Secunia Security Summary 2224159
Secunia Security Summary 2224159
Security ADVISORIES:
Apple issued updates for the Mac OS X on Friday (21-05-) to fix
the HELP URI handler vulnerability. However, the update from Apple did
not correct the "disk" vulnerability. This unfortunately leaves users
of the Mac OS X just as vulnerable to attacks as before the update was
issued.
Secunia has described the vulnerability in detail along with mitigating
steps. See referenced Secunia Advisory below.
Reference:
--
Yuu Arai has discovered a vulnerability in Symantec Norton AntiVirus
ActiveX Control, which can be exploited by malicious websites to
execute code that already resides on the affected user's system or
cause the application to stop responding.
Symantec has issued an updated version, which is available via the
LiveUpdate feature.
Reference:
--
F-Secure has reported a buffer overflow vulnerability in many of
their products, which reportedly can be exploited to perform a Denial
of Service attack.
The buffer overflow will occur when processing specially crafted LHA
archives.
Reference:
VIRUS ALERTS:
During the last week, Secunia issued one MEDIUM RISK virus alert.
Please refer to the grouped virus profile below for more information:
Bobax.C - MEDIUM RISK Virus Alert - -05-18 23:37 GMT+1
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA11622] Mac OS X URI Handler Arbitrary Code Execution
2. [SA11689] Mac OS X Volume URI Handler Registration Code Execution
Vulnerability
3. [SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
4. [SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability
5. [SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
6. [SA11066] Symantec Client Firewall Products Multiple
Vulnerabilities
7. [SA10395] Internet Explorer URL Spoofing Vulnerability
8. [SA11633] Microsoft Windows "desktop.ini" Arbitrary File Execution
Vulnerability
9. [SA11674] Gentoo update for CVS
10. [SA11677] OpenBSD update for cvs
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA11706] Orenosv HTTP/FTP Server GET Request Buffer Overflow
Vulnerability
[SA11715] MiniShare HTTP Request Denial of Service Vulnerability
[SA11684] BNBT Authorization Header Denial of Service Vulnerability
[SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability
[SA11699] F-Secure Anti-Virus Archived Virus Detection Bypass
Vulnerability
[SA11678] Exceed Xconfig Setting Editing Restriction Bypass
UNIX/Linux:
[SA11689] Mac OS X Volume URI Handler Registration Code Execution
Vulnerability
[SA11687] Gentoo update for metamail
[SA11677] OpenBSD update for cvs
[SA11675] Gentoo update for subversion
[SA11674] Gentoo update for CVS
[SA11719] Gentoo update for apache
[SA11718] Mandrake update for mailman
[SA11717] HP-UX update for Java
[SA11709] Red Hat update for LHA
[SA11707] Conectiva update for mailman
[SA11702] Conectiva update for libneon
[SA11701] Mailman Unspecified Password Retrieval Vulnerability
[SA11693] e107 Site Statistics Script Insertion Vulnerability
[SA11692] Liferay Enterprise Portal Multiple Script Insertion
Vulnerabilities
[SA11686] Gentoo update for squirrelmail
[SA11685] Squirrelmail Unspecified Cross-Site Scripting and SQL
Injection Vulnerabilities
[SA11681] Mandrake update for apache-mod_perl
[SA11680] vsftpd Connection Handling Denial of Service Vulnerability
[SA11673] Gentoo update for neon
[SA11672] Gentoo update for cadaver
[SA11725] Conectiva update for kde
[SA11713] SuSE update for kdelibs
[SA11710] Red Hat update for tcpdump
[SA11705] Fedora update for httpd
[SA11703] Gentoo update for opera
[SA11688] OpenPKG update for rsync
[SA11720] Gentoo update for mc
[SA11714] FreeBSD "msync()" MS_INVALIDATE Implementation Security
Issue
[SA11708] Red Hat update for utempter
[SA11704] Gentoo update for mysql
[SA11700] cPanel mod_php suexec Privilege Escalation Vulnerability
[SA11695] Debian update for xpcd
[SA11691] Gentoo update for firebird
[SA11690] libpcd PhotoCD Image Error Handling Buffer Overflow
Vulnerabilities
[SA11683] Mandrake update for kernel
Other:
[SA11694] VocalTec Telephony Gateways H.323 Denial of Service
Vulnerability
[SA11682] HP ProCurve Routing Switch TCP Connection Reset Denial of
Service
[SA11679] Novell NetWare TCP Connection Reset Denial of Service
[SA11716] 3Com OfficeConnect 812 ADSL Router Telnet Protocol Denial of
Service
[SA11698] Netgear RP114 URL Filtering Bypass Vulnerability
Cross Platform:
[SA11712] F-Secure Anti-Virus Products LHA Archive Processing Buffer
Overflow
[SA11696] e107 "user.php" Cross Site Scripting Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA11706] Orenosv HTTP/FTP Server GET Request Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-26
badpack3t has discovered a vulnerability in Orenosv HTTP/FTP Server,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
--
[SA11715] MiniShare HTTP Request Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-27
Donato Ferrante has discovered a vulnerability in MiniShare, which can
be exploited by malicious people to cause a DoS (Denial of Service).
