LQ Security Report - September 25th 2005
September 20th 2005
11 issues reported (SF) 1. KAudioCreator CDDB Arbitrary File Overwrite Vulnerability 2. XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability 3. Snort PrintTcpOptions Remote Denial Of Service Vulnerability 4. Mark D. Roth PAM_Per_User Authentication Bypass Vulnerability 5. Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability 6. Common-Lisp-Controller Cache Arbitrary Code Injection Vulnerability 7. SimpleCDR-X Insecure Temporary File Creation Vulnerability 8. GNOME Workstation Command Center Gwcc_out.TXT Insecure Temporary File Creation Vulnerability 9. PHP Session Handling Local Session Hijacking Vulnerability 10. SuSE YaST Local Buffer Overflow Vulnerability 11. Arc Insecure Temporary File Creation Vulnerability September 22nd 2005 48 issues reported (SN) [SA16869] Firefox Command Line URL Shell Command Injection [SA16846] Mozilla Command Line URL Shell Command Injection [SA16895] Alkalay contribute "template" Shell Command Injection Vulnerability [SA16894] HP OpenVMS Secure Web Browser Multiple Vulnerabilities [SA16887] Alkalay man-cgi "topic" Shell Command Injection Vulnerability [SA16886] Alkalay notify "from" Shell Command Injection Vulnerability [SA16884] Mandriva update for clamav [SA16880] Alkalay nslookup Shell Command Injection Vulnerabilities [SA16879] HP Tru64 UNIX libXpm Multiple Vulnerabilities [SA16862] Gentoo update for clamav [SA16848] ClamAV UPX and FSG Handling Vulnerabilities [SA16844] Gentoo update for mozilla/mozilla-firefox [SA16834] SUSE update for evolution [SA16892] Gentoo update for zebedee [SA16872] Unixware update for Libtiff [SA16864] Gentoo update for apache/mod_ssl [SA16858] Webmin / Usermin PAM Authentication Bypass Vulnerability [SA16856] Gentoo update for mailutils [SA16849] SUSE update for squid [SA16876] Tofu Game Engine Arbitrary Python Code Execution Vulnerability [SA16863] Gentoo workaround for py2play [SA16855] Py2Play Game Engine Arbitrary Python Code Execution Vulnerability [SA16888] PerlDiver "module" Cross-Site Scripting Vulnerability [SA16893] HP Tru64 UNIX FTP Daemon Denial of Service Vulnerability [SA16885] Mandriva update for cups [SA16883] MasqMail Two Privilege Escalation Vulnerabilities [SA16874] Sun Solaris "tl" Driver Denial of Service Vulnerability [SA16866] Bacula Multiple Insecure Temporary File Creation Vulnerability [SA16861] Trustix update for multiple packages [SA16860] Fedora update for xorg-x11 [SA16850] Debian update for kdebase [SA16845] Sun Solaris X11 Pixmap Creation Integer Overflow Vulnerability [SA16842] Debian update for lm-sensors [SA16835] SimpleCDR-X Insecure Temporary Image File Creation [SA16875] Safari "data:" URI Handler Denial of Service Weakness [SA16891] Gentoo update for util-linux [SA16882] Mandriva update for util-linux [SA16857] Ubuntu update for util-linux [SA16841] Digital Scribe "username" SQL Injection [SA16896] Zengaia Unspecified SQL Injection Vulnerability [SA16881] Simplog SQL Injection Vulnerabilities [SA16878] Land Down Under "Referer" SQL Injection Vulnerability [SA16867] PHP Advanced Transfer Manager Multiple Vulnerabilities [SA16859] Helpdesk software Hesk Authentication Bypass Vulnerability [SA16853] NooToplist "o" SQL Injection Vulnerability [SA16843] PHP-Nuke Unspecified wysiwyg Editor Vulnerabilities [SA16873] vBulletin Multiple Vulnerabilities [SA16868] phpBB Remote Avatar Information Disclosure Weakness September 23rd 2005 17 issues reported in 4 distros (LAW) turqstat centericq lm-sensors kdebase python2.2 XFree86 dia qt Py2Play Mailutils Shorewall Mozilla Apache mod_ssl ClamAV Zebedee util-linux squid |
September 20th 2005 (SF)
Security Focus
1. KAudioCreator CDDB Arbitrary File Overwrite Vulnerability BugTraq ID: 14805 Remote: Yes Date Published: 2005-09-12 Relevant URL: http://www.securityfocus.com/bid/14805 Summary: KAudioCreator is prone to an arbitrary file overwrite vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to overwrite arbitrary files in the security context of the user running the vulnerable application. 2. XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability BugTraq ID: 14807 Remote: No Date Published: 2005-09-12 Relevant URL: http://www.securityfocus.com/bid/14807 Summary: XFree86 is prone to a buffer overrun in its pixmap processing code. This issue can potentially result in arbitrary code execution and facilitate privileges escalation. It is possible that an attacker may gain superuser privileges by exploiting this issue. 3. Snort PrintTcpOptions Remote Denial Of Service Vulnerability BugTraq ID: 14811 Remote: Yes Date Published: 2005-09-12 Relevant URL: http://www.securityfocus.com/bid/14811 Summary: Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the 'PrintTcpOptions()' function of 'log.c', and is a result of a failure to sufficiently handle malicious TCP packets. A remote attacker may trigger this vulnerability to crash a remote Snort server and in doing so may prevent subsequent malicious attacks from being detected. It should be noted that the vulnerable code path is only executed when Snort is run with the '-v' (verbose) flag. Due to the performance penalty of running the Snort application in verbose mode, it is likely that most production installations of the application are not vulnerable to this issue. Update: Further messages have stated that other paths to the vulnerable code may be possible. Using the 'frag3' preprocessor, ASCII mode logging, the '-A fast' command-line option, and possibly other options may expose Snort to this vulnerability. Please see the referenced messages for further information. 