[ISN] Secunia Weekly Summary - Issue: 2004-33

InfoSec News isn at c4i.org
Fri Aug 13 13:02:21 EDT 2004


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2004-08-05 - 2004-08-12                        

                       This week : 31 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/


========================================================================
2) This Week in Brief:


ADVISORIES:

A vulnerability has been discovered in AOL Instant Messenger, which
could be exploited to compromise a vulnerable client.

The vulnerability was found by two different parties around the same
time. However, due to no response from AOL's security team, one of the
researchers chose to issue their advisory.

Currently, no permanent solution is available from AOL. However, AOL
has stated that a new version of the messenger client is upcoming.

Please view Secunia Advisory for details.

Reference:
http://secunia.com/SA12198

--

Apple has issued a security update, which corrects several
vulnerabilities including the "libpng" vulnerability.

Mac OS X users are advised to download and install the update from
Apple. Please view Secunia Advisory below for more information.

Reference:
http://secunia.com/SA12249


VIRUS ALERTS:

During the last week, Secunia issued one MEDIUM RISK virus alert.
Please refer to the grouped virus profiles below for more information:

Bagle.aq - MEDIUM RISK Virus Alert - 2004-08-09 23:37 GMT+1
http://secunia.com/virus_information/11110/bagle.aq/


========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA12219] libpng Multiple Vulnerabilities
2.  [SA12198] AOL Instant Messenger "Away" Message Buffer Overflow
              Vulnerability
3.  [SA12188] Mozilla / Mozilla Firefox User Interface Spoofing
              Vulnerability
4.  [SA12048] Microsoft Internet Explorer Multiple Vulnerabilities
5.  [SA12232] Mozilla / Mozilla Firefox / Mozilla Thunderbird libpng
              Vulnerabilities
6.  [SA11978] Multiple Browsers Frame Injection Vulnerability
7.  [SA12233] Opera Browser "location" Object Write Access
              Vulnerability
8.  [SA10856] Mozilla Multiple Vulnerabilities
9.  [SA11793] Internet Explorer Local Resource Access and Cross-Zone
              Scripting Vulnerabilities
10. [SA12249] Mac OS X Security Update Fixes Multiple Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA12270] Shuttle FTP Suite Directory Traversal Vulnerability
[SA12269] IceWarp Web Mail Multiple Unspecified Vulnerabilities
[SA12261] Microsoft Exchange HTML Redirection Script Insertion
Vulnerability
[SA12263] Sygate Secure Enterprise / Sygate Enforcer Multiple
Vulnerabilities
[SA12259] ServerMask Web Server Identity Exposure Security Issue

UNIX/Linux:
[SA12266] Slackware update for mozilla
[SA12250] Slackware update for libpng
[SA12249] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA12248] Sun Solaris libpng Vulnerabilities
[SA12246] HP VirtualVault / Webproxy Multiple Vulnerabilities in
Apache
[SA12244] HP-UX Apache and PHP Vulnerabilities
[SA12243] Conectiva update for apache
[SA12242] Conectiva update for libpng
[SA12240] Mozilla Application Suite for Tru64 UNIX libpng
Vulnerabilities
[SA12268] Slackware update for sox
[SA12267] Slackware update for ImageMagick
[SA12258] Gentoo update for horde-imp
[SA12253] GeNUGate Unspecified Denial of Service Vulnerabilities
[SA12241] Citrix Secure Gateway OpenSSL Vulnerability
[SA12239] GraphicsMagick libpng Vulnerabilities
[SA12264] Gentoo update for cfengine
[SA12251] Cfengine RSA Authentication Vulnerabilities
[SA12256] Gentoo update for spamassassin
[SA12255] SpamAssassin Message Handling Denial of Service
Vulnerability
[SA12257] Sun Solaris XDMCP Parsing Vulnerability
[SA12252] Mandrake update for shorewall
[SA12247] SuSE update for kernel
[SA12245] HP-UX Process Resource Manager File Corruption Vulnerability

Other:
[SA12254] Symantec Clientless VPN Gateway 4400 Series Multiple
Vulnerabilities

Cross Platform:
[SA12271] PHP-Nuke Search Box Cross-Site Scripting Vulnerabilities
[SA12262] Moodle "Post.php" Cross-Site Scripting and Unspecified Moodle
Text Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA12270] Shuttle FTP Suite Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Security Bypass
Released:    2004-08-11

Ziv Kamir has reported a vulnerability in Shuttle FTP Suite, which can
be exploited by malicious people to read or place files in arbitrary
locations on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12270/

 --

[SA12269] IceWarp Web Mail Multiple Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, Cross Site Scripting,
Manipulation of data, Exposure of system information, Exposure of
sensitive information
Released:    2004-08-11

Multiple unspecified vulnerabilities have been reported in IceWarp Web
Mail, which can potentially be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks, access sensitive
information, and manipulate the file system.

Full Advisory:
http://secunia.com/advisories/12269/

 --

[SA12261] Microsoft Exchange HTML Redirection Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-10

Microsoft has released an update for Exchange Server 5.5 SP4. This
fixes a vulnerability, allowing malicious people to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/12261/

 --

[SA12263] Sygate Secure Enterprise / Sygate Enforcer Multiple
Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, DoS
Released:    2004-08-11

Martin O'Neal of Corsaire has reported three vulnerabilities in Sygate
Secure Enterprise (SSE), which can be exploited by malicious people to
cause a DoS (Denial of Service) or bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/12263/

 --

[SA12259] ServerMask Web Server Identity Exposure Security Issue

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-08-10

Martin O'Neal of Corsaire has discovered a security issue in
ServerMask, allowing malicious people to determine if a system is
running Microsoft Internet Information Server (IIS) even though the
product's functionality should prevent this.

