Martin O'Neal of Corsaire has discovered a vulnerability, which affects
almost all Internet browsers. The vulnerability lies in the way
browsers validate restricted cookie paths, and could be exploited to
gain access to cookie information within restricted paths.
Reportedly, most vendors have silently patched this problem. Please
refer to the Secunia advisory for further details.
Vulnerabilities in Outlook 2002, Windows 2000 Server, and MSN Messenger. Updated versions and patches can be found in the Secunia advisories.
3) This Weeks Top Ten Most Read Advisories:
1. [SA10395] Internet Explorer URL Spoofing Vulnerability
2. [SA11039] ProFTPD ASCII File Translation Off-By-One Vulnerability
3. [SA11037] Adobe Acrobat Reader XML Forms Data Format Buffer
Overflow
4. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
Vulnerability
5. [SA11078] Microsoft MSN Messenger Arbitrary File Retrieval
Vulnerability
6. [SA10736] Internet Explorer File Download Extension Spoofing
7. [SA10995] WinZip MIME Archive Parsing Buffer Overflow Vulnerability
8. [SA11076] Microsoft Outlook 2002 mailto URI Cross Site Scripting
Vulnerability
9. [SA10988] ISS Multiple Products SMB Packet Handling Buffer Overflow
Vulnerability
10. [SA11077] Microsoft Windows 2000 Server Media Services Denial of
Service
Vulnerabilities Summary Listing
Windows:
[SA11076] Microsoft Outlook 2002 mailto URI Cross Site Scripting
Vulnerability
[SA11048] SLMail Pro Multiple Buffer Overflow Vulnerabilities
[SA11078] Microsoft MSN Messenger Arbitrary File Retrieval
Vulnerability
[SA11077] Microsoft Windows 2000 Server Media Services Denial of
Service
[SA11044] Spider Sales SQL Injection and Weak Encryption
[SA11075] Chat Anywhere User Management Bypass Vulnerability
[SA11042] SmarterMail Multiple Vulnerabilities
[SA11086] DB2 Remote Command Server Privilege Escalation Vulnerability
[SA11046] Norton AntiVirus 2002 Virus Detection Bypass Issue
[SA11040] DAWKCo POP3 Server with WebMAIL Extension Session
Reactivation
UNIX/Linux:
[SA11058] Sun Cobalt update for rsync
[SA11082] Sun Java System (Sun ONE) SSL Vulnerabilities
[SA11079] OpenPKG update for mutt
[SA11063] Debian update for wu-ftpd
[SA11062] Red Hat update for WU-FTPD
[SA11047] HP Tru64 UNIX Unspecified IPsec/IKE Vulnerabilities
[SA11039] ProFTPD ASCII File Translation Off-By-One Vulnerability
[SA11089] F-Secure Anti-Virus for Linux Virus Detection Vulnerability
[SA11084] Debian update for Python
[SA11081] Mandrake update for python
[SA11080] Python DNS Response Buffer Overflow Vulnerability
[SA11074] OpenBSD Out-of-Sequence TCP Packet Denial of Service
Vulnerability
[SA11051] Gentoo update for libxml2
[SA11050] OpenPKG update for libxml2
[SA11043] Debian update for libxml/libxml2
[SA11100] Fedora update for coreutils
[SA11099] Debian update for kdelibs
[SA11098] Mandrake update for kdelibs
[SA11095] Red Hat update for kdelibs
[SA11088] Apache mod_access Rule Bypass Issue
[SA11055] WU-FTPD Directory Access Restriction Bypass Vulnerability
[SA11049] Fedora update for mailman
[SA11038] OpenLinux update for CUPS
[SA11083] Sun Solaris UUCP Buffer Overflow Vulnerabilities
[SA11061] GNU Automake Insecure Temporary Directory Creation
Vulnerability
[SA11060] OpenPKG update for libtool
[SA11059] Sun Cobalt update for kernel
[SA11052] Gentoo update for kernel
[SA11097] Mandrake update for gdk-pixbuf
[SA11094] Red Hat update for gdk-pixbuf
[SA11056] Safari JavaScript Array Creation Denial of Service
Other:
[SA11045] Cisco Content Services Switch 11000 Series Denial of Service
Cross Platform:
[SA11057] PWebServer Directory Traversal Vulnerability
[SA11041] GWeb Directory Traversal Vulnerability
[SA11092] Apache mod_ssl HTTP Request Denial of Service Vulnerability
[SA11054] VirtuaNews Cross Site Scripting Vulnerabilities
[SA11053] Invision Power Board Cross-Site Scripting Vulnerabilities
Vulnerabilities Content Listing
Windows:
[SA11076] Microsoft Outlook 2002 mailto URI Cross Site Scripting
Vulnerability
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Jouko Pynnönen has discovered a vulnerability in Outlook 2002, allowing
malicious people to conduct Cross Site Scripting attacks and execute
arbitrary code in the Local Security Zone.
