Adobe

Adobe Acrobat 6.01 and 6.02; Adobe Reader 6.01 and 6.02

A vulnerability exists which can be exploited by malicious people to
disclose sensitive information. This is because embedded Macromedia flash
files are executed in a local context.

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Best Software

SalesLogix 6

Multiple vulnerabilities were reported in which a remote malicious user
can gain administrative access on the application. A remote user can
inject SQL commands, determine the installation path, determine passwords,
and upload arbitrary files.

The vendor has issued a fix, available at: href="http://support.saleslogix.com/">http://support.saleslogix.com/

Proofs of Concept exploits have been published.

Cisco Systems

Access Control Server Solution Engine, Secure Access Control Server 3.2
(3), 3.2 (2), 3.2, Secure ACS for Windows Server 3.2

Workaround and patches available at: href="http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml">http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml

Cisco has released an updated advisory that contains workaround
details and updates to address these issues.

There is no exploit code required.

Cisco Security Advisory, 61603, August 25, 2004

Cisco Security Advisory, 61603, Revision 1.2, October 4, 2004

CyberStrong

eShop 4.6

An input verification vulnerability exists which can be exploited by
malicious people to conduct Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Digicraft Software

Yak! 2.1.2

An input verification vulnerability exists in the built-in FTP server,
which may allow a remote malicious user to upload arbitrary code anywhere
on the system.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

DmxReady

Dmxready Site Chassis Manager

Input verification vulnerabilities exist which can be exploited by
malicious people to conduct Cross-Site Scripting and SQL injection
attacks.

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Ideal Science

IdealBB Multiple 0.1.5.3

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

MailEnable

MailEnable Professional 1.x

Two unspecified vulnerabilities have been reported which potentially
can be exploited by malicious people to cause a Denial of Service.

Update to version 1.5e available at: href="http://www.mailenable.com/download.html">http://www.mailenable.com/download.html

We are not aware of any exploits for this vulnerability.

Mavel d.o.o. Software Company

ShixxNote 6.net

A buffer overflow vulnerability exists that could permit a remote
malicious user to execute arbitrary code on the target system. It is
reported that a remote user can supply a specially crafted value for the
field that specifies the font.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Cabarc

An input validation vulnerability was reported in Microsoft Cabarc
which could allow a remote malicious user to create or overwrite arbitrary
files on the target user's system.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Internet Explorer

A security vulnerability was reported that may allow a malicious user
to spoof a user's homepage website.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

asycpict.dll in Windows (Me), Windows (NT), Windows (95), Windows (98),
Windows (2000), Windows (2003), Windows (XP)

A vulnerability was reported in 'asycpict.dll' in the processing of
JPEG images in which a remote malicious user can cause a target user's
system to crash.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Microsoft Office Visio 2002 Viewer
Microsoft Office PowerPoint 2003
Viewer
Microsoft Office Visio 2003 Viewer

A vulnerability has been discovered in three Microsoft
Office
Viewers, which can be exploited by malicious people to
compromise a user's system.

Install the latest versions of the viewers available at: href="http://www.microsoft.com/downloads/">http://www.microsoft.com/downloads/

We are not aware of any exploits for this vulnerability.

Microsoft PowerPoint / Visio Viewer JPEG Processing Buffer
Overflow

Secunia Advisory
SA12671, October 12,2004

Microsoft

Windows 2003

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Microsoft

Windows 2003

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Microsoft

Windows XP Home SP2
Windows XP Media Center Edition SP2
Windows
XP Professional SP2

A default configuration vulnerability exists that may allow malicious
users to create a listening port to provide remote access to a vulnerable
computer. This is due to a weakness in the Internet Connection Firewall
(ICF).

