|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Threat Watch 074
From: Security Threat Watch (NetworkComputing
update.networkcomputing.com)
Date: Mon Apr 04 2005 - 13:01:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Security Threat Watch
Number 074
Monday, April 4, 2005
Created for you by Network Computing & Neohapsis
This week's most notable bugs were found in various telnet clients. The
bugs allow a malicious server to take advantage of various buffer
overflows on the client. Keep in mind that exploitation doesn't
necessarily require a malicious telnet server. Have you ever used the
telnet client as a quick diagnostic tool to see if a network service
such as a Web server on port 80 was reachable? Technically, these
services could make an attempt at triggering the vulnerability.
Until next issue,
- The Neohapsis Security Threat Watch Team
--- Advertisement -----------------------------------------------------
Join InformationWeek for a FREE, live TechWebCast on Blade Servers
in Your Data Center. Hear industry experts share their views
on blade server installation strategies, including tips for
predictable, successful deployment.
Tuesday, April 26th, 2005, 9:00 AM PT/11:00 AM CT/12:00 PM ET
--- New Vulnerabilities -----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Various telnet clients: multiple remote overflows
**** Newly announced vulnerabilities this week ****
____Windows____
Call of Duty 1.5b: remote server DoS
http://archives.neohapsis.com/archives/bugtraq/2005-04/0016.html
FastStone 4in1 Browser 1.2: Web root escaping
http://archives.neohapsis.com/archives/bugtraq/2005-03/0495.html
IVT BlueSoleil Bluetooth drivers/software: remote arbitrary file uploading
http://archives.neohapsis.com/archives/bugtraq/2005-04/0007.html
Microsoft Jet DB: malicious MDB file local overflow
http://archives.neohapsis.com/archives/bugtraq/2005-03/0543.html
RUMBA 7.3: malicious profile local overflow
http://archives.neohapsis.com/archives/bugtraq/2005-04/0005.html
Windows XP: malicious .WMF file local DoS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0539.html
____Linux____
Linux kernel: Bluetooth socket creation local privilege elevation
http://archives.neohapsis.com/archives/bugtraq/2005-03/0472.html
Linux kernel: ext2 file system information leak
http://archives.neohapsis.com/archives/bugtraq/2005-04/0010.html
____Network Devices____
Bay Technical Associates telnet server: authentication bypass
http://archives.neohapsis.com/archives/bugtraq/2005-03/0535.html
Cisco VPN 3000 Concentrator: malicious SSL connection DoS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0512.html
____CGI____
ACS Blog 1.1.1: XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0476.html
AlstraSoft EPay Pro 2.0: PHP remote file include code execution, XSS
http://archives.neohapsis.com/archives/bugtraq/2005-04/0022.html
AspApp: XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0490.html
Chatness 2.5.1: XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0502.html
E-Xoops: SQL tampering, XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0473.html
MX Shop 1.1.1, MX Kart 1.1.2: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-03/0532.html
PaFileDB 3.1: SQL tampering, XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0519.html
PayPal Storefront: SQL tampering, XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0520.html
PhotoPost Pro Gallery: SQL tampering, XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0471.html
PortalApp: SQL tampering, XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0497.html
Sun AnswerBook2: XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0480.html
T. Hai Shoutbox: XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0487.html
Ublog 1.0.4: XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0509.html
Vladersoft shopping cart 3.0: SQL tampering, XSS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0470.html
Yet Another Forum 0.9.9: XSS
http://archives.neohapsis.com/archives/bugtraq/2005-04/0026.html
phpCoin 1.2.1b: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2005-03/0508.html
____Cross-Platform____
BakBone products: multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0096.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0097.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0098.html
http://archives.neohapsis.com/archives/bugtraq/2005-04/0002.html
Gaim 1.2.0: multiple remote DoS
http://archives.neohapsis.com/archives/bugtraq/2005-04/0011.html
Jedi Academy game 1.011: remote server overflow
http://archives.neohapsis.com/archives/bugtraq/2005-04/0015.html
PHP 4.x, 5.x: getimagesize() DoS
http://archives.neohapsis.com/archives/bugtraq/2005-03/0548.html
Quake 3 game engine: client remote DoS
http://archives.neohapsis.com/archives/bugtraq/2005-04/0014.html
Tincat 2 game library: remote overflow
http://archives.neohapsis.com/archives/bugtraq/2005-03/0468.html
Various telnet clients: multiple remote overflows
http://archives.neohapsis.com/archives/bugtraq/2005-03/0464.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0465.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0492.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Debian > DSA 697-1: netkit-telnet
http://archives.neohapsis.com/archives/vendor/2005-q1/0111.html
Debian > DSA 698-1: mc
http://archives.neohapsis.com/archives/vendor/2005-q1/0112.html
Debian > DSA 699-1: netkit-telnet-ssl
http://archives.neohapsis.com/archives/vendor/2005-q1/0113.html
Debian > DSA 700-1: mailreader
http://archives.neohapsis.com/archives/vendor/2005-q1/0115.html
Debian > DSA 701-1: samba
http://archives.neohapsis.com/archives/bugtraq/2005-03/0522.html
Debian > DSA 702-1: ImageMagick
http://archives.neohapsis.com/archives/vendor/2005-q1/0118.html
Debian > DSA 703-1: krb5
http://archives.neohapsis.com/archives/vendor/2005-q1/0119.html
Mandrake > MDKSA-2005:061: krb5
http://archives.neohapsis.com/archives/linux/mandrake/2005-q1/0134.html
Mandrake > MDKSA-2005:062: ipsec-tools
http://archives.neohapsis.com/archives/linux/mandrake/2005-q1/0138.html
Mandrake > MDKSA-2005:063: htdig
http://archives.neohapsis.com/archives/linux/mandrake/2005-q1/0140.html
Mandrake > MDKSA-2005:064: libexif
http://archives.neohapsis.com/archives/linux/mandrake/2005-q1/0139.html
Mandrake > MDKSA-2005:065: ImageMagick
http://archives.neohapsis.com/archives/linux/mandrake/2005-q2/0001.html
Mandrake > MDKSA-2005:066: grip
http://archives.neohapsis.com/archives/linux/mandrake/2005-q2/0002.html
SuSE > SUSE-SA:2005:020: ipsec-tools
http://archives.neohapsis.com/archives/vendor/2005-q1/0117.html
____BSD____
FreeBSD > FreeBSD-SA-05:01: telnet
http://archives.neohapsis.com/archives/bugtraq/2005-03/0463.html
--- Advertisement -----------------------------------------------------
Join InformationWeek for a FREE, live TechWebCast on Blade Servers
in Your Data Center. Hear industry experts share their views
on blade server installation strategies, including tips for
predictable, successful deployment.
Tuesday, April 26th, 2005, 9:00 AM PT/11:00 AM CT/12:00 PM ET
--- Sign Off ----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [subscribe_stwupdate.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stwnwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Put Us On Your White List
Don't let an over-eager e-mail filter bounce the Network Computing
Security Threat Watch newsletter! Our address:
NetworkComputingupdate.networkcomputing.com
needs to be in your address book or on your anti-spam white list. Ask your
admin or ISP how to do this, or check your anti-spam utility documentation.
Important subscription contacts:
CMP Media LLC
600 Community Drive
Manhasset, NY 11030
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stwnwc.com).
To unsubscribe from this newsletter, forward this message to
[unsubscribe_stwupdate.networkcomputing.com].
Copyright (c) 2005 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (infoneohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]