[SA11048] SLMail Pro Multiple Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
NGSSoftware has discovered multiple vulnerabilities in SLMail Pro,
which can be exploited by malicious people to compromise a vulnerable
system.
[SA11078] Microsoft MSN Messenger Arbitrary File Retrieval
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
qFox and Mephisto have discovered a vulnerability in Microsoft MSN
Messenger, allowing malicious people to retrieve files from a
vulnerable system.
[SA11077] Microsoft Windows 2000 Server Media Services Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Qualys has discovered a vulnerability in Microsoft Media Services,
allowing malicious people to cause a Denial of Service against the
Media Services.
[SA11044] Spider Sales SQL Injection and Weak Encryption
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information
Nick Gudov has reported two vulnerabilities in Spider Sales, allowing
malicious people to conduct SQL injection attacks and to decrypt
sensitive information.
[SA11075] Chat Anywhere User Management Bypass Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Luigi Auriemma has reported a vulnerability in Chat Anywhere, which can
be exploited by malicious users to circumvent certain administrative
user management features.
[SA11042] SmarterMail Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
DoS
Dr_insane has reported some vulnerabilities in SmartMail, allowing
malicious people to cause a Denial of Service, view the contents of
arbitrary files, and potentially conduct Cross Site Scripting attacks.
[SA11086] DB2 Remote Command Server Privilege Escalation Vulnerability
Critical: Less critical
Where: From local network
Impact: Privilege escalation
NGSSoftware has discovered a vulnerability in DB2, which can be
exploited by malicious users to gain escalated privileges.
[SA11046] Norton AntiVirus 2002 Virus Detection Bypass Issue
Critical: Less critical
Where: Local system
Impact: Security Bypass
Bipin Gautam has reported a security issue in Norton AntiVirus 2002,
which may result in malware being executed undetected.
[SA11040] DAWKCo POP3 Server with WebMAIL Extension Session
Reactivation
Critical: Not critical
Where: Local system
Impact: Security Bypass
Ian Koch has reported a security issue in DAWKCo POP3 Server Hosting
Version with WebMAIL Extension, allowing malicious users to gain access
UNIX/Linux:--
[SA11058] Sun Cobalt update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Sun has issued an updated package for rsync. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
[SA11082] Sun Java System (Sun ONE) SSL Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Sun has issued updated packages for Sun Java System Web Server and
Application Server (formerly Sun ONE). These fix various
vulnerabilities, which can be exploited by malicious people to cause a
Denial of Service and potentially compromise a vulnerable system.
[SA11079] OpenPKG update for mutt
Critical: Highly critical
Where: From remote
Impact: DoS, System access
OpenPKG has issued updated packages for mutt. These fix a
vulnerability, which can be exploited by malicious people to crash the
mail client or potentially compromise a user's system.
[SA11063] Debian update for wu-ftpd
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Debian has issued updated packages for wu-ftpd. These fix two
vulnerabilities, which potentially can be exploited by malicious users
to bypass certain restrictions or compromise a vulnerable system.
[SA11062] Red Hat update for WU-FTPD
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Red Hat has issued updated packages for wu-ftpd. These fix two
vulnerabilities, which potentially can be exploited by malicious users
to bypass certain restrictions or compromise a vulnerable system.
[SA11047] HP Tru64 UNIX Unspecified IPsec/IKE Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
HP has fixed some vulnerabilities in Tru64, which potentially can be
exploited by malicious people to compromise a vulnerable system.
[SA11039] ProFTPD ASCII File Translation Off-By-One Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Phantasmal Phantasmagoria has reported a vulnerability in ProFTPD,
which potentially can be exploited by malicious users to compromise a
vulnerable system.
[SA11089] F-Secure Anti-Virus for Linux Virus Detection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
A vulnerability has been reported in F-Secure Anti-Virus for Linux,
potentially allowing malware to bypass the virus detection.
[SA11084] Debian update for Python
Critical: Moderately critical
Where: From remote
Impact: System access
Debian has issued updated packages for Python. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
[SA11081] Mandrake update for python
Critical: Moderately critical
Where: From remote
Impact: System access
MandrakeSoft has issued updated packages for Python. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
[SA11080] Python DNS Response Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Sebastian Schmidt has discovered a vulnerability in Python, potentially
allowing malicious people to execute arbitrary code on a vulnerable
system.
[SA11074] OpenBSD Out-of-Sequence TCP Packet Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
OpenBSD has issued a patch, which fixes a vulnerability allowing
malicious people to cause a DoS (Denial of Service).
[SA11051] Gentoo update for libxml2
Critical: Moderately critical
Where: From remote
Impact: System access
Gentoo has issued updated packages for libxml2. These fix some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
[SA11050] OpenPKG update for libxml2
Critical: Moderately critical
Where: From remote
Impact: System access
OpenPKG has issued updated packages for libxml2. These fix some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
[SA11043] Debian update for libxml/libxml2
Critical: Moderately critical
Where: From remote
Impact: System access
Debian has issued updated packages for libxml and libxml2. These fix
some vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.