4. Mark D. Roth PAM_Per_User Authentication Bypass Vulnerability BugTraq ID: 14813 Remote: Yes Date Published: 2005-09-12 Relevant URL: http://www.securityfocus.com/bid/14813 Summary: Pam_per_user is prone to an authentication bypass vulnerability. This issue is due to a design error in the module. Successful exploitation could allow an unauthorized user to bypass authentication, allowing them to gain administrative access to affected computers. It should be noted that only certain executables that utilize PAM are vulnerable to this issue, due to the method of calling it. The 'login' program is identified as one program that may be exploited, but other programs may also be exploitable in conjunction with this module. This vulnerability affects pam_per_user versions prior to 0.4. 5. Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability BugTraq ID: 14816 Remote: No Date Published: 2005-09-12 Relevant URL: http://www.securityfocus.com/bid/14816 Summary: Util-linux is susceptible to a filesystem option clearing vulnerability. This issue is due to a design flaw that improperly clears mounted-filesystem options in certain circumstances. This vulnerability allows attackers to clear mounted-filesystem options, allowing them to execute setuid applications to gain elevated privileges. Other attacks are also possible. 6. Common-Lisp-Controller Cache Arbitrary Code Injection Vulnerability BugTraq ID: 14829 Remote: No Date Published: 2005-09-14 Relevant URL: http://www.securityfocus.com/bid/14829 Summary: common-lisp-controller is prone to an arbitrary code injection vulnerability. Successful exploitation may facilitate privilege escalation; other attacks are also possible. 7. SimpleCDR-X Insecure Temporary File Creation Vulnerability BugTraq ID: 14855 Remote: No Date Published: 2005-09-15 Relevant URL: http://www.securityfocus.com/bid/14855 Summary: SimpleCDR-X creates temporary files in an insecure manner. A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created. Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may also be possible. SimpleCDR-X 1.3.3 is reported to be vulnerable. Other versions may also be affected. 8. GNOME Workstation Command Center Gwcc_out.TXT Insecure Temporary File Creation Vulnerability BugTraq ID: 14857 Remote: No Date Published: 2005-09-16 Relevant URL: http://www.securityfocus.com/bid/14857 Summary: GNOME Workstation Command Center creates temporary files in an insecure manner. A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created. Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may also be possible. GNOME Workstation Command Center version 0.98 is reported to be vulnerable. Other earlier versions may also be affected. 9. PHP Session Handling Local Session Hijacking Vulnerability BugTraq ID: 14858 Remote: No Date Published: 2005-09-16 Relevant URL: http://www.securityfocus.com/bid/14858 Summary: PHP is prone to a vulnerability that permits local hijacking of session variables. The problem presents itself in the way PHP stores session variables. This issue can be exploited to hijack the session variables of victim users of other PHP applications running on a system utilizing a vulnerable version of PHP. This issue is reported to effect the 3.x and 4.x versions of PHP; other versions may also be affected. 10. SuSE YaST Local Buffer Overflow Vulnerability BugTraq ID: 14861 Remote: No Date Published: 2005-09-16 Relevant URL: http://www.securityfocus.com/bid/14861 Summary: SuSE YaST is affected by a local buffer overflow vulnerability. A local attacker may exploit this issue to execute arbitrary code with superuser privileges. SuSE Linux 9.3 is reported to be vulnerable. Other versions may be affected as well. 11. Arc Insecure Temporary File Creation Vulnerability BugTraq ID: 14863 Remote: No Date Published: 2005-09-16 Relevant URL: http://www.securityfocus.com/bid/14863 Summary: ARC creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application. Exploitation would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may result in sensitive configuration files being overwritten. This may result in a denial of service; other attacks may also be possible. ARC 5.21j and earlier versions are reported to be vulnerable. |
September 22nd 2005 (SN)
Secunia