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition,
Windows NT Server 4.0 Terminal Server Edition; Avaya DefinityOne
Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS)
2.0,
S3400 Message Application Server,
S8100 Media Servers

An information disclosure and Denial of Service vulnerability exists
when the RPC Runtime Library processes specially crafted messages. A
malicious user who successfully exploited this vulnerability could
potentially read portions of active memory or cause the affected system to
stop responding.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-029.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-029.mspx

Avaya: Customers are advised to follow Microsoft's guidance for
applying patches.
Please see the referenced Avaya advisory at the
following location for further details:
href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?temp.groupID=
128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState=
askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&executeTransaction=
avaya.css.UsageUpdate()

We are not aware of any exploits for these vulnerabilities.

Microsoft RPC Runtime Library Information Disclosure &
Denial of Service

CVE Name: href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0569">CAN-2004-0569

Microsoft Security Bulletin MS04-029, October 12, 2004

US-CERT Cyber Security Alert SA04-286A, October 12, 2004

SecurityFocus, October 18, 2004

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise
Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000
Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server,
Windows 2000 Professional, Windows XP Home Edition, Windows XP
Professional, Windows Server 2003 Enterprise Edition, Windows Server 2003
Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003
Datacenter Edition, Windows 98, Windows 98 SE, Windows ME

A Shell vulnerability and Program Group vulnerability exists in
Microsoft Windows. These vulnerabilities could allow remote code
execution.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx

We are not aware of any exploits for these vulnerabilities.

Microsoft

Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise
Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web
Edition, Exchange Server 2003

A remote code execution vulnerability exists in the Windows Server 2003
SMTP component because of the way that it handles Domain Name System (DNS)
lookups. A malicious user could exploit the vulnerability by causing the
server to process a particular DNS response that could potentially allow
remote code execution. The vulnerability also exists in the Microsoft
Exchange Server 2003 Routing Engine component when installed on Microsoft
Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack
4.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx

We are not aware of any exploits for this vulnerability.

Microsoft

Internet Explorer 5.01, Internet Explorer 6, Internet
Explorer 6.0 for Windows Server 2003, Internet Explorer 6.0 for Windows XP
Service Pack 2, Windows 98, Windows 98 SE, Windows ME, Internet Explorer
5.5; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular
Messaging (MSS) 1.1, (MSS) 2.0,
S3400 Message Application
Server,
S8100 Media Servers

Multiple vulnerabilities are corrected with Microsoft Security Update
MS04-038. These vulnerabilities include: Cascading Style Sheets (CSS) Heap
Memory Corruption Vulnerability; Similar Method Name Redirection Cross
Domain Vulnerability; Install Engine Vulnerability; Drag and Drop
Vulnerability; Address Bar Spoofing on Double Byte Character Set Locale
Vulnerability; Plug-in Navigation Address Bar Spoofing Vulnerability;
Script in Image Tag File Download Vulnerability; SSL Caching
Vulnerability. These vulnerabilities could allow remote code execution.

A vulnerability exists in the Microsoft MSN 'heartbeat.ocx'
component, used by Internet Explorer on some MSN gaming sites

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx

Avaya: Customers are advised to follow Microsoft's guidance for
applying patches. Please see the referenced Avaya advisory at the
following location for further details:
href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?temp.groupID=
128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState
=askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&execute
Transaction=avaya.css.UsageUpdate()

We are not aware of any exploits for these vulnerabilities.

Microsoft Internet Explorer Security Update

CVE Names:

href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0842">CAN-2004-0842
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0727">CAN-2004-0727
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0216">CAN-2004-0216
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0839">CAN-2004-0839
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0844">CAN-2004-0844
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0843">CAN-2004-0843
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0841">CAN-2004-0841
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0845">CAN-2004-0845

Microsoft Security Bulletin MS04-038, October 12, 2004

US-CERT Cyber Security Alert SA04-286A, October 12, 2004

US-CERT Vulnerability Notes VU#637760, October 13, 2004,
VU#625616, October 15, 2004, VU#431576, VU#630720, & VU#291304,
October 18, 2004, VU#673134 & VU#795720, October 19, 2004

SecurityFocus, October 18, 2004

Microsoft

Office 2000, Excel 2000, Office XP, Excel 2002, Office 2001 for
Macintosh, Office v. X for Macintosh

A remote code execution vulnerability exists in Excel. If a user is
logged on with administrative privileges, a malicious user who
successfully exploited this vulnerability could take complete control of
the affected system.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx">http://www.microsoft.com/technet/
security/bulletin/MS04-033.mspx

We are not aware of any exploits for this vulnerability.

