reported a vulnerability in IBM WebSphere Application Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15598/ [SA15599] Dzip Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2005-06-07 Stefan Cornelius has discovered a vulnerability in Dzip, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15599/ [SA15594] CuteNews Template Creation PHP Code Execution Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2005-06-03 John Cantu has reported a vulnerability in CuteNews, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15594/ [SA15590] MediaWiki HTML Attributes Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-06 A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15590/ [SA15589] Lpanel Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2005-06-06 Zackarin Smitz has reported some vulnerabilities in Lpanel, which can be exploited by malicious users to disclose and manipulate sensitive information, and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15589/ [SA15627] C-JDBC Exposure of Cached Results Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2005-06-08 A security issue has been reported in C-JDBC, which can be exploited by malicious users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/15627/ |
June 10th 2005 (LAW)
Linux Advisory Watch
Distribution: Debian * Debian: New krb4 packages fix arbitrary code execution 2nd, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119241 * Debian: New mailutils packages fix several vulnerabilities 3rd, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119249 Distribution: Gentoo * Gentoo: Mailutils SQL Injection 6th, June, 2005 GNU Mailutils is vulnerable to SQL command injection attacks. http://www.linuxsecurity.com/content/view/119254 * Gentoo: Dzip Directory traversal vulnerability 6th, June, 2005 Dzip is vulnerable to a directory traversal attack. http://www.linuxsecurity.com/content/view/119255 * Gentoo: Wordpress Multiple vulnerabilities 6th, June, 2005 Wordpress contains SQL injection and XSS vulnerabilities. http://www.linuxsecurity.com/content/view/119257 * Gentoo: SilverCity Insecure file permissions 8th, June, 2005 Executable files with insecure permissions can be modified causing an unsuspecting user to run arbitrary code. http://www.linuxsecurity.com/content/view/119267 Distribution: Red Hat * RedHat: Low: kdbg security update 2nd, June, 2005 An updated kdbg package that fixes a minor security issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119242 * RedHat: Moderate: ImageMagick security update 2nd, June, 2005 Updated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119243 * RedHat: Low: openssh security update 2nd, June, 2005 Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119244 * RedHat: Low: dbus security update. 8th, June, 2005 Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119269 * RedHat: Low: rsh security update 8th, June, 2005 Updated rsh packages that fix various bugs and a theoretical security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team http://www.linuxsecurity.com/content/view/119270 * RedHat: Moderate: xorg-x11 security update 8th, June, 2005 Updated xorg-x11 packages that fix a security issue as well as various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119271 * RedHat: Updated kernel packages available for Red Hat 8th, June, 2005 Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the first regular update. http://www.linuxsecurity.com/content/view/119272 |
All times are GMT -5. The time now is 07:23 PM. |