[SA11100] Fedora update for coreutils
Critical: Less critical
Where: From remote
Impact: DoS
Fedora has issued updated packages for coreutils. These fix two
vulnerabilities in the "ls" program, which can be exploited by
malicious users to cause a DoS (Denial of Service).
[SA11099] Debian update for kdelibs
Critical: Less critical
Where: From remote
Impact: Security Bypass
Debian has issued updated packages for kdelibs. These fix a
vulnerability, which potentially can be exploited to bypass certain
cookie path restrictions.
[SA11098] Mandrake update for kdelibs
Critical: Less critical
Where: From remote
Impact: Security Bypass
MandrakeSoft has issued updated packages for kdelibs. These fix a
vulnerability, which potentially can be exploited to bypass certain
cookie path restrictions.
[SA11095] Red Hat update for kdelibs
Critical: Less critical
Where: From remote
Impact: Security Bypass
Red Hat has issued updated packages for kdelibs. These fix a
vulnerability, which potentially can be exploited to bypass certain
cookie path restrictions.
[SA11088] Apache mod_access Rule Bypass Issue
Critical: Less critical
Where: From remote
Impact: Security Bypass
A security issue has been reported in Apache on big-endian 64bit
systems, which can be exploited by malicious people to bypass certain
restrictions.
[SA11055] WU-FTPD Directory Access Restriction Bypass Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Glenn Stewart has discovered a vulnerability in wu-ftpd, which can be
exploited by malicious, authenticated users to circumvent certain
restrictions.
[SA11049] Fedora update for mailman
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Red Hat has issued updated packages for mailman. These fix a
vulnerability, which can be exploited by malicious people to conduct
cross-site scripting attacks.
[SA11038] OpenLinux update for CUPS
Critical: Less critical
Where: From local network
Impact: DoS
SCO has issued updated packages for cups. These fix a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
[SA11083] Sun Solaris UUCP Buffer Overflow Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Sun has reported multiple vulnerabilities in Solaris, potentially
allowing malicious, local users to gain escalated privileges on a
vulnerable system.
[SA11061] GNU Automake Insecure Temporary Directory Creation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Stefan Nordhausen has discovered a vulnerability in GNU Automake, which
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.
[SA11060] OpenPKG update for libtool
Critical: Less critical
Where: Local system
Impact: Privilege escalation
OpenPKG has issued updated packages for libtool. These fix a
vulnerability, allowing malicious users to escalate their privileges on
a vulnerable system.
[SA11059] Sun Cobalt update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Sun has issued an updated package for the kernel. This fixes various
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
[SA11052] Gentoo update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Gentoo has issued an updated package for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
[SA11097] Mandrake update for gdk-pixbuf
Critical: Not critical
Where: From remote
Impact: DoS
MandrakeSoft has issued updated packages for gdk-pixbuf. These fix a
vulnerability, which can be exploited by malicious people to crash
certain applications like Evolution on a vulnerable system.
[SA11094] Red Hat update for gdk-pixbuf
Critical: Not critical
Where: From remote
Impact: DoS
Red Hat has issued updated packages for gdk-pixbuf. These fix a
vulnerability, which can be exploited by malicious people to crash
certain applications like Evolution on a vulnerable system.
[SA11056] Safari JavaScript Array Creation Denial of Service
Critical: Not critical
Where: From remote
Impact: DoS
kang has reported a vulnerability in Safari, which can be exploited by
malicious people to cause a Denial of Service.
[SA11045] Cisco Content Services Switch 11000 Series Denial of Service
Critical: Not critical
Where: From local network
Impact: DoS
Cisco has reported a vulnerability in Cisco Content Services Switch
11000 Series, allowing malicious people to cause a Denial of Service.
Cross Platform:
[SA11057] PWebServer Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Donato Ferrante has discovered a vulnerability in PWebServer, which can
be exploited by malicious people to read arbitrary files on a
vulnerable system.
[SA11041] GWeb Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Donato Ferrante has reported a vulnerability in GWeb, allowing
malicious people to read arbitrary files on a vulnerable system.
[SA11092] Apache mod_ssl HTTP Request Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Mick Wall has discovered a vulnerability in Apache 2, which can be
exploited by malicious people to cause a DoS (Denial of Service).
[SA11054] VirtuaNews Cross Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Rafal Ivgi has reported some vulnerabilities in VirtuaNews, allowing
malicious people to conduct Cross Site Scripting attacks.
[SA11053] Invision Power Board Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Rafel Ivgi has discovered multiple vulnerabilities in Invision Power
Board, allowing malicious people to conduct cross-site scripting
attacks.
© 2008; SpywareUninstaller.com Group Project; All Rights Reserved.