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition,
Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced
Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows
2000 Server, Windows XP Home Edition, Windows XP Professional, Windows
Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition,
Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition,
Windows 98, Windows 98 SE, Windows ME; Avaya DefinityOne Media
Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0,

S3400 Message Application Server,
S8100 Media Servers

A remote code execution vulnerability exists in the NetDDE services
because of an unchecked buffer. A malicious user who successfully
exploited this vulnerability could take complete control of an affected
system. However, the NetDDE services are not started by default and would
have to be manually started for an attacker to attempt to remotely exploit
this vulnerability. This vulnerability could also be used to attempt to
perform a local elevation of privileges or remote Denial of Service.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-031.mspx">http://www.microsoft.com/technet/
security/bulletin/MS04-031.mspx

Avaya: Customers are advised to follow Microsoft's guidance for
applying patches. Please see the referenced Avaya advisory at the
following location for further details:
href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?temp.groupID=
128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState
=askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&execute
Transaction=avaya.css.UsageUpdate()

We are not aware of any exploits for this vulnerability.

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition,
Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000
Server, Windows Server 2003 Datacenter Edition, Windows Server 2003
Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server
2003 Web Edition, Exchange 2000 Server, Exchange Server 2003;
Avaya DefinityOne Media Servers, IP600 Media Servers, Modular
Messaging (MSS) 1.1, (MSS) 2.0,
S3400 Message Application
Server,
S8100 Media Servers

A remote code execution vulnerability exists within the Network News
Transfer Protocol (NNTP) component of the affected operating systems,
which could let a remote malicious user execute arbitrary code. This
vulnerability could potentially affect systems that do not use NNTP.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx

Avaya: Customers are advised to follow Microsoft's guidance for
applying patches. Please see the referenced Avaya advisory at the
following location for further details:
href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?temp.groupID=
128450&temp.selectedFamily=128451&temp.selectedProduct=
154235&temp.selectedBucket=126655&temp.feedbackState
=askForFeedback&temp.documentID=203487&PAGE=
avaya.css.CSSLvl1Detail&execute
Transaction=avaya.css.UsageUpdate()

We are not aware of any exploits for this vulnerability.

Microsoft

Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition,
Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced
Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows
2000 Server, Windows XP Home Edition, Windows XP Professional, Windows
Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition,
Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition,
Windows 98, Windows 98 SE, Windows ME

Multiple vulnerabilities are corrected with Microsoft Security Update
MS04-032. These vulnerabilities include: Window Management Vulnerability,
Virtual DOS Machine Vulnerability, Graphics Rendering Engine
Vulnerability, Windows Kernel Vulnerability. These vulnerabilities could
permit elevation of privilege, remote code execution, and Denial of
Service.

A vulnerability exists in the Windows SetWindowLong and
SetWindowLongPtr API function calls. In some cases this can be exploited
to gain execution control.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx

We are not aware of any exploits for these vulnerabilities.

Microsoft

Windows XP Home Edition, XP Professional, Windows Server 2003
Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server
2003 Standard Edition, Windows Server 2003 Web Edition

A remote code execution vulnerability exists in Compressed (zipped)
Folders because of an unchecked buffer in the way that it handles
specially crafted compressed files. A malicious user could exploit the
vulnerability by constructing a malicious compressed file that could
potentially allow remote code execution if a user visited a malicious web
site.

Updates available at: href="http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx">http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx

We are not aware of any exploits for this vulnerability.

