May 4th 2005
26 issues handled (SF)
1. PHPBB Profile.PHP Cross-Site Scripting Vulnerability
2. PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
3. Affix Bluetooth Protocol Stack Signed Buffer Index Vulnerabi...
4. SNMPPD SNMP Proxy Daemon Remote Format String Vulnerability
5. Horde Vacation Remote Cross-Site Scripting Vulnerability
6. Horde MNemo Remote Cross-Site Scripting Vulnerability
7. Horde Nag Remote Cross-Site Scripting Vulnerability
8. Horde Chora Remote Cross-Site Scripting Vulnerability
9. Horde Accounts Module Remote Cross-Site Scripting Vulnerabil...
10. Horde Forward Module Remote Cross-Site Scripting Vulnerabili...
11. Invision Power Board QPid Parameter SQL Injection Vulnerabil...
12. TCPDump BGP Decoding Routines Denial Of Service Vulnerabilit...
13. TCPDump LDP Decoding Routines Denial Of Service Vulnerabilit...
14. TCPDump RSVP Decoding Routines Denial Of Service Vulnerabili...
15. TCPDump ISIS Decoding Routines Denial Of Service Vulnerabili...
16. Rootkit Hunter Local Insecure Temporary File Creation Vulner...
17. Debian CVS-Repouid Remote Authentication Bypass Vulnerabilit...
18. Debian CVS-Repouid Denial Of Service Vulnerability
19. BakBone NetVault NVStatsMngr.EXE Local Privilege Escalation ...
20. HP OpenView Radia Management Portal Remote Command Execution...
21. Notes Module for PHPBB SQL Injection Vulnerability
22. LAM/MPI Runtime For Mandrake Linux Insecure Account Creation...
23. Squid Proxy Synchronization Remote Cache Poisoning Vulnerabi...
24. Squid Proxy HTTP Response Splitting Remote Cache Poisoning V...
25. Linux Kernel Itanium System Call Local Denial Of Service Vul...
26. RedHat Enterprise Linux Native POSIX Threading Library Local...

May 5th 2005
53 issues handled (SN)
[SA15236] Fedora update for kdelibs
[SA15227] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA15210] Slackware update for xine-lib
[SA15203] SUSE Updates for Multiple Packages
[SA15202] Gentoo update for pound
[SA15199] Ubuntu update for kdelibs
[SA15189] Mandriva update for xpm
[SA15182] Red Hat update for php
[SA15180] Red Hat update for mozilla
[SA15243] Ubuntu update for cvs
[SA15238] Ubuntu update for kommander
[SA15225] Open WebMail Shell Command Injection Vulnerability
[SA15211] Avaya Kerberos Telnet Client vulnerabilities
[SA15193] GnuTLS Record Packet Parsing Denial of Service Vulnerability
[SA15188] Red Hat update for kernel
[SA15187] Red Hat update for kernel
[SA15183] Fedora update for kdewebdev
[SA15177] OpenBSD update for cvs
[SA15172] Debian update for ethereal
[SA15170] Debian update for prozilla
[SA15217] PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities
[SA15240] MaraDNS Unspecified Random Number Generator Vulnerability
[SA15237] Fedora update for tcpdump
[SA15229] Debian update for smartlist
[SA15221] SmartList confirm Add-On Arbitrary Addresses Subscribe
[SA15194] Gentoo update for horde
[SA15228] Ubuntu update for libnet-ssleay-perl
[SA15224] Mac OS X pty Permission Security Issue
[SA15207] Perl Net::SSLeay Module Entropy Source Manipulation
[SA15201] Cocktail Exposure of Administrator Password
[SA15198] Gentoo phpmyadmin Installation Script Insecure Permissions
[SA15197] Ce/Ceterm Privilege Escalation Vulnerabilities
[SA15196] ArcInfo Workstation Format String and Buffer Overflow Vulnerabilities
[SA15191] Fedora update for Perl
[SA15186] Red Hat update for glibc
[SA15185] Mandriva update for perl
[SA15252] leafnode Two Denial of Service Issues
[SA15204] Linux Kernel Local Denial of Service Vulnerabilities
[SA15216] osTicket Multiple Vulnerabilities
[SA15213] SitePanel Multiple Vulnerabilities
[SA15195] Mtp Target Format String and Denial of Service Vulnerabilities
[SA15233] LibTomCrypt Unspecified ECC Signature Scheme Vulnerability
[SA15232] FishCart Cross-Site Scripting and SQL Injection Vulnerabilities
[SA15220] PRADO Unspecified ViewState Data Vulnerability
[SA15219] Woltlab Burning Board JGS-Portal "id" SQL Injection
[SA15208] eSKUeL "ConfLangCookie" and "lang_config" Local File Inclusion
[SA15206] BirdBlog BB Code Script Insertion Vulnerability
[SA15181] ViArt Shop Enterprise Cross-Site Scripting and Script Insertion
[SA15226] OpenView Event Correlation Services Unspecified Vulnerabilities
[SA15223] OpenView Network Node Manager Unspecified Vulnerabilities
[SA15218] Web Crossing "webx" Cross-Site Scripting Vulnerability
[SA15215] Symantec Products ICMP Handling Denial of Service
[SA15235] GraphicsMagick PNM Image Decoding Buffer Overflow Vulnerability

