Secunia Security Summary m2
Secunia Security Summary m2
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
=========
1) Word From Secunia:
Secunia has launched a new service called Secunia Virus Information.
Secunia Virus Information is based on information automatically
collected from seven different anti-virus vendors. The data will be
parsed and indexed, resulting in a chronological list, a searchable
index, and grouped profiles with information from the seven vendors.
Furthermore, when certain criteria are triggered virus alerts will be
issued. You can sign-up for the alerts here:
Sign-up for Secunia Virus Alerts:
Secunia Virus Information:
=========
2) This Week in Brief:
ADVISORIES:
Check Point has reported a vulnerability in various VPN-1 Products,
which can be exploited to compromise a vulnerable system.
Check Point has a hotfix available for this vulnerability. Please
refer to referenced Secunia Advisory.
Reference:
--
eEye Digital Security has found a vulnerability in Apple Quicktime,
which can be exploited to compromise a vulnerable user's system.
eEye Digital Security writes in their advisory: "It is difficult to
express just how textbook this vulnerability scenario really is".
Moreover stating that "exploitation of the vulnerability is
self-evident".
However, Apple claims that this vulnerability only can be exploited to
crash a vulnerable player.
Please also view the Secunia Advisory regarding the security update for
Mac OS X described below.
Reference:
--
Apple has issued a security update, which fixes several vulnerabilities
in Mac OS X.
Special note from the Secunia Advisory:
-QUOTE-
NOTE: The severity has been set to "Highly critical" because the
unspecified issues are likely to be more severe than claimed by the
vendor.
This conclusion is based on the fact that Apple merely describes
vulnerability "3" as an attempt to "improve the handling of long
passwords". However, according to @stake, the vulnerability can in fact
be exploited to compromise a vulnerable system.
-END QUOTE-
All users of the Mac OS X are advised to download the updates available
from Apple.
Reference:
VIRUS ALERTS:
During the last week, Secunia issued two MEDIUM RISK virus alerts and
one HIGH RISK virus alert for three new Sasser worms. Please refer to
the grouped virus profiles below for more information:
SASSER.C - MEDIUM RISK Virus Alert - -05-03 12:58 GMT+1
SASSER.B - HIGH RISK Virus Alert - -05-03 08:51 GMT+1
Sasser.a - MEDIUM RISK Virus Alert - -05-01 13:28 GMT+1
=========
3) This Weeks Top Ten Most Read Advisories:
1. [SA11482] Windows Explorer / Internet Explorer Long Share Name
Buffer Overflow
2. [SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
3. [SA11064] Microsoft Windows 14 Vulnerabilities
4. [SA10395] Internet Explorer URL Spoofing Vulnerability
5. [SA11071] Apple QuickTime "QuickTime.qts" Heap Overflow
Vulnerability
6. [SA11510] LHA Multiple Vulnerabilities
7. [SA11546] Check Point VPN-1 Products ISAKMP Buffer Overflow
Vulnerability
8. [SA10736] Internet Explorer File Download Extension Spoofing
9. [SA11505] libpng Potential Denial of Service Vulnerability
10. [SA11492] Siemens S55 SMS Send Prompt Bypass Weakness
=========
4) Vulnerabilities Summary Listing
Windows:
[SA11547] Titan FTP Server Aborted LIST Denial of Service
Vulnerability
[SA11542] Aweb Exposure of Sensitive Information
[SA11525] Web Wiz Forum SQL Injection and Security Bypass
UNIX/Linux:
[SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA11528] Pound "logmsg()" Format String Vulnerability
[SA11553] PHP-Nuke Multiple Vulnerabilities
[SA11548] OpenBSD update for cvs
[SA11544] Slackware update for LHA
[SA11538] Slackware update for xine-lib
[SA11527] ProFTPD CIDR Addressing ACL Security Issue
[SA11521] Red Hat update for OpenOffice
[SA11512] Red Hat update for xchat
[SA11510] LHA Multiple Vulnerabilities
[SA11500] MPlayer and xine-lib RTSP Handling Vulnerabilities
[SA11498] Debian update for eterm
[SA11552] FreeBSD update for kadmind