Multiple Vendors

McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV

Remote exploitation of an exceptional condition error in multiple
vendors' anti-virus software allows malicious users to bypass security
protections by evading virus detection. The problem specifically exists in
the parsing of .zip archive headers. This vulnerability affects multiple
anti-virus vendors including McAfee, Computer Associates, Kaspersky,
Sophos, Eset and RAV.

Instructions for vendor fixes available at: href="http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true">http://www.idefense.com/application/poi/display?id
=153&type=vulnerabilities&flashstatus=true

Proofs of Concept exploits have been published.

NatterChat

NatterChat 1.12

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Pinnacle Systems

ShowCenter v1.51 build 121

A vulnerability exists which can be exploited by malicious people to
conduct Cross-Site Scripting attacks. Invalid input passed to the 'Skin'
parameter in 'SettingsBase.php' isn't validated before being returned to
the user in a error page.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Secunia Advisory ID, SA12613, October 14, 2004

SunGard

SCT Campus Pipeline

An input validation vulnerability exists that could allow a remote
malicious user to conduct Cross-Site Scripting attacks. The
'/cp/render.UserLayoutRootNode.uP' script does not properly validate
user-supplied input in the 'utf' parameter.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Symantec

Norton Internet Security 2004
Norton Internet Security 2004
Professional
Symantec Norton AntiVirus 2004

A vulnerability exists which can be exploited by malicious, local users
to disable the auto-protection. The vulnerability is caused due to an
error in the auto-protection functionality when dealing with certain
Visual Basic scripts.

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

viksoe.dk

GMail Drive

A vulnerability exists in which a local malicious user could determine
the GMail account name and can access the GMail account.

No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Apache Software Foundation

Apache 2.0.35-2.0.52

A vulnerability exists when the 'SSLCipherSuite' directive is used in a
directory or location context to require a restricted set of cipher
suites, which could let a remote malicious user bypass security policies
and obtain sensitive information.

OpenPKG: href="ftp://ftp.openpkg.org/release/">ftp://ftp.openpkg.org/release/

There is no exploit code required.

Apache Software Foundation
Conectiva
Gentoo

HP
Immunix
Mandrake OpenBSD
OpenPKG
RedHat

SGI
Trustix

Apache 1.3.26‑1.3.29, 1.3.31;
OpenBSD ?current, 3.4, 3.5

Patches available at: href="http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=108687304202140&q=p3">http://marc.theaimsgroup.com/?l=apache-httpd-
dev&m=108687304202140&q=p3

OpenBSD: href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/">ftp://ftp.openbsd.org/pub/OpenBSD/patches/

OpenPKG: href="ftp://ftp.openpkg.org/release/2.0/UPD/apache-1.3.29-2.0.3.src.rpm">ftp://ftp.openpkg.org/release/2.0/UPD/apache-1.3.29-2.0.3.src.rpm

Gentoo: href="http://security.gentoo.org/glsa/glsa-200406-16.xml">http://security.gentoo.org/glsa/glsa-200406-16.xml

Mandrake: href="http://www.mandrakesoft.com/security/advisories">http://www.mandrakesoft.com/security/advisories

SGI: href="ftp://patches.sgi.com/support/free/security/">ftp://patches.sgi.com/support/free/security/

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this
vulnerability.

SecurityTracker Alert, 1010462, June 10, 2004

Gentoo Linux Security Advisory, GLSA 200406-16, June 22, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:065, June 29,
2004

OpenPKG Security Advisory, OpenPKG-SA-2004.029, June 11, 2004

SGI Security Advisory, 20040605-01-U, June 21, 2004

Fedora Legacy Update Advisory, FLSA:1737, October 14, 2004

US-Cert Vulnerability Note VU#541310, October 19, 2004

Apache Software
Foundation
Gentoo
Mandrake
OpenBSD

OpenPKG
RedHat
SGI
Tinysofa
Trustix

Apache 1.3-2.0.49

A stack-based buffer overflow has been reported in the Apache mod_ssl
module. This issue would most likely result in a Denial of Service if
triggered, but could theoretically allow for execution of arbitrary code.
The issue is not believed to be exploitable to execute arbitrary code on
x86 architectures, though this may not be the case with other
architectures.