May 6th 2005
32 issues handled across 5 distros (LAW)
kernel
ethereal
prozilla
smartlist
kdewebdev
wireless-tools
spamassassin
gimp
bootparamd
tcpdump
kdelibs
vte
perl
php
policycoreutils
words
util-linux
dhcp
system-config-bind
lapack
system-config-bind
gnutls
Heimdal
pound
eGroupWare
phpMyAdmin
horde
Oops!
glibc
Mozilla
nasm
evolution

Security Focus

1. PHPBB Profile.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13344
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13344
Summary:
phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

2. PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13345
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13345
Summary:
phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

3. Affix Bluetooth Protocol Stack Signed Buffer Index Vulnerabi...
BugTraq ID: 13347
Remote: No
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13347
Summary:
A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may be leveraged by a local attacker to gain escalated privileges on an affected computer.

4. SNMPPD SNMP Proxy Daemon Remote Format String Vulnerability
BugTraq ID: 13348
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13348
Summary:
A remote format string vulnerability affects the SNMPPD SNMP Proxy Daemon. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function. A remote attacker may leverage this issue to execute arbitrary code within the context of the affected application; this may facilitate unauthorized access and privilege escalation.

5. Horde Vacation Remote Cross-Site Scripting Vulnerability
BugTraq ID: 13360
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13360
Summary:
A remote cross-site scripting vulnerability affects Horde Vacation. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

6. Horde MNemo Remote Cross-Site Scripting Vulnerability
BugTraq ID: 13362
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13362
Summary:
A remote cross-site scripting vulnerability affects Horde Mnemo. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

7. Horde Nag Remote Cross-Site Scripting Vulnerability
BugTraq ID: 13363
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13363
Summary:
A remote cross-site scripting vulnerability affects Horde Nag. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

8. Horde Chora Remote Cross-Site Scripting Vulnerability
BugTraq ID: 13364
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13364
Summary:
A remote cross-site scripting vulnerability affects Horde Chora. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

9. Horde Accounts Module Remote Cross-Site Scripting Vulnerabil...
BugTraq ID: 13365
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13365
Summary:
A remote cross-site scripting vulnerability affects Horde Accounts Module. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

10. Horde Forward Module Remote Cross-Site Scripting Vulnerabili...
BugTraq ID: 13366
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13366
Summary:
A remote cross-site scripting vulnerability affects Horde Forward Module. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

11. Invision Power Board QPid Parameter SQL Injection Vulnerabil...
BugTraq ID: 13375
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13375
Summary:
Invision Power Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. This issue reportedly affects Invision Power Board version 2.0.1; other versions may also be vulnerable.