[SA11550] Heimdal kadmind Heap Overflow Vulnerability
[SA11545] Fedora update for mc
[SA11543] UnixWare / Open Unix update for Apache
[SA11540] Slackware update for libpng
[SA11537] Slackware update for rsync
[SA11531] SquirrelMail Folder Name Cross-Site Scripting Vulnerability
[SA11523] Debian update for rsync
[SA11520] Red Hat update for libpng
[SA11517] Debian update for libpng
[SA11515] Trustix update for rsync
[SA11514] rsync Allows Writing Files Outside the Intended Directory
[SA11509] OpenPKG update for png
[SA11507] Mandrake update for libpng
[SA11505] libpng Potential Denial of Service Vulnerability
[SA11551] FreeBSD update for heimdal
[SA11541] SuSE update for kernel
[SA11530] Debian update for flim
[SA11529] FLIM Insecure Temporary File Creation Vulnerability
[SA11526] ipmenu Insecure Temporary File Creation Vulnerability
[SA11522] Red Hat update for mc
[SA11519] Red Hat update for utempter
[SA11508] Debian update for mc
[SA11506] Mandrake update for mc
[SA11503] Gentoo update for samba
[SA11502] Midnight Commander Multiple Unspecified Vulnerabilities
[SA11501] Slackware update for kernel
[SA11518] PaX Denial of Service Vulnerability
Other:
[SA11499] Zonet ZSR1104WE Wireless Router NAT Implementation Weakness
[SA11516] Network Appliances Data ONTAP and NetCache Denial of Service
Vulnerability
[SA11504] 3Com NBX 100 Communications System Denial of Service
Cross Platform:
[SA11546] Check Point VPN-1 Products ISAKMP Buffer Overflow
Vulnerability
[SA11524] Coppermine Photo Gallery Multiple Vulnerabilities
[SA11554] PHPX Multiple Vulnerabilities
[SA11497] Sesame Unauthorised User Repository Access Vulnerability
[SA11536] HP Web Jetadmin Multiple Vulnerabilities
[SA11535] Moodle "help.php" Cross-Site Scripting Vulnerability
[SA11533] ReciPants Unspecified Input Validation Vulnerabilities
[SA11556] Verity Ultraseek Reserved DOS Device Name Path Disclosure
=========
5) Vulnerabilities Content Listing
Windows:--
[SA11547] Titan FTP Server Aborted LIST Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-05
STORM has reported a vulnerability in Titan FTP Server, which can be
exploited by malicious users to cause a DoS (Denial of Service).
--
[SA11542] Aweb Exposure of Sensitive Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: -05-05
Oliver Karow has reported some vulnerabilities in Aweb, allowing
malicious people to see sensitive information and arbitrary files.
--
[SA11525] Web Wiz Forum SQL Injection and Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: -05-03
Alexander has reported some vulnerabilities in Web Wiz Forum, allowing
malicious people to conduct SQL injection attacks and perform certain
administrative functions.
UNIX/Linux:--
[SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Hijacking, Security Bypass, Manipulation of data,
Privilege escalation, DoS, System access
Released: -05-04
Apple has issued a security update for Mac OS X, which fixes some
older, known vulnerabilities along with some new unspecified issues.
--
[SA11528] Pound "logmsg()" Format String Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-03
Akira Higuchi has discovered a vulnerability in Pound, which can be
exploited by malicious people to compromise a vulnerable system.
--
[SA11553] PHP-Nuke Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: -05-06
Janek Vind has reported some vulnerabilities in PHP-Nuke, allowing
malicious people to conduct Cross Site Scripting and SQL injection
attacks.
--
[SA11548] OpenBSD update for cvs
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: -05-05
OpenBSD has issued patches for cvs. These fix two vulnerabilities,
which can be exploited by malicious servers to compromise clients and
by malicious users to retrieve arbitrary files from a vulnerable
server.
--
[SA11544] Slackware update for LHA
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-05
Slackware has issued updates packages for LHA. These fix some
vulnerabilities, potentially allowing malicious people to compromise a
vulnerable system.