Full Advisory:
http://secunia.com/advisories/12259/


UNIX/Linux:--

[SA12266] Slackware update for mozilla

Critical:    Highly critical
Where:       From remote
Impact:      Spoofing, DoS, System access
Released:    2004-08-11

Slackware has issued an update for mozilla. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), spoof content of websites, or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/12266/

 --

[SA12250] Slackware update for libpng

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-10

Slackware has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12250/

 --

[SA12249] Mac OS X Security Update Fixes Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2004-08-10

Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/12249/

 --

[SA12248] Sun Solaris libpng Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-09

Sun has acknowledged some vulnerabilities in Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12248/

 --

[SA12246] HP VirtualVault / Webproxy Multiple Vulnerabilities in
Apache

Critical:    Highly critical
Where:       From remote
Impact:      Spoofing, DoS, System access, Security Bypass
Released:    2004-08-10

HP has confirmed some vulnerabilities in Apache affecting HP
VirtualVault and HP Webproxy, which can be exploited by malicious
people to cause a DoS (Denial of Service), bypass security
restrictions, or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12246/

 --

[SA12244] HP-UX Apache and PHP Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2004-08-09

HP has confirmed some vulnerabilities in HP-UX, which can be exploited
by malicious people to cause a DoS (Denial of Service), bypass security
restrictions, or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12244/

 --

[SA12243] Conectiva update for apache

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-08-09

Conectiva has issued an update for apache. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12243/

 --

[SA12242] Conectiva update for libpng

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2004-08-09

Conectiva has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12242/

 --

[SA12240] Mozilla Application Suite for Tru64 UNIX libpng
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-09

HP has confirmed some vulnerabilities in the Mozilla Application Suite
for Tru64 UNIX, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12240/

 --

[SA12268] Slackware update for sox

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-08-11

Slackware has issued an update for sox. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12268/

 --

[SA12267] Slackware update for ImageMagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-11

Slackware has issued an update for ImageMagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12267/

 --

[SA12258] Gentoo update for horde-imp

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-10

Gentoo has issued an update for horde-imp. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/12258/

 --

[SA12253] GeNUGate Unspecified Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-08-10

Two unspecified vulnerabilities have been reported in GeNUGate, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12253/

 --

[SA12241] Citrix Secure Gateway OpenSSL Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-08-09

Citrix Systems has acknowledged a vulnerability in Citrix Secure
Gateway, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/12241/

 --

[SA12239] GraphicsMagick libpng Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-09

The GraphicsMagick group has confirmed vulnerabilities in
GraphicsMagick, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12239/

 --

[SA12264] Gentoo update for cfengine

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2004-08-11

Gentoo has issued an update for cfengine. This fixes a vulnerability,
which can be exploited by malicious people to compromise the system or
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12264/

 --

[SA12251] Cfengine RSA Authentication Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2004-08-10

Juan Pablo Martinez Kuhn has discovered two vulnerabilities in
Cfengine, allowing malicious people to compromise the system or cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12251/

 --

[SA12256] Gentoo update for spamassassin

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-08-10

Gentoo has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12256/

 --

[SA12255] SpamAssassin Message Handling Denial of Service
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-08-10

A vulnerability has been discovered in SpamAssassin, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12255/

 --

[SA12257] Sun Solaris XDMCP Parsing Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-08-10

A vulnerability has been reported in Solaris, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12257/

 --

[SA12252] Mandrake update for shorewall

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-08-10

MandrakeSoft has issued an update for shorewall. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12252/

 --

[SA12247] SuSE update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2004-08-09

SuSE has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to disclose sensitive
information in kernel memory.

Full Advisory:
http://secunia.com/advisories/12247/

 --

[SA12245] HP-UX Process Resource Manager File Corruption Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data, DoS
Released:    2004-08-09

An unspecified vulnerability has been reported in HP Process Resource
Manager (PRM), which can be exploited by malicious, local users to
corrupt files on the system.

Full Advisory:
http://secunia.com/advisories/12245/


Other:--

[SA12254] Symantec Clientless VPN Gateway 4400 Series Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting, Manipulation of data
Released:    2004-08-10

Multiple vulnerabilities have been reported in Symantec Clientless VPN
Gateway 4400 Series, where some have an unknown impact and others can
be exploited to conduct cross-site scripting attacks or manipulate
users' signon information.

Full Advisory:
http://secunia.com/advisories/12254/


Cross Platform:--

[SA12271] PHP-Nuke Search Box Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-11

SmOk3 has reported some vulnerabilities in PHP-Nuke, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12271/

 --

[SA12262] Moodle "Post.php" Cross-Site Scripting and Unspecified Moodle
Text Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Unknown
Released:    2004-08-11

Two vulnerabilities have been reported in Moodle, where one can be
exploited by malicious people to conduct cross-site scripting attacks
and the other has an unknown impact.

Full Advisory:
http://secunia.com/advisories/12262/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

========================================================================





More information about the ISN mailing list