12. TCPDump BGP Decoding Routines Denial Of Service Vulnerabilit...
BugTraq ID: 13380
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13380
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Border Gateway Protocol (BGP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed BGP packets resulting in the software hanging. tcpdump versions up to and including 3.8.3 are reported prone to this issue.

13. TCPDump LDP Decoding Routines Denial Of Service Vulnerabilit...
BugTraq ID: 13389
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13389
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Label Distribution Protocol (LDP) datagrams. A remote attacker may cause the software to enter an infinite loop by sending malformed LDP datagrams resulting in the software hanging. tcpdump versions up to and including 3.8.3 are reported prone to this issue.

14. TCPDump RSVP Decoding Routines Denial Of Service Vulnerabili...
BugTraq ID: 13390
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13390
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed RSVP packets resulting in the software hanging. tcpdump versions up to and including 3.9.x/CVS are reported prone to this issue.

15. TCPDump ISIS Decoding Routines Denial Of Service Vulnerabili...
BugTraq ID: 13392
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13392
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Intermediate System to Intermediate System (ISIS) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed ISIS packets resulting in the software hanging. tcpdump versions up to and including 3.9.x/CVS are reported prone to this issue.

16. Rootkit Hunter Local Insecure Temporary File Creation Vulner...
BugTraq ID: 13399
Remote: No
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13399
Summary:
A local insecure file creation vulnerability affects Rootkit Hunter. This issue is due to a design error that causes a file to be insecurely opened or created and subsequently written to. An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the affected application.

17. Debian CVS-Repouid Remote Authentication Bypass Vulnerabilit...
BugTraq ID: 13402
Remote: Yes
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13402
Summary:
A remote authentication bypass vulnerability affects Debian CVS. This issue is due to an error with Debian's CVS cvs-repouid patch. A remote attacker may leverage this issue to bypass CVS authentication requirements and gain unauthorized access to a vulnerable repository.

18. Debian CVS-Repouid Denial Of Service Vulnerability
BugTraq ID: 13403
Remote: Yes
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13403
Summary:
A denial of service vulnerability affects Debian CVS. This issue is due to an error with Debian's CVS cvs-repouid patch.A remote attacker may leverage this issue to cause the CVS process to crash, effectively denying service to legitimate users.

19. BakBone NetVault NVStatsMngr.EXE Local Privilege Escalation ...
BugTraq ID: 13408
Remote: No
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13408
Summary:
BakBone NetVault is affected by a local privilege escalation vulnerability. A local user can manipulate 'nvstatsmngr.exe' to escalate privileges to that of the LocalSystem account. An attacker can exploit this vulnerability to gain SYSTEM level privileges on an affected computer.

20. HP OpenView Radia Management Portal Remote Command Execution...
BugTraq ID: 13414
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13414
Summary:
A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with SYSTEM privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms.

21. Notes Module for PHPBB SQL Injection Vulnerability
BugTraq ID: 13417
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13417
Summary:
The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

22. LAM/MPI Runtime For Mandrake Linux Insecure Account Creation...
BugTraq ID: 13431
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13431
Summary:
The LAM/MPI Runtime environment for Mandrake Linux is prone to an insecure account creation vulnerability. The package creates an account 'mpi' without a corresponding password during installation.

23. Squid Proxy Synchronization Remote Cache Poisoning Vulnerabi...
BugTraq ID: 13434
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13434
Summary:
A remote cache poisoning vulnerability affects Squid Proxy. This issue is due to a failure of the affected proxy to consistently interpret malformed request boundaries. An attacker may leverage this issue to poison the cache of an affected Squid Proxy. This may facilitate man-in-the-middle attacks as well as others.

24. Squid Proxy HTTP Response Splitting Remote Cache Poisoning V...
BugTraq ID: 13435
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13435
Summary:
A remote cache poisoning vulnerability affects Squid Proxy. This issue is due to a failure of the affected proxy to handle CR/LF characters in HTTP requests. An attacker may leverage this issue to poison the cache of an affected Squid Proxy. This may facilitate man-in-the-middle attacks as well as others.

