[ISN] Secunia Weekly Summary - Issue: 2004-40

InfoSec News isn at c4i.org
Thu Sep 30 06:25:02 EDT 2004


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2004-09-23 - 2004-09-30                        

                       This week : 42 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Secunia has implemented new features at Secunia.com


SECUNIA ADVISORIES NOW INCLUDE "Solution Status":
In addition to the extensive information Secunia advisories already
include, Secunia has added a new parameter: "Solution Status". This
simply means that all Secunia advisories, including older advisories,
now include the current "Solution Status" of a advisory, i.e. if the
vendor has released a patch or not.


IMPROVED PRODUCT PAGES:
The improved product pages now include a detailed listing of all
Secunia advisories affecting each product. The listings include a clear
indication of the "Solution Status" each advisory has ("Unpatched",
"Vendor patch", "Vendor workaround", or "Partial fix"). View the
following for examples:

Opera 7:
http://secunia.com/product/761/

Internet Explorer 6:
http://secunia.com/product/11/

Mozilla Firefox:
http://secunia.com/product/3256/


EXTRA STATISTICS:
Each product page also includes a new pie graph, displaying the
"Solution Status" for all Secunia advisories affecting each product in
a given period. View the following for an example:

Internet Explorer 6:
http://secunia.com/product/11/#statistics_solution


FEEDBACK SYSTEM:
To make it easier to provide feedback to the Secunia staff, we have
made an online feedback form. Enter your inquiry and it will
immediately be sent to the appropriate Secunia department.

Ideas, suggestions, and other feedback is most welcome

Secunia Feedback Form:
http://secunia.com/contact_form/


========================================================================
2) This Week in Brief:


ADVISORIES:

RealNetworks has issued a new versions of their players. This fixes
some vulnerabilities, which can be exploited to compromise a vulnerable
system.

Patches are available from the vendor, please refer to the Secunia
advisory for a link to the vendor advisory.

Reference:
http://secunia.com/SA12672

--

Vulnerabilities have been reported in several Symantec firewalls, which
allows malicious people to cause a DoS (Denial of Service), identify
active services, and manipulate the firewall configuration.

Symantec has issued new firmwares for all affected versions.

Reference:
http://secunia.com/SA12635


VIRUS ALERTS:

During the last week, Secunia issued one MEDIUM RISK virus alert.
Please refer to the grouped virus profiles below for more information:

BAGLE.AM - MEDIUM RISK Virus Alert - 2004-09-29 03:04 GMT+1
http://secunia.com/virus_information/12351/bagle.am/


========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA12526] Mozilla Multiple Vulnerabilities
2.  [SA12304] Internet Explorer Address Bar Spoofing Vulnerability
3.  [SA12321] Microsoft Internet Explorer Drag and Drop Vulnerability
4.  [SA12635] Symantec Firewall/VPN Products Multiple Vulnerabilities
5.  [SA12528] Microsoft Multiple Products JPEG Processing Buffer
              Overflow Vulnerability
6.  [SA12633] Apache "Satisfy" Directive Access Control Bypass
              Security Issue
7.  [SA11978] Multiple Browsers Frame Injection Vulnerability
8.  [SA12542] GdkPixbuf Multiple Image Decoding Vulnerabilities
9.  [SA12672] RealOne Player / RealPlayer / Helix Player Multiple
              Vulnerabilities
10. [SA12381] Winamp Skin File Arbitrary Code Execution Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA12684] dBpowerAMP Audio Player / Music Converter Playlist Handling
Buffer Overflow
[SA12666] Icecast Server HTTP Headers Buffer Overflow Vulnerability
[SA12658] BroadBoard Instant ASP Message Board SQL Injection
Vulnerability
[SA12651] aspWebCalendar SQL Injection Vulnerability
[SA12650] MegaBBS HTTP Response Splitting and SQL Injection
Vulnerabilities
[SA12642] ActivePost Standard Multiple Vulnerabilities
[SA12665] Chatman Broadcast Denial of Service Vulnerability
[SA12639] Computer Associates Unicenter Common Services Password
Disclosure
[SA12661] Intellipeer Email Server User Account Enumeration Weakness