Patch available at: href="http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.105&r2=1.106">
http://cvs.apache.org/viewcvs.cgi/httpd-
2.0/modules/ssl/ssl_engine_kernel.c?r1=1.105&r2=1.106

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php ">http://www.mandrakesecure.net/en/ftp.php

OpenPKG: ftp://ftp.openpkg.org

Tinysofa: href="http://www.tinysofa.org/support/errata/2004/008.html">http://www.tinysofa.org/support/errata/2004/008.html

Trustix: href="http://http.trustix.org/pub/trustix/updates/">http://http.trustix.org/pub/trustix/updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200406-05.xml">http://security.gentoo.org/glsa/glsa-200406-05.xml

OpenBSD: href="http://www.openbsd.org/errata.html">http://www.openbsd.org/errata.html

SGI: href="ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/">ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/

Apple: href="http://www.apple.com/support/security/security_updates.html">http://www.apple.com/support/security/security_updates.html

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

Currently we are not aware of any exploits for this
vulnerability.

Security Focus, May 17, 2004

Gentoo Linux Security Advisory, GLSA 200406-05, June 9, 2004

Mandrakelinux Security Update Advisories, MDKSA-2004:054 & 055,
June 1. 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.026, May 27, 2004

RedHat Security Advisory, RHSA-2004:342-10, July 6, 2004

SGI Security Advisory, 20040605-01-U, June 21, 2004

Tinysofa Security Advisory, TSSA-2004-008, June 2, 2004

Trustix Security Advisory, TSLSA-2004-0031, June 2, 2004

Fedora Legacy Update Advisory, FLSA:1888, October 14, 2004

Carnegie Mellon University

Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18

Several vulnerabilities exist: a buffer overflow vulnerability exists
in 'digestmda5.c,' which could let a remote malicious user execute
arbitrary code; and an input validation vulnerability exists in the
'SASL_PATH' environment variable, which could let a malicious user execute
arbitrary code.

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ ">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-05.xml">http://security.gentoo.org/glsa/glsa-200410-05.xml

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-546.html">http://rhn.redhat.com/errata/RHSA-2004-546.html

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

Debian: href="http://security.debian.org/pool/updates/main/c/cyrus-sasl/">http://security.debian.org/pool/updates/main/c/cyrus-sasl/

We are not aware of any exploits for this vulnerability.

SecurityTracker Alert ID: 1011568, October 7, 2004

Debian Security Advisories DSA 563-2, 563-3, & 568-1,
October 12 , 14, & 16, 2004

cPanel, Inc.

cPanel 9.4.1-RELEASE-64; 9.9.1-RELEASE-3

No workaround or patch available at time of
publishing.

Proofs of Concept exploits have been published.

Federico David Sacerdoti

Ansel 1.2, 1.3, 1.4, 2.0

A vulnerability exists due to insecure default permissions when picture
albums are created, which could let a remote malicious user obtain
unauthorized access.

Upgrade available at:
href="http://freshmeat.net/redir/ansel/16337/url_tgz/ansel-2.1.tar.gz">http://freshmeat.net/redir/ansel/16337/url_tgz/ansel-2.1.tar.gz

There is no exploit code required.

gnofract4d.
sourceforge.net

Gnofract 4D prior to 2.2

A vulnerability exists due to an error in the handling of '.fct'
parameter files, which could let a remote malicious user execute arbitrary
Phyton code.