25. Linux Kernel Itanium System Call Local Denial Of Service Vul...
BugTraq ID: 13438
Remote: No
Date Published: Apr 29 2005
Relevant URL: http://www.securityfocus.com/bid/13438
Summary:
A local denial of service vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to handle system calls with missing arguments. An attacker can leverage this issue to cause the affected kernel to crash, denying service to legitimate users.

26. RedHat Enterprise Linux Native POSIX Threading Library Local...
BugTraq ID: 13444
Remote: No
Date Published: Apr 29 2005
Relevant URL: http://www.securityfocus.com/bid/13444
Summary:
A local information disclosure and denial of service vulnerability affects RedHat Enterprise Linux. This issue is due to a design error caused by a flawed back port of the Native POSIX Threading Library (NPTL). An attacker may leverage this issue to gain read and write access to other users' terminal TTY sessions as well as crash the affected computer. This issue may facilitate disclosure of information, command execution with escalated privileges, and denial of service attacks.

Secunia

[SA15236] Fedora update for kdelibs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-03
Fedora has issued an update for kdelibs. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15236/

[SA15227] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive
information, Privilege escalation, System access
Released: 2005-05-04
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/15227/

[SA15210] Slackware update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-03
Slackware has issued an update for xine-lib. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15210/

[SA15203] SUSE Updates for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-05-02
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15203/

[SA15202] Gentoo update for pound
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2005-05-02
Gentoo has issued an update for pound. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15202/

[SA15199] Ubuntu update for kdelibs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-03
Ubuntu has issued an update for kdelibs. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15199/

[SA15189] Mandriva update for xpm
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-02
Mandriva has issued an update for xpm. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15189/

[SA15182] Red Hat update for php
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2005-04-29
Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to access files
outside the "open_basedir" root and by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15182/

[SA15180] Red Hat update for mozilla
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Spoofing, Manipulation of data,
Exposure of system information, Exposure of sensitive information,
Privilege escalation, System access, Security Bypass
Released: 2005-04-29
Red Hat has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information and perform certain actions on
a vulnerable system with escalated privileges and by malicious people
to conduct spoofing and cross-site scripting attacks, disclose
sensitive and system information, bypass certain security restrictions,
trick users into downloading malicious files and compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15180/

[SA15243] Ubuntu update for cvs
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-04
Ubuntu has issued an update for cvs. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15243/

[SA15238] Ubuntu update for kommander
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-04
Ubuntu has issued an update for kommander. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15238/

[SA15225] Open WebMail Shell Command Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-03
A vulnerability has been reported in Open WebMail, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15225/

[SA15211] Avaya Kerberos Telnet Client vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-02
Avaya has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15211/

[SA15193] GnuTLS Record Packet Parsing Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-05-02
A vulnerability has been reported in GnuTLS, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15193/

[SA15188] Red Hat update for kernel
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2005-04-29
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited to gain escalated privileges or
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15188/

[SA15187] Red Hat update for kernel
Critical: Moderately critical
Where: From remote
Impact: DoS, Privilege escalation
Released: 2005-04-29
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited to gain escalated privileges or
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15187/

[SA15183] Fedora update for kdewebdev
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-04-29
Fedora has issued an update for kdewebdev. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15183/

[SA15177] OpenBSD update for cvs
Critical: Moderately critical
Where: From remote
Impact: Unknown, DoS, System access
Released: 2005-04-29
OpenBSD has issued an update for cvs. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15177/

[SA15172] Debian update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-04-29
Debian has issued an update for ethereal. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15172/

[SA15170] Debian update for prozilla
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-04-29
Debian has issued an update for prozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15170/

[SA15217] PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Unknown, Privilege escalation, DoS
Released: 2005-05-04
Two vulnerabilities have been reported in PostgreSQL, which can be
exploited by malicious users to cause a DoS (Denial of Service) or
potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15217/

[SA15240] MaraDNS Unspecified Random Number Generator Vulnerability
Critical: Less critical
Where: From remote
Impact: Unknown
Released: 2005-05-04
A vulnerability with an unknown impact has been reported in MaraDNS.
Full Advisory:
http://secunia.com/advisories/15240/

