Internet Security Summary 0643
Internet Security Summary 0643
This Week a vulnerability has been reported in Adobe Reader and Adobe Acrobat,which potentially can be exploited by malicious people to compromise a
user's system.
Adobe has released updated versions, which corrects this vulnerability.
Apple has issued a Internet Security update for Mac OS X, which fixes more than
40 vulnerabilities.
VIRUS ALERTS:
2 MEDIUM RISK virus alerts.
RBOT.CBQ - MEDIUM RISK Virus Alert - 2005-08-17 02:34 GMT+1
IRCBot.es - MEDIUM RISK Virus Alert - 2005-08-17 01:52 GMT+1
3) This Weeks Top Ten Most Read Advisories:
1. [SA16466] Adobe Acrobat / Reader Plug-in Buffer Overflow
Vulnerability
2. [SA16373] Internet Explorer Three Vulnerabilities
3. [SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
4. [SA16449] Mac OS X Internet Security update Fixes Multiple Vulnerabilities
5. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
6. [SA16403] VERITAS Backup Exec / NetBackup Arbitrary File Download
Vulnerability
7. [SA16386] WordPress "cache_lastpostdate" PHP Code Insertion
8. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
9. [SA16406] Linux Kernel XDR Encode/Decode Buffer Overflow
Vulnerability
10. [SA16418] SUSE update for mozilla / MozillaFirefox
4) Vulnerabilities Summary Listing
Windows:
[SA16444] JaguarEditControl ActiveX Control Buffer Overflow
Vulnerability
[SA16408] MindAlign Multiple Unspecified Vulnerabilities
[SA16403] VERITAS Backup Exec / NetBackup Arbitrary File Download
Vulnerability
[SA16393] Novell eDirectory iMonitor Buffer Overflow Vulnerability
[SA16430] Hummingbird FTP User Password Encryption Weakness
[SA16410] ePolicy Orchestrator / ProtectionPilot Insecure Directory
Permissions
[SA16396] Linksys WLAN Monitor Privilege Escalation Vulnerability
[SA16422] Bloodshed Dev-Pascal NULL Character File Display Weakness
[SA16420] Dev-PHP NULL Character File Display Weakness
[SA16398] PHP Designer 2005 NULL Character File Display Weakness
UNIX/Linux:
[SA16460] Nucleus CMS XML-RPC Nested XML Tags PHP Code Execution
[SA16458] Debian update for clamav
[SA16455] Fedora update for evolution
[SA16449] Mac OS X Internet Security update Fixes Multiple Vulnerabilities
[SA16442] Mandriva update for gaim
[SA16439] Gentoo update for awstats
[SA16437] SGI Advanced Linux Environment Multiple Updates
[SA16436] Gentoo update for gaim
[SA16434] ezUpload "path" Arbitrary File Inclusion Vulnerability
[SA16433] Discuz! Multiple File Extensions Script Upload Vulnerability
[SA16423] Ubuntu update for gaim
[SA16418] SUSE update for mozilla / MozillaFirefox
[SA16413] Debian amd64 Update for Multiple Packages
[SA16412] Ubuntu update for awstats
[SA16399] Red Hat update for ethereal
[SA16397] Ubuntu update for evolution
[SA16394] GNOME Evolution Multiple Format String Vulnerabilities
[SA16473] Debian update for mozilla
[SA16453] BlueZ Arbitrary Command Execution Vulnerability
[SA16448] Mandriva update for proftpd
[SA16447] Kismet Multiple Vulnerabilities
[SA16446] Debian update for mozilla-firefox
[SA16443] PHPTB "mid" Parameter SQL Injection Vulnerability
[SA16421] Debian update for fetchmail
[SA16419] Fedora update for vim
[SA16395] Mandriva update for netpbm
[SA16470] Sun StorEdge Enterprise Backup Vulnerabilities
[SA16426] SGI ProPack arrayd Authentication Spoofing Vulnerability
[SA16406] Linux Kernel XDR Encode/Decode Buffer Overflow Vulnerability
[SA16452] Fedora update for xpdf
[SA16450] SUSE update for apache / apache2
[SA16440] Gentoo update for xpdf/kpdf/gpdf
[SA16417] Mandriva update for cups
[SA16415] Mandriva update for xpdf
[SA16404] Red Hat update for gpdf
[SA16401] HP Tru64 UNIX IPsec Tunnel ESP Mode Encrypted Data
Disclosure
[SA16400] GNOME gpdf Temporary File Writing Denial of Service
[SA16456] HP Ignite-UX TFTP Service Two Vulnerabilities
[SA16416] Mandriva update for ucd-snmp
[SA16411] Sun Solaris Multiple MySQL Vulnerabilities
[SA16451] Fedora update for kdeedu
[SA16428] KDE langen2kvtml Insecure Temporary File Creation
[SA16425] Kaspersky Anti-Virus Insecure Log Directory Security Issue
Other:
[SA16467] Xerox Document Centre MicroServer Web Server Vulnerabilities
[SA16457] Linksys WRT54GS Wireless Encryption Security Bypass
[SA16402] HP ProLiant DL585 Server Unspecified Access Vulnerability
[SA16445] BONA ADSL-FR4II Multiple Vulnerabilities
[SA16438] Grandstream BudgeTone Denial of Service Vulnerability
[SA16409] Wyse Winterm 1125SE IP Option Length Denial of Service
Cross Platform:
[SA16469] phpPgAds Multiple Vulnerabilities
[SA16468] phpAdsNew Multiple Vulnerabilities
[SA16466] Adobe Acrobat / Reader Plug-in Buffer Overflow Vulnerability
[SA16465] eGroupWare XML-RPC Nested XML Tags PHP Code Execution
[SA16462] CPAINT Ajax Toolkit Unspecified Command Execution
Vulnerability
[SA16454] CPAINT Ajax Toolkit Command Execution Vulnerabilities
[SA16441] phpMyFAQ XML-RPC Nested XML Tags PHP Code Execution
[SA16432] Drupal XML-RPC PHP Code Execution Vulnerability
[SA16431] XML-RPC for PHP Nested XML Tags PHP Code Execution
[SA16429] PEAR XML_RPC Nested XML Tags PHP Code Execution
[SA16471] phpWebSite "module" Parameter SQL Injection Vulnerability
[SA16459] ECW-Shop SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA16435] Dada Mail Archived Messages Script Insertion Vulnerability
[SA16427] SafeHTML UTF-7 XSS and CSS Comments Handling Security Bypass
[SA16414] FUDforum "Tree View" Security Bypass Vulnerability
[SA16464] Legato NetWorker Multiple Vulnerabilities
[SA16407] Dokeos Multiple Directory Traversal Vulnerabilities
[SA16405] My Image Gallery Cross-Site Scripting Vulnerabilities
5) Vulnerabilities Content Listing
Windows:
[SA16444] JaguarEditControl ActiveX Control Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