--
[SA11684] BNBT Authorization Header Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-24
badpack3t has reported a vulnerability in BNBT, which can be exploited
by malicious people to cause a DoS (Denial of Service).
--
[SA11676] Symantec Norton AntiVirus ActiveX Control Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: -05-21
Yuu Arai has discovered a vulnerability in Norton AntiVirus , which
can be exploited by malicious people to perform various actions on a
user's system.
--
[SA11699] F-Secure Anti-Virus Archived Virus Detection Bypass
Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: -05-25
A vulnerability has been discovered in F-Secure Anti-Virus, which may
prevent certain malware in archives from being detected.
--
[SA11678] Exceed Xconfig Setting Editing Restriction Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: -05-21
A vulnerability has been discovered in Exceed, which can be exploited
by malicious, local users to bypass certain restrictions.
UNIX/Linux:--
[SA11689] Mac OS X Volume URI Handler Registration Code Execution
Vulnerability
Critical: Extremely critical
Where: From remote
Impact: System access
Released: -05-22
A vulnerability has been reported in Mac OS X, allowing malicious web
sites to compromise a vulnerable system.
--
[SA11687] Gentoo update for metamail
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-22
Gentoo has issued an update for metamail. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
--
[SA11677] OpenBSD update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-21
OpenBSD has issued patches for cvs. These fix a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
--
[SA11675] Gentoo update for subversion
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-21
Gentoo has issued an update for subversion. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
--
[SA11674] Gentoo update for CVS
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-21
Gentoo has issued an update for CVS. This fixes a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
--
[SA11719] Gentoo update for apache
Critical: Moderately critical
Where: From remote
Impact: DoS, Manipulation of data, Spoofing, Security Bypass
Released: -05-27
Gentoo has issued an update for apache. This fixes various
vulnerabilities, which can be exploited to inject potentially malicious
characters into error logfiles, bypass certain restrictions, gain
unauthorised access, or cause a DoS (Denial of Service).
--
[SA11718] Mandrake update for mailman
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: -05-27
MandrakeSoft has issued an update for mailman. This fixes a
vulnerability, which can be exploited by malicious people to retrieve
members' passwords.
--
[SA11717] HP-UX update for Java
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-26
HP has acknowledged a vulnerability in Java for HP-UX, which can be
exploited by malicious people to cause a DoS (Denial of Service).
--
[SA11709] Red Hat update for LHA
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-26
Red Hat has issued an update for LHA. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11707] Conectiva update for mailman
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
DoS
Released: -05-26
Conectiva has issued an update for mailman. This fixes multiple
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, cause a DoS (Denial of Service), or
retrieve users' passwords.
--
[SA11702] Conectiva update for libneon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-26
Conectiva has issued an update for libneon. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
--
[SA11701] Mailman Unspecified Password Retrieval Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: -05-26
A vulnerability has been discovered in mailman, which can be exploited
by malicious people to retrieve members' passwords.
--
[SA11693] e107 Site Statistics Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: -05-24
Chinchilla has reported a vulnerability in e107, which can be exploited
by malicious people to conduct script insertion attacks.
--
[SA11692] Liferay Enterprise Portal Multiple Script Insertion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: -05-24
Sandeep Giri has reported multiple vulnerabilities in Liferay
Enterprise Portal, which can be exploited by malicious users to conduct
script insertion attacks.
--
[SA11686] Gentoo update for squirrelmail
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: -05-24
Gentoo has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.
--
[SA11685] Squirrelmail Unspecified Cross-Site Scripting and SQL
Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: -05-24
Various vulnerabilities have been discovered in SquirrelMail, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
--
[SA11681] Mandrake update for apache-mod_perl
Critical: Moderately critical
Where: From remote
Impact: DoS, Manipulation of data, Spoofing, Security Bypass
Released: -05-21
MandrakeSoft has issued updated packages for apache-mod_perl. These fix
various vulnerabilities, which can be exploited to inject potentially
malicious characters into error logfiles, bypass certain restrictions,
gain unauthorised access, or cause a DoS (Denial of Service).