[SA15237] Fedora update for tcpdump
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-05-03
Fedora has issued an update for tcpdump. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15237/

[SA15229] Debian update for smartlist
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-05-04
Debian has issued an update for smartlist. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/15229/

[SA15221] SmartList confirm Add-On Arbitrary Addresses Subscribe
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-05-04
Jeroen van Wolffelaar has reported a vulnerability in the confirm
add-on for SmartList, which can be exploited by malicious people to
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/15221/

[SA15194] Gentoo update for horde
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-02
Gentoo has issued updates for horde, horde-vacation, horde-turba,
horde-passwd, horde-nag, horde-mnemo, horde-kronolith, horde-imp,
horde-accounts, horde-forwards and horde-chora. These fix a
vulnerability, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/15194/

[SA15228] Ubuntu update for libnet-ssleay-perl
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-05-04
Ubuntu has issued an update for libnet-ssleay-perl. This fixes a
vulnerability, which can be exploited by malicious, local users to
weaken certain cryptographic operations.
Full Advisory:
http://secunia.com/advisories/15228/

[SA15224] Mac OS X pty Permission Security Issue
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-05-04
Matt Johnston has discovered a security issue in Mac OS X, which can be
exploited by malicious, local users to gain knowledge of potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/15224/

[SA15207] Perl Net::SSLeay Module Entropy Source Manipulation
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-05-04
Javier Fernandez-Sanguino Pena has reported a vulnerability in the
Net::SSLeay module for Perl, which can be exploited by malicious, local
users to weaken certain cryptographic operations.
Full Advisory:
http://secunia.com/advisories/15207/

[SA15201] Cocktail Exposure of Administrator Password
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-05-02
sonderling has reported a security issue in Cocktail, which can be
exploited by malicious, local users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/15201/

[SA15198] Gentoo phpmyadmin Installation Script Insecure Permissions
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-05-02
A security issue has been reported in phpmyadmin, which can be
exploited by malicious, local users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/15198/

[SA15197] Ce/Ceterm Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-02
Kevin Finisterre has reported some vulnerabilities in Ce/Ceterm, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/15197/

[SA15196] ArcInfo Workstation Format String and Buffer Overflow Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-02
Kevin Finisterre has reported some vulnerabilities in ArcInfo
Workstation, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/15196/

[SA15191] Fedora update for Perl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-03
Fedora has issued an update for perl. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/15191/

[SA15186] Red Hat update for glibc
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Privilege escalation
Released: 2005-04-29
Red Hat has issued an update for glibc. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of some system information or perform certain actions on
a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15186/

[SA15185] Mandriva update for perl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-02
Mandriva has issued an update for perl. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/15185/

[SA15252] leafnode Two Denial of Service Issues
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-05-05
Two issues have been reported in leafnode, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15252/

[SA15204] Linux Kernel Local Denial of Service Vulnerabilities
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2005-05-02
Two vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15204/

[SA15216] osTicket Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-05-03
James Bercegay has reported some vulnerabilities in osTicket, which can
be exploited by malicious users to conduct SQL injection attacks, and by
malicious people to conduct cross-site scripting and script insertion
attacks, disclose sensitive information and compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/15216/

[SA15213] SitePanel Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-05-03
James Bercegay has reported some vulnerabilities in SitePanel, which
can be exploited by malicious people to conduct cross-site scripting
attacks, disclose sensitive information and compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/15213/

[SA15195] Mtp Target Format String and Denial of Service Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-05-02
Luigi Auriemma has reported two vulnerabilities in Mtp Target, which
can be exploited to malicious people to cause a DoS (Denial of Service)
or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15195/

[SA15233] LibTomCrypt Unspecified ECC Signature Scheme Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-05-04
A vulnerability with an unknown impact has been reported in LibTomCrypt.
Full Advisory:
http://secunia.com/advisories/15233/