[SA16869] Firefox Command Line URL Shell Command Injection Critical: Extremely critical Where: From remote Impact: System access Released: 2005-09-20 Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/16869/ [SA16846] Mozilla Command Line URL Shell Command Injection Critical: Extremely critical Where: From remote Impact: System access Released: 2005-09-21 A vulnerability has been discovered in Mozilla Suite, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/16846/ [SA16895] Alkalay contribute "template" Shell Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-09-21 sullo has discovered a vulnerability in Alkalay contribute, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16895/ [SA16894] HP OpenVMS Secure Web Browser Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, System access Released: 2005-09-21 HP has acknowledged some vulnerabilities in OpenVMS running Secure Web Browser, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, spoof the contents of web sites, spoof dialog boxes, or compromise a user's system. Full Advisory: http://secunia.com/advisories/16894/ [SA16887] Alkalay man-cgi "topic" Shell Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-09-21 sullo has discovered a vulnerability in Alkalay man-cgi, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16887/ [SA16886] Alkalay notify "from" Shell Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-09-21 sullo has discovered a vulnerability in Alkalay notify, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16886/ [SA16884] Mandriva update for clamav Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-09-21 Mandriva has issued an update for clamav. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16884/ [SA16880] Alkalay nslookup Shell Command Injection Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2005-09-21 sullo has discovered some vulnerabilities in Alkalay nslookup, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16880/ [SA16879] HP Tru64 UNIX libXpm Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-09-21 HP has acknowledged some vulnerabilities in HP Tru64 UNIX, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16879/ [SA16862] Gentoo update for clamav Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-09-19 Gentoo has issued an update for clamav. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16862/ [SA16848] ClamAV UPX and FSG Handling Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-09-19 Two vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service), or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16848/ [SA16844] Gentoo update for mozilla/mozilla-firefox Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-09-19 Gentoo has issued an update for mozilla/mozilla-firefox. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a user's system. Full Advisory: http://secunia.com/advisories/16844/ [SA16834] SUSE update for evolution Critical: Highly critical Where: From remote Impact: System access Released: 2005-09-16 SUSE has issued an update for evolution. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16834/ [SA16892] Gentoo update for zebedee Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-09-21 Gentoo has issued an update for zebedee. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16892/ [SA16872] Unixware update for Libtiff Critical: Moderately critical Where: From remote Impact: System access Released: 2005-09-20 SCO has issued an update for Libtiff. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16872/ [SA16864] Gentoo update for apache/mod_ssl Critical: Moderately critical Where: From remote Impact: Security Bypass, Privilege escalation Released: 2005-09-19 Gentoo has issued an update for apache/mod_ssl. This fixes a security issue and a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions, or by malicious, local users to gain escalated privileges via a specially crafted ".htaccess" file. Full Advisory: http://secunia.com/advisories/16864/ [SA16858] Webmin / Usermin PAM Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-09-20 Keigo Yamazaki has reported a vulnerability in Webmin and Usermin, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16858/ [SA16856] Gentoo update for mailutils Critical: Moderately critical Where: From remote Impact: System access Released: 2005-09-19 Gentoo has issued an update for mailutils. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16856/ [SA16849] SUSE update for squid Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-09-16 SUSE has issued an update for squid. This fixes two vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16849/ [SA16876] Tofu Game Engine Arbitrary Python Code Execution Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2005-09-20 Arc Riley has reported a vulnerability in Tofu, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/16876/ [SA16863] Gentoo workaround for py2play Critical: Moderately critical Where: From local network Impact: System access Released: 2005-09-19 Gentoo has published a workaround for py2play. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/16863/ [SA16855] Py2Play Game Engine Arbitrary Python Code Execution Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2005-09-19 Arc Riley has reported a vulnerability in Py2Play, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/16855/ [SA16888] PerlDiver "module" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-09-21 Donnie Werner has reported a vulnerability in PerlDiver, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/16888/ [SA16893] HP Tru64 UNIX FTP Daemon Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2005-09-21 A vulnerability has been reported in HP Tru64 UNIX, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16893/ [SA16885] Mandriva update for cups Critical: Less critical Where: From local network Impact: Security Bypass Released: 2005-09-21 Mandriva has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16885/ [SA16883] MasqMail Two Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-09-21 Jens Steube has reported two vulnerabilities in MasqMail, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/16883/ [SA16874] Sun Solaris "tl" Driver Denial of Service Vulnerability Critical: Less critical Where: Local system Impact: DoS Released: 2005-09-20 A vulnerability has been reported in Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16874/ [SA16866] Bacula Multiple Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2005-09-20 Eric Romang has reported some vulnerabilities in bacula, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, or to disclose certain sensitive information. Full Advisory: http://secunia.com/advisories/16866/ [SA16861] Trustix update for multiple packages Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2005-09-19 Trustix has issued updates for multiple packages. These fix some vulnerabilities, which potentially can be exploited by malicious, local users to disclose certain sensitive information, cause a DoS (Denial of Service), and gain escalated privileges. Full Advisory: http://secunia.com/advisories/16861/ [SA16860] Fedora update for xorg-x11 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-09-19 Fedora has issued an update for xorg-x11. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/16860/ [SA16850] Debian update for kdebase Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-09-19 Debian has issued an update for kdebase. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/16850/ [SA16845] Sun Solaris X11 Pixmap Creation Integer Overflow Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-09-16 Sun Microsystems has acknowledged a vulnerability in Solaris, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/16845/ [SA16842] Debian update for lm-sensors Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-09-16 Debian has issued an update for lm-sensors. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/16842/ [SA16835] SimpleCDR-X Insecure Temporary Image File Creation Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2005-09-16 Jonas Thambert has reported a security issue in SimpleCDR-X, which can be exploited by malicious, local users to gain access to sensitive information. Full Advisory: http://secunia.com/advisories/16835/ [SA16875] Safari "data:" URI Handler Denial of Service Weakness Critical: Not critical Where: From remote Impact: DoS Released: 2005-09-20 Jonathan Rockway has discovered a weakness in Safari, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16875/ [SA16891] Gentoo update for util-linux Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-09-21 Gentoo has issued an update for util-linux. This fixes a security issue, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/16891/ [SA16882] Mandriva update for util-linux Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-09-21 Mandriva has issued an update for util-linux. This fixes a security issue, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/16882/ [SA16857] Ubuntu update for util-linux Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-09-19 Ubuntu has issued an update for util-linux. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/16857/ [SA16841] Digital Scribe "username" SQL Injection Critical: Highly critical Where: From remote Impact: Security Bypass, Manipulation of data, System access Released: 2005-09-16 rgod has discovered a vulnerability in Digital Scribe, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16841/ [SA16896] Zengaia Unspecified SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-09-21 A vulnerability has been reported in Zengaia, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/16896/ [SA16881] Simplog SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-09-21 r0ut3r has discovered some vulnerabilities in Simplog, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/16881/ [SA16878] Land Down Under "Referer" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-09-21 A vulnerability has been discovered in Land Down Under, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/16878/ [SA16867] PHP Advanced Transfer Manager Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2005-09-20 rgod has discovered some vulnerabilities and a security issue in PHP Advanced Transfer Manager, which can be exploited by malicious people to disclose system and sensitive information, and to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/16867/ [SA16859] Helpdesk software Hesk Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of system information Released: 2005-09-20 OS2A has reported a vulnerability in Helpdesk software Hesk, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16859/ [SA16853] NooToplist "o" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-09-19 David Sopas Ferreira has reported a vulnerability in NooToplist, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/16853/ [SA16843] PHP-Nuke Unspecified wysiwyg Editor Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2005-09-16 Some potential vulnerabilities have been reported in PHP-Nuke with unknown impacts . Full Advisory: http://secunia.com/advisories/16843/ [SA16873] vBulletin Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, System access Released: 2005-09-20 Thomas Waldegger has reported some vulnerabilities in vBulletin, which can be exploited by malicious users to conduct SQL injection attacks and potentially compromise a vulnerable system, and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/16873/ [SA16868] phpBB Remote Avatar Information Disclosure Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-09-21 A weakness has been discovered in phpBB, which can be exploited by malicious people to disclose certain system information. Full Advisory: http://secunia.com/advisories/16868/ |
September 23rd 2005 (LAW)
Linux Advisory Watch
Distribution: Debian * Debian: New turqstat packages fix buffer overflow 15th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120389 * Debian: New centericq packages fix several vulnerabilities 15th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120392 * Debian: New lm-sensors packages fix insecure temporary file 15th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120395 * Debian: New kdebase packages fix local root vulnerability 16th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120399 * Debian: New python2.2 packages fix arbitrary code execution 22nd, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120425 * Debian: New XFree86 packages fix arbitrary code execution 22nd, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120426 Distribution: Fedora * Fedora Core 4 Update: dia-0.94-12.fc4 16th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120400 * Fedora Core 4 Update: qt-3.3.4-15.4 16th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120401 Distribution: Gentoo * Gentoo: Py2Play Remote execution of arbitrary Python 17th, September, 2005 A design error in Py2Play allows attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/120402 * Gentoo: Mailutils Format string vulnerability in imap4d 17th, September, 2005 The imap4d server contains a vulnerability allowing an authenticated user to execute arbitrary code with the privileges of the imap4d process. http://www.linuxsecurity.com/content/view/120403 * Gentoo: Shorewall Security policy bypass 17th, September, 2005 A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules. http://www.linuxsecurity.com/content/view/120404 * Gentoo: Mozilla Suite, Mozilla Firefox Buffer overflow 18th, September, 2005 Mozilla Suite and Firefox are vulnerable to a buffer overflow that might be exploited to execute arbitrary code. http://www.linuxsecurity.com/content/view/120405 * Gentoo: Apache, mod_ssl Multiple vulnerabilities 19th, September, 2005 mod_ssl and Apache are vulnerable to a restriction bypass and a potential local privilege escalation. http://www.linuxsecurity.com/content/view/120408 * Gentoo: Clam AntiVirus Multiple vulnerabilities 19th, September, 2005 Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service to execution of arbitrary code when handling compressed executables. http://www.linuxsecurity.com/content/view/120409 * Gentoo: Apache, mod_ssl Multiple vulnerabilities 19th, September, 2005 mod_ssl and Apache are vulnerable to a restriction bypass and a potential local privilege escalation. http://www.linuxsecurity.com/content/view/120411 * Gentoo: Shorewall Security policy bypass 19th, September, 2005 A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules. http://www.linuxsecurity.com/content/view/120412 * Gentoo: Zebedee Denial of Service vulnerability 20th, September, 2005 A bug in Zebedee allows a remote attacker to perform a Denial of Service attack. http://www.linuxsecurity.com/content/view/120417 * Gentoo: util-linux umount command validation error 20th, September, 2005 A command validation error in umount can lead to an escalation of privileges. http://www.linuxsecurity.com/content/view/120418 Distribution: Red Hat * RedHat: Important: XFree86 security update 15th, September, 2005 This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120390 * RedHat: Important: squid security update 15th, September, 2005 An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120391 * RedHat: Important: mod_ssl security update 15th, September, 2005 An updated mod_ssl package for Apache that corrects a security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120396 |
All times are GMT -5. The time now is 02:48 AM. |