--
[SA11680] vsftpd Connection Handling Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-21
Olivier Baudron has discovered a vulnerability in vsftpd, which can be
exploited by malicious people to cause a DoS (Denial of Service).
--
[SA11673] Gentoo update for neon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-21
Gentoo has issued an update for neon. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
--
[SA11672] Gentoo update for cadaver
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-21
Gentoo has issued an update for cadaver. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
--
[SA11725] Conectiva update for kde
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-27
Conectiva has issued an update for kde. This fixes a vulnerability,
which can be exploited by malicious people to create or truncate files
on a user's system.
--
[SA11713] SuSE update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-26
SuSE has issued an update for kdelibs. This fixes a vulnerability,
which can be exploited by malicious people to create or truncate files
on a user's system.
--
[SA11710] Red Hat update for tcpdump
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-26
Red Hat has issued an update for tcpdump. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
--
[SA11705] Fedora update for httpd
Critical: Less critical
Where: From remote
Impact: Manipulation of data, DoS
Released: -05-26
Fedora has issued an update for httpd. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or inject certain potentially malicious characters in error
log files.
--
[SA11703] Gentoo update for opera
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-26
Gentoo has issued an update for opera. This fixes a vulnerability,
which can be exploited by malicious people to create or truncate files
on a user's system.
--
[SA11688] OpenPKG update for rsync
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: -05-22
OpenPKG has issued an update for rsync. This fixes a vulnerability,
potentially allowing malicious people to write files outside the
intended directory.
--
[SA11720] Gentoo update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-27
Gentoo has issued an update for mc. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
--
[SA11714] FreeBSD "msync()" MS_INVALIDATE Implementation Security
Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-26
Stephan Uphoff and Matt Dillon has discovered a security issue in
FreeBSD. This can be exploited by malicious, local users to prevent
changes to certain files, which they have read access to, from being
committed to disk.
--
[SA11708] Red Hat update for utempter
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-26
Red Hat has issued an update for utempter. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with higher privileges on a vulnerable system.
--
[SA11704] Gentoo update for mysql
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-26
Gentoo has issued an update for mysql. This fixes two vulnerabilities,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
--
[SA11700] cPanel mod_php suexec Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-26
Rob Brown has reported an security issue in cPanel, potentially
allowing malicious users to escalate their privileges.
--
[SA11695] Debian update for xpcd
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-25
Debian has issued an update for xpcd. This fixes three vulnerabilities,
which potentially can be exploited by malicious people to execute
arbitrary code on a user's system.
--
[SA11691] Gentoo update for firebird
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-24
Gentoo has issued an update for firebird. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges on a vulnerable system.
--
[SA11690] libpcd PhotoCD Image Error Handling Buffer Overflow
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-25
Jaguar has reported some vulnerabilities in libpcd, which potentially
can be exploited by malicious people to execute arbitrary code on a
user's system.
--
[SA11683] Mandrake update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information
Released: -05-22
MandrakeSoft has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
knowledge of sensitive information.
Other:--
[SA11694] VocalTec Telephony Gateways H.323 Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-25
Tagoff Eugene has reported a vulnerability in certain VocalTec
Telephony Gateways, which can be exploited by malicious people to cause
a DoS (Denial of Service).
--
[SA11682] HP ProCurve Routing Switch TCP Connection Reset Denial of
Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-21
HP has acknowledged a vulnerability in various products, which can be
exploited by malicious people to reset established TCP connections on a
vulnerable device.
--
[SA11679] Novell NetWare TCP Connection Reset Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-21
Novell has partly acknowledged a vulnerability in NetWare, which can be
exploited by malicious people to reset established TCP connections on a
vulnerable system.
--
[SA11716] 3Com OfficeConnect 812 ADSL Router Telnet Protocol Denial of
Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: -05-26
iDEFENSE has reported a vulnerability in 3Com OfficeConnect Remote 812
ADSL Router, which can be exploited by malicious people to cause a DoS
(Denial of Service).
--
[SA11698] Netgear RP114 URL Filtering Bypass Vulnerability
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: -05-25
Marc Ruef has reported a vulnerability in NetGear RP114, which can be
exploited by malicious people to bypass the URL filtering
functionality.
Cross Platform:--
[SA11712] F-Secure Anti-Virus Products LHA Archive Processing Buffer
Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-26
A vulnerability has been discovered in various F-Secure Anti-Virus
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
--
[SA11696] e107 "user.php" Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -05-25
Chris Norton has reported a vulnerability in e107, allowing malicious
users to conduct Cross Site Scripting attacks.