[SA15232] FishCart Cross-Site Scripting and SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-05-04
Diabolic Crab has reported some vulnerabilities in FishCart, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15232/

[SA15220] PRADO Unspecified ViewState Data Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-05-04
A vulnerability with an unknown impact has been reported in PRADO.
Full Advisory:
http://secunia.com/advisories/15220/

[SA15219] Woltlab Burning Board JGS-Portal "id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-05-03
[R] has reported a vulnerability in the JGS-Portal module for Woltlab
Burning Board, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15219/

[SA15208] eSKUeL "ConfLangCookie" and "lang_config" Local File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-05-04
Gerardo Di Giacomo has reported two vulnerabilities in eSKUeL, which
can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/15208/

[SA15206] BirdBlog BB Code Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-03
A vulnerability has been reported in BirdBlog, which potentially can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/15206/

[SA15181] ViArt Shop Enterprise Cross-Site Scripting and Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-02
Lostmon has reported some vulnerabilities in ViArt Shop Enterprise,
which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.
Full Advisory:
http://secunia.com/advisories/15181/

[SA15226] OpenView Event Correlation Services Unspecified Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2005-05-03
Some vulnerabilities have been reported in OpenView Event Correlation
Services, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15226/

[SA15223] OpenView Network Node Manager Unspecified Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2005-05-03
Some vulnerabilities have been reported in HP OpenView Network Node
Manager (OV NNM), which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15223/

[SA15218] Web Crossing "webx" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-03
Dr_insane has reported a vulnerability in Web Crossing, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/15218/

[SA15215] Symantec Products ICMP Handling Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-05-03
Symantec has acknowledged some security issues in various products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15215/

[SA15235] GraphicsMagick PNM Image Decoding Buffer Overflow Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-05-03
A vulnerability has been reported in GraphicsMagick, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15235/

Linux Advisory Watch

Distribution: Conectiva

* Conectiva: kernel Kernel update
2nd, May, 2005
The Linux kernel is responsible for handling the basic functions of
the GNU/Linux operating system.
http://www.linuxsecurity.com/content/view/119036


Distribution: Debian

* Debian: New ethereal packages fix buffer overflow
28th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119006

* Debian: New prozilla packages fix arbitrary code execution
28th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119007

* Debian: New ethereal packages fix buffer overflow
28th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119009

* Debian: New smartlist packages fix unauthorised un/subscription
3rd, May, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119045


Distribution: Fedora

* Fedora Core 3 Update: kdewebdev-3.3.1-2.1
28th, April, 2005
Updated package
http://www.linuxsecurity.com/content/view/119013

* Fedora Core 3 Update: wireless-tools-27-2.2.0.fc3
28th, April, 2005
Fix iwlist command for devices that need more time to scan
all their channels (ie Atheros 5212abg cards)
http://www.linuxsecurity.com/content/view/119016

* Fedora Core 3 Update: spamassassin-3.0.3-3.fc3
29th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119020

* Fedora Core 3 Update: gimp-2.2.6-0.fc3.2
30th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119025

* Fedora Core 3 Update: bootparamd-0.17-19.FC3
2nd, May, 2005
Updated package
http://www.linuxsecurity.com/content/view/119032

* Fedora Core 3 Update: tcpdump-3.8.2-8.FC3
2nd, May, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119033

* Fedora Core 3 Update: kdelibs-3.3.1-2.12.FC3
2nd, May, 2005
A buffer overflow was found in the kimgio library for KDE 3.3.1. An
attacker could create a carefully crafted PCX image in such a way
that it would cause kimgio to execute arbitrary code when processing
the image.
http://www.linuxsecurity.com/content/view/119034

* Fedora Core 3 Update: vte-0.11.13-1.fc3
2nd, May, 2005
A whole bunch of upstream fixes for speed, rendering glitches
and memory use reduction.
http://www.linuxsecurity.com/content/view/119037

* Fedora Core 3 Update: perl-5.8.5-12.FC3
2nd, May, 2005
Security and packaging fixes.
http://www.linuxsecurity.com/content/view/119038