Update available at: href=" http://gnofract4d.sourceforge.net/download.html">http://gnofract4d.sourceforge.net/download.html

We are not aware of any exploits for this vulnerability.

libtiff.org

LibTIFF 3.6.1

Debian:
href="http://security.debian.org/pool/updates/main/t/tiff/">http://security.debian.org/pool/updates/main/t/tiff/

Gentoo: href=" http://security.gentoo.org/glsa/glsa-200410-11.xml">http://security.gentoo.org/glsa/glsa-200410-11.xml

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

OpenPKG:
href="ftp://ftp.openpkg.org/release/">ftp://ftp.openpkg.org/release/

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

Proofs of Concept exploits have been published.

Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004

Fedora Update Notification,
FEDORA-2004-334, October 14, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004

Debian Security Advisory, DSA 567-1, October 15, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15,
2004

Martin Schoenert

Unzoo 4.4

No workaround or patch available at time of
publishing.

We are not aware of any exploits for this vulnerability.

mpg123.de

mpg123 0.x

A buffer overflow vulnerability exists in the 'do_layer2()' function,
which could let a remote malicious user execute arbitrary code.

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-20.xml">http://security.gentoo.org/glsa/glsa-200409-20.xml

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

Debian: href="ttp://security.debian.org/pool/updates/non-free/m/mpg123/">http://security.debian.org/pool/updates/non-free/m/mpg123/

An exploit script has been published.

Securiteam, September 7, 2004

Gentoo Linux Security Advisory, GLSA 200409-20, September 16, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:100, September 22,
2004

Debian Security Advisory, DSA 564-1, October 13, 2004

Mr. S.K.

LHA 1.14

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-323.html">http://rhn.redhat.com/errata/RHSA-2004-323.html

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-13.xml">http://security.gentoo.org/glsa/glsa-200409-13.xml

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

We are not aware of any exploits for these vulnerabilities.

SecurityFocus, September 2, 2004

Fedora Update Notifications
FEDORA-2004-294 & 295, September 8,
2004

Gentoo Linux Security Advisory, GLSA 200409-13, September 8, 2004

Fedora Legacy Update Advisory, FLSA:1833, October 14, 2004

Multiple Vendors

MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30,
3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34,
3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18,
4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0,
2.1

Upgrades available at:
href="http://dev.mysql.com/downloads/mysql/4.0.html ">http://dev.mysql.com/downloads/mysql/4.0.html

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

There is no exploit code required.

Multiple Vendors Conectiva
Clearswift

Debian
F-Secure
Fedora
Gentoo
Mr. S.K.

RARLAB
RedHat
SGI
Slackware
Stalker
WinZip

Mr. S.K. LHA 1.14, 1.15, 1.17; RARLAB WinRar 3.20; RedHat
lha-1.14i-9.i386. rpm; WinZip 9.0; Stalker CGPMcAfee 3.2

Multiple vulnerabilities exist: two buffer overflow vulnerabilities
exist when creating a carefully crafted LHA archive, which could let a
remote malicious user execute arbitrary code; and several Directory
Traversal vulnerabilities exist, which could let a remote malicious user
corrupt/overwrite files in the context of the user who is running the
affected LHA utility.

RedHat: href="ftp://updates.redhat.com/9/en/os/i386/lha-1.14i-9.1.i386.rpm">ftp://updates.redhat.com/9/en/os/i386/lha-1.14i-9.1.i386.rpm

Slackware: href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/pub/slackware/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

Debian: href="http://security.debian.org/pool/updates/non-free/l/lha/">http://security.debian.org/pool/updates/non-free/l/lha/

F-Secure: href="http://www.f-secure.com/security/fsc-2004-1.shtml">http://www.f-secure.com/security/fsc-2004-1.shtml

Fedora: href="http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html">http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html

Gentoo: href="http://security.gentoo.org/glsa/glsa-200405-02.xml">http://security.gentoo.org/glsa/glsa-200405-02.xml

SGI: href="http://www.sgi.com/support/security/">http://www.sgi.com/support/security/

Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/

Proofs of Concept exploits have been published.