--
[SA11538] Slackware update for xine-lib
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-04
Slackware has issued updates for xine-lib. These fix a vulnerability,
which potentially can be exploited by malicious people to gain system
access.
--
[SA11527] ProFTPD CIDR Addressing ACL Security Issue
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: -05-03
Jindrich Makovicka has reported a security issue in ProFTPD,
potentially allowing malicious people to bypass ACLs.
--
[SA11521] Red Hat update for OpenOffice
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-03
Red Hat has issued updated packages for OpenOffice. These fix a
vulnerability allowing malicious people to compromise a user's system.
--
[SA11512] Red Hat update for xchat
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -04-30
Red Hat has issued updated packages for xchat. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
--
[SA11510] LHA Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -04-30
Ulf Harnhammar has reported some vulnerabilities in LHA, potentially
allowing malicious people to compromise a vulnerable system.
--
[SA11500] MPlayer and xine-lib RTSP Handling Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -04-30
Some vulnerabilities have been reported in MPlayer and xine-lib,
potentially allowing malicious people to compromise a vulnerable
system.
--
[SA11498] Debian update for eterm
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -04-29
Debian has issued updated packages for eterm. These fix a
vulnerability, which potentially can be exploited by malicious people
to manipulate actions taken by the system administrator and other users
on a system.
--
[SA11552] FreeBSD update for kadmind
Critical: Moderately critical
Where: From local network
Impact: System access, DoS
Released: -05-06
FreeBSD has addressed a vulnerability in kadmind, which potentially can
be exploited by malicious people to compromise a vulnerable system.
--
[SA11550] Heimdal kadmind Heap Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access, DoS
Released: -05-06
Evgeny Demidov has discovered a vulnerability in Heimdal, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
--
[SA11545] Fedora update for mc
Critical: Less critical
Where:
Impact:
Released: -05-05
Fedora has issued updates for mc. These fix some vulnerabilities, which
can be exploited by malicious, local users to gain escalated
privileges.
--
[SA11543] UnixWare / Open Unix update for Apache
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information, Privilege escalation
Released: -05-05
SCO has issued updated packages, which fix some older vulnerabilities
in Apache.
--
[SA11540] Slackware update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-04
Slackware has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
--
[SA11537] Slackware update for rsync
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: -05-04
Slackware has issued updated packages for rsync. These fix a
vulnerability, potentially allowing malicious people to write files
outside the intended directory.
--
[SA11531] SquirrelMail Folder Name Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -05-03
Alvin Alex has reported a vulnerability in SquirrelMail, which can be
exploited by malicious people to conduct cross-site scripting attacks.
--
[SA11523] Debian update for rsync
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: -05-03
Debian has issued updated packages for rsync. These fix a
vulnerability, potentially allowing malicious people to write files
outside the intended directory.
--
[SA11520] Red Hat update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-03
Red Hat has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
--
[SA11517] Debian update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: -04-30
Debian has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
--
[SA11515] Trustix update for rsync
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: -04-30
Trustix has issued updated packages for rsync. These fix a
vulnerability, potentially allowing malicious people to write files
outside the intended directory.
--
[SA11514] rsync Allows Writing Files Outside the Intended Directory
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: -04-30
A vulnerability has been reported in rsync, allowing malicious people
to write files outside the intended directory.
--
[SA11509] OpenPKG update for png
Critical: Less critical
Where: From remote
Impact: DoS
Released: -04-30
OpenPKG has issued updates for png (libpng). These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
--
[SA11507] Mandrake update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: -04-30
MandrakeSoft has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
--
[SA11505] libpng Potential Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: -04-30
Steve Grubb has reported a vulnerability in libpng, potentially
allowing malicious people to cause a Denial of Service against
applications and services using libpng.
--
[SA11551] FreeBSD update for heimdal
Critical: Less critical
Where: From local network
Impact: ID Spoofing
Released: -05-06
FreeBSD has addressed an older vulnerability in heimdal, which can
allow certain people to impersonate others.
--
[SA11541] SuSE update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, Privilege escalation, DoS
Released: -05-04
SuSE has issued updated packages for the kernel. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, gain knowledge of sensitive information, or
cause a DoS (Denial of Service).