* Fedora Core 3 Update: php-4.3.11-2.5
3rd, May, 2005
This update fixes a compatibility issue between the PHP "snmp"
extension (in the php-snmp package) and the recent upgrade of
the net-snmp library=20 to version 5.2.1
http://www.linuxsecurity.com/content/view/119044

* Fedora Core 3 Update: policycoreutils-1.18.1-2.12
3rd, May, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119046

* Fedora Core 3 Update: words-3.0-2.3
4th, May, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119052

* Fedora Core 3 Update: util-linux-2.12a-24.1
4th, May, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119053

* Fedora Core 3 Update: system-config-bind-4.0.0-11
4th, May, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119054

* Fedora Core 3 Update: dhcp-3.0.1-42_FC3
4th, May, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119055

* Fedora Core 3 Update: lapack-3.0-26.fc3
5th, May, 2005
This update fixes problems in some lapack libraries (problems with
compiler optimalization). This version contains all patches present
in fc4 lapack version.
http://www.linuxsecurity.com/content/view/119060

* Fedora Core 3 Update: system-config-bind-4.0.0-12
5th, May, 2005
Updated package.
http://www.linuxsecurity.com/content/view/119061

* Fedora Core 3 Update: gnutls-1.0.20-3.1.1
5th, May, 2005
New gnutls version fixes CAN-2005-1431 problem (possible DOS attack)
http://www.linuxsecurity.com/content/view/119062


Distribution: Gentoo

* Gentoo: Heimdal Buffer overflow vulnerabilities
28th, April, 2005
Buffer overflow vulnerabilities have been found in the telnet client
in Heimdal which could lead to execution of arbitrary code.
http://www.linuxsecurity.com/content/view/119008

* Gentoo: Pound Buffer overflow vulnerability
30th, April, 2005
Pound is vulnerable to a buffer overflow that could lead to the
remote
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/119022

* Gentoo: eGroupWare XSS and SQL injection vulnerabilities
30th, April, 2005
eGroupWare is affected by several SQL injection and cross-site
scripting (XSS) vulnerabilities.
http://www.linuxsecurity.com/content/view/119023

* Gentoo: phpMyAdmin Insecure SQL script installation
30th, April, 2005
phpMyAdmin leaves the SQL install script with insecure permissions,
potentially leading to a database compromise.
http://www.linuxsecurity.com/content/view/119024

* Gentoo: Horde Framework Multiple XSS vulnerabilities
1st, May, 2005
Various modules of the Horde Framework are vulnerable to multiple
cross-site scripting (XSS) vulnerabilities.
http://www.linuxsecurity.com/content/view/119026

* Gentoo: Oops! Remote code execution
5th, May, 2005
The Oops! proxy server contains a remotely exploitable format string
vulnerability, which could potentially lead to the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/119063


Distribution: Red Hat

* RedHat: Low: glibc security update
28th, April, 2005
Updated glibc packages that address several bugs are now available.
This update has been rated as having low security impact by the Red Hat
http://www.linuxsecurity.com/content/view/119010

* RedHat: Important: kernel security update
28th, April, 2005
Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 2.1. This is the
seventh regular update. This security advisory has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119011

* RedHat: Important: kernel security update
28th, April, 2005
Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 2.1 for 64-bit
architectures. This is the seventh regular update.
This security advisory has been rated as having important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119012

* RedHat: Important: Mozilla security update
28th, April, 2005
Updated Mozilla packages that fix various security bugs are now
available. This update has been rated as having Important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119014

* RedHat: Moderate: PHP security update
28th, April, 2005
Updated PHP packages that fix various security issues are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119015

* RedHat: Low: nasm security update
4th, May, 2005
An updated nasm package that fixes multiple security issues is now
available. This update has been rated as having low security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119049

* RedHat: Moderate: evolution security update
4th, May, 2005
Updated evolution packages that fix various security issues are now
available. This update has been rated as having moderate security
impact by theRed Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119050

* RedHat: Moderate: PHP security update
4th, May, 2005
Updated PHP packages that fix various security issues are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119051