Conectiva Linux Security Announcement, CLA-2004:840, May 7, 2004

Debian Security Advisory DSA 515-1 , June 5, 2004

F-Secure Security Bulletin, FSC-2004-1, May 26, 2004

Fedora Update Notification, FEDORA-2004-119, May 11, 2004

Gentoo Linux Security Advisory, GLSA 200405-02, May 9, 2004

Red Hat Security Advisory, RHSA-2004:179-01, April 30, 2004

SGI Security Advisories, 20040602-01-U & 20040603-01-U, June 21,
2004

Slackware Security Advisory, SSA:2004-125-01, May 5, 2004

Fedora Legacy Update Advisory, FLSA:1833, October 14, 2004

Multiple Vendors

Apple Mac OS X 10.2-10.2.8, 10.3 -10.3.5, OS X Server 10.2-10.2.8, 10.3
-10.3.5; Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1,
1.1.4-5,
1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.21

A vulnerability exists in 'error_log' when certain methods of remote
printing are carried out by an authenticated malicious user, which could
disclose user passwords.

Update available at: href="http://www.cups.org/software.php">http://www.cups.org/software.php

Apple:

href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04829&platform=osx&method=sa/SecUpd2004-09-30Jag.dmg ">http://wsidecar.apple.com/cgi-bin/nph-
reg3rdpty1.pl/product=04829&platform=
osx&method=sa/SecUpd2004-09-30Jag.dmg



href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04830&platform=osx&method=sa/SecUpd2004-09-30Pan.dmg ">http://wsidecar.apple.com/cgi-bin/nph-
reg3rdpty1.pl/product=04830&platform=
osx&method=sa/SecUpd2004-09-30Pan.dmg

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"
target=_blank>http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-06.xml">http://security.gentoo.org/glsa/glsa-200410-06.xml

Debian: href="http://security.debian.org/pool/updates/main/c/cupsys/">http://security.debian.org/pool/updates/main/c/cupsys/

There is no exploit code required.

Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004

Fedora Update Notification,
FEDORA-2004-331, October 5, 2004

Gentoo Linux Security Advisory, GLSA 200410-06, October 9, 2004

Debian Security Advisory, DSA 566-1, October 14, 2004

Multiple Vendors

Easy Software Products CUPS 1.1.14-1.1.20; Trustix Secure Enterprise
Linux 2.0, Secure Linux 2.0, 2.1

A Denial of Service vulnerability exists in 'scheduler/dirsvc.c' due to
insufficient validation of UDP datagrams.

Update available at: href=" http://www.cups.org/software.php">http://www.cups.org/software.php

Debian: href=" http://security.debian.org/pool/updates/main/c/cupsys/">http://security.debian.org/pool/updates/main/c/cupsys/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

RedHat: http://rhn.redhat.com/

SuSE: href=" ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

ALTLinux: href="http://altlinux.com/index.php?module=sisyphus&package=cups">http://altlinux.com/index.php?
module=sisyphus&package=cups

Gentoo: href=" http://security.gentoo.org/glsa/glsa-200409-25.xml">http://security.gentoo.org/glsa/glsa-200409-25.xml

Slackware: href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/pub/slackware/

Apple: href="http://www.apple.com/support/security/security_updates.html">http://www.apple.com/support/security/security_updates.html

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/2/

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57646-1&searchclause=">http://sunsolve.sun.com/search/document.do?assetkey=1-26-57646-1&searchclause=

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

Fedora Legacy: href="http://download.fedoralegacy.org/fedora/1/updates/">http://download.fedoralegacy.org/fedora/1/updates/

SCO: href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.15">ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.15

A Proof of Concept exploit has been published.

SecurityTracker Alert ID, 1011283, September 15, 2004

ALTLinux Advisory, September 17, 2004

Gentoo Linux Security Advisory GLSA 200409-25, September 20, 2004

Slackware Security Advisory, SSA:2004-266-01, September 23, 2004

Fedora Update Notification,
FEDORA-2