--
[SA11530] Debian update for flim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-03
Debian has issued updated packages for flim. These fix a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
--
[SA11529] FLIM Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-03
Tatsuya Kinoshita has reported a vulnerability in FLIM, which can be
exploited by malicious, local users to take certain actions on a
vulnerable system with escalated privileges.
--
[SA11526] ipmenu Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-04
Akira Yoshiyama has discovered a vulnerability in ipmenu, which can be
exploited by malicious, local users to perform certain actions on a
system with escalated privileges.
--
[SA11522] Red Hat update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-03
Red Hat has issued updates for mc. These fix some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
--
[SA11519] Red Hat update for utempter
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-03
Red Hat has issued updated packages for utempter. These fix a security
issue, which potentially can be exploited by malicious, local users to
perform certain actions with higher privileges on a vulnerable system.
--
[SA11508] Debian update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -04-30
Debian has issued updates for mc. These fix some vulnerabilities, which
can be exploited by malicious, local users to gain escalated
privileges.
--
[SA11506] Mandrake update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -04-30
MandrakeSoft has issued updates for mc. These fix some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
--
[SA11503] Gentoo update for samba
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -04-30
Gentoo has issued updated packages for Samba. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
--
[SA11502] Midnight Commander Multiple Unspecified Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -04-30
Jacub Jelinek has reported some vulnerabilities in GNU Midnight
Commander, allowing malicious users to escalate their privileges.
--
[SA11501] Slackware update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation, Exposure of sensitive information,
Exposure of system information
Released: -04-30
Slackware has issued updated packages for the kernel. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, or gain knowledge of sensitive information.
--
[SA11518] PaX Denial of Service Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: -05-04
borg has discovered a vulnerability in PaX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Other:--
[SA11499] Zonet ZSR1104WE Wireless Router NAT Implementation Weakness
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: -04-29
Jason Wachtel has reported a weakness in the Zonet ZSR1104WE wireless
router, which may prevent identification of remote attackers.
--
[SA11516] Network Appliances Data ONTAP and NetCache Denial of Service
Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: -04-30
An unspecified vulnerability has been reported in Data ONTAP and
NetCache, allowing malicious people to cause a Denial of Service
against vulnerable devices.
--
[SA11504] 3Com NBX 100 Communications System Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: -04-30
Michael Scheidell has reported a vulnerability in 3Com NBX 100
Communications System, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Cross Platform:--
[SA11546] Check Point VPN-1 Products ISAKMP Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-05
A vulnerability has been discovered in various Check Point VPN-1
products, which can be exploited by malicious people to compromise a
vulnerable system.
--
[SA11524] Coppermine Photo Gallery Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
System access
Released: -05-03
Janek Vind has reported multiple vulnerabilities in Coppermine Photo
Gallery, allowing malicious people to compromise a vulnerable system or
conduct Cross Site Scripting attacks.
--
[SA11554] PHPX Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: -05-06
JeiAr has reported some vulnerabilities in PHPX, allowing malicious
people to conduct Cross Site Scripting, SQL injection and potentially
execute administrative functions.
--
[SA11497] Sesame Unauthorised User Repository Access Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information
Released: -04-29
A vulnerability has been discovered in Sesame, which can be exploited
by malicious, anonymous users to access other user's repositories.
--
[SA11536] HP Web Jetadmin Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: -05-04
FX has reported multiple vulnerabilities in HP Web Jetadmin, where the
most serious issues can be combined to compromise a vulnerable system.
--
[SA11535] Moodle "help.php" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -05-03
Bartek Nowotarski has discovered a vulnerability in Moodle, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
--
[SA11533] ReciPants Unspecified Input Validation Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: -05-04
Jon McClintock has reported some vulnerabilities in ReciPants,
potentially allowing malicious people to conduct Cross-Site Scripting
and SQL injection attacks.
--
[SA11556] Verity Ultraseek Reserved DOS Device Name Path Disclosure
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: -05-06
Martin O'Neal of Corsaire has discovered a security issue in Verity
Ultraseek, which can be exploited by malicious people to disclose path
information.