UNIX/Linux:
[SA12677] AIX libXm.a Multiple Vulnerabilities
[SA12675] Conectiva update for imlib/imlib2
[SA12653] Gentoo update for xorg-x11/xfree
[SA12652] LessTif XPM Library Image Decoding Vulnerabilities
[SA12682] SGI IRIX update for kernel
[SA12667] Debian sendmail sasl-bin Mail Relaying Security Issue
[SA12646] Conectiva update for apache
[SA12644] Fedora update for httpd
[SA12641] Gentoo update for apache
[SA12648] fprobe "change user" Feature Unspecified Security Issue
[SA12643] Fedora update for subversion
[SA12681] Fedora update for cups
[SA12663] Conectiva update for kernel
[SA12668] Mandrake update for openoffice.org
[SA12664] IBM Products ctstrtcasd Local File Corruption Vulnerability
[SA12657] Debian update for getmail
[SA12645] Gentoo update for getmail

Other:
[SA12659] Canon imageRUNNER E-mail Printer Denial of Service Weakness

Cross Platform:
[SA12679] @lex GuestBook "chem_absolu" Arbitrary File Inclusion
Vulnerability
[SA12672] RealOne Player / RealPlayer / Helix Player Multiple
Vulnerabilities
[SA12678] ParaChat Server Directory Traversal Vulnerability
[SA12674] PeopleSoft HRMS Page Manipulation and Identity Spoofing
[SA12673] Serendipity SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA12662] PHP-Fusion "homepage address" Script Insertion Vulnerability
[SA12649] Baal Smart Forms "Admin Change Password" Security Bypass
[SA12647] ColdFusion MX Sensitive Information Disclosure and Denial of
Service
[SA12640] MyServer HTTP POST Request Processing Denial of Service
[SA12638] Macromedia JRun Server Multiple Vulnerabilities
[SA12660] YPOPs! POP3 and SMTP Service Buffer Overflow Vulnerabilities
[SA12683] Wordpress Cross-Site Scripting Vulnerabilities
[SA12676] Vignette Application Portal Diagnostic Utility Information
Disclosure
[SA12654] PHP-Fusion Cross-Site Scripting and Identify Spoof
Vulnerabilities
[SA12655] HP StorageWorks Command View XP Security Bypass

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA12684] dBpowerAMP Audio Player / Music Converter Playlist Handling
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-29

James Bercegay has reported a vulnerability in dBpowerAMP Music
Converter and Audio Player, which potentially can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12684/

 --

[SA12666] Icecast Server HTTP Headers Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-29

Luigi Auriemma has reported a vulnerability in Icecast, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12666/

 --

[SA12658] BroadBoard Instant ASP Message Board SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2004-09-27

pigrelax has reported a vulnerability in BroadBoard Instant ASP Message
Board, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/12658/

 --

[SA12651] aspWebCalendar SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information
Released:    2004-09-27

Pedro Sanches has reported a vulnerability in aspWebCalendar, which can
be exploited by malicious people to conduct SQL injection attacks and
determine valid usernames.

Full Advisory:
http://secunia.com/advisories/12651/

 --

[SA12650] MegaBBS HTTP Response Splitting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2004-09-27

pigrelax has reported a vulnerability in MegaBBS, which can be
exploited by malicious people to conduct script insertion, cross-site
scripting, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/12650/

 --

[SA12642] ActivePost Standard Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information, DoS
Released:    2004-09-24

Luigi Auriemma has reported multiple vulnerabilities in ActivePost
Standard, which can be exploited by malicious people to cause a DoS
(Denial of Service), upload files to arbitrary locations, or gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/12642/

 --

[SA12665] Chatman Broadcast Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-28

Luigi Auriemma has reported a vulnerability in ChatMan, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12665/

 --

[SA12639] Computer Associates Unicenter Common Services Password
Disclosure

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2004-09-29

A security issue has been reported in Computer Associates Unicenter
Common Services, which may disclose sensitive information to malicious,
local users.

Full Advisory:
http://secunia.com/advisories/12639/

 --

[SA12661] Intellipeer Email Server User Account Enumeration Weakness

Critical:    Not critical
Where:       From local network
Impact:      Exposure of system information
Released:    2004-09-27

Ziv Kamir has reported a weakness in Intellipeer Email Server, which
can be exploited by malicious people to determine valid usernames.

Full Advisory:
http://secunia.com/advisories/12661/


UNIX/Linux:--

[SA12677] AIX libXm.a Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-29

IBM has acknowledged some vulnerabilities in AIX, which potentially can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12677/

 --

[SA12675] Conectiva update for imlib/imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-28

Conectiva has issued updates for imlib and imlib2. These fix some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12675/

 --

[SA12653] Gentoo update for xorg-x11/xfree

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-27

Gentoo has issued updates for xorg-x11 and xfree. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12653/

 --

[SA12652] LessTif XPM Library Image Decoding Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-27

Multiple vulnerabilities have been reported in LessTif, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/12652/

 --

[SA12682] SGI IRIX update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, Manipulation of data, DoS
Released:    2004-09-29

SGI has issued patches for IRIX. These fix multiple vulnerabilities in
the kernel, which can be exploited to cause a DoS (Denial of Service),
inject data into a TCP stream, and conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/12682/

 --

[SA12667] Debian sendmail sasl-bin Mail Relaying Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-09-28

Debian has issued an update for sendmail. This fixes a security issue,
which can be exploited by malicious people to use a vulnerable system
as an open mail relay.

Full Advisory:
http://secunia.com/advisories/12667/

 --

[SA12646] Conectiva update for apache

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2004-09-24

Conectiva has issued an update for apache. This fixes multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service), gain escalated privileges, and potentially compromise a
system.

Full Advisory:
http://secunia.com/advisories/12646/

 --

[SA12644] Fedora update for httpd

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS
Released:    2004-09-24

Fedora has issued an update for httpd. This fixes some vulnerabilities,
which can be exploited to gain escalated privileges, cause a DoS (Denial
of Service) or access restricted resources.

Full Advisory:
http://secunia.com/advisories/12644/

 --

[SA12641] Gentoo update for apache

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-09-24

Gentoo has issued an update for apache. This fixes a security issue,
which may allow malicious people to bypass configured access controls.

Full Advisory:
http://secunia.com/advisories/12641/

 --

[SA12648] fprobe "change user" Feature Unspecified Security Issue

Critical:    Moderately critical
Where:       From local network
Impact:      Unknown
Released:    2004-09-27

A security issue with an unknown impact has been reported in fprobe.

Full Advisory:
http://secunia.com/advisories/12648/

 --

[SA12643] Fedora update for subversion

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2004-09-24

Fedora has issued an update for subversion. This fixes a security
issue, which can be exploited by malicious people to disclose
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/12643/

 --

[SA12681] Fedora update for cups

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-29

Fedora has issued an update for CUPS. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12681/

 --

[SA12663] Conectiva update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data
Released:    2004-09-27

Conectiva has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12663/

 --

[SA12668] Mandrake update for openoffice.org

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2004-09-28

MandrakeSoft has issued an update for openoffice.org. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/12668/

 --

[SA12664] IBM Products ctstrtcasd Local File Corruption Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2004-09-28

iDEFENSE Labs has reported a vulnerability in various IBM products,
which can be exploited by malicious, local users to conduct certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/12664/

 --

[SA12657] Debian update for getmail

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-27

Debian has issued an update for getmail. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12657/

 --

[SA12645] Gentoo update for getmail

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-24

Gentoo has issued an update for getmail. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12645/


Other:--

[SA12659] Canon imageRUNNER E-mail Printer Denial of Service Weakness

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2004-09-28

Andrew Daviel has reported a weakness in Canon imageRUNNER, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12659/


Cross Platform:--

[SA12679] @lex GuestBook "chem_absolu" Arbitrary File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2004-09-29

Himeur Nourredine has reported a vulnerability in @lex GuestBook, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12679/

 --

[SA12672] RealOne Player / RealPlayer / Helix Player Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2004-09-29

Multiple vulnerabilities have been reported in RealOne Player,
RealPlayer, and Helix Player, which can be exploited by malicious
people to compromise a user's system and delete files.

Full Advisory:
http://secunia.com/advisories/12672/

 --

[SA12678] ParaChat Server Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2004-09-30

Donato Ferrante has reported a vulnerability in ParaChat Server, which
can be exploited by malicious people to access sensitive information.

Full Advisory:
http://secunia.com/advisories/12678/

 --

[SA12674] PeopleSoft HRMS Page Manipulation and Identity Spoofing

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, Manipulation of data
Released:    2004-09-29

A security issue has been reported in PeopleSoft Human Resources
Management System (HRMS), which can be exploited by malicious people to
modify certain pages and spoof their identity.

Full Advisory:
http://secunia.com/advisories/12674/

 --

[SA12673] Serendipity SQL Injection and Cross-Site Scripting
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2004-09-28

aCiDBiTS has reported two vulnerabilities in Serendipity, which can be
exploited by malicious people to conduct SQL injection and cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/12673/

 --

[SA12662] PHP-Fusion "homepage address" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-27

Espen Andersson has reported a vulnerability in PHP-Fusion, which can
be exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/12662/

 --

[SA12649] Baal Smart Forms "Admin Change Password" Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-09-27

A vulnerability has been reported in Baal Smart Forms, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12649/

 --

[SA12647] ColdFusion MX Sensitive Information Disclosure and Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2004-09-24

Two vulnerabilities have been reported in ColdFusion MX Server, which
can be exploited by malicious people to disclose sensitive information
and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12647/

 --

[SA12640] MyServer HTTP POST Request Processing Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-27

badpack3t has reported a vulnerability in MyServer, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12640/

 --

[SA12638] Macromedia JRun Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting, Exposure of sensitive
information, DoS
Released:    2004-09-24

Multiple vulnerabilities have been reported in JRun Server, which can
be exploited by malicious people to hijack an authenticated user's
session, conduct cross-site scripting attacks, disclose sensitive
information, and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12638/

 --

[SA12660] YPOPs! POP3 and SMTP Service Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-09-28

Nima Majidi has discovered some vulnerabilities in YPOPs!, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12660/

 --

[SA12683] Wordpress Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-29

Thomas Waldegger has reported some vulnerabilities in Wordpress, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/12683/

 --

[SA12676] Vignette Application Portal Diagnostic Utility Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information
Released:    2004-09-29

@stake has reported a security issue in Vignette Application Portal,
which can be exploited by malicious people to gain knowledge of various
system information.

Full Advisory:
http://secunia.com/advisories/12676/

 --

[SA12654] PHP-Fusion Cross-Site Scripting and Identify Spoof
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing
Released:    2004-09-27

Two vulnerabilities have been reported in PHP-Fusion, which can be
exploited by malicious people to conduct cross-site scripting attacks
and potentially perform an identity spoof.

Full Advisory:
http://secunia.com/advisories/12654/

 --

[SA12655] HP StorageWorks Command View XP Security Bypass

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2004-09-27

A vulnerability has been reported in HP StorageWorks Command View XP,
which can be exploited by malicious, local users to bypass certain
access restrictions.

Full Advisory:
http://secunia.com/advisories/12655/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

========================================================================





More information about the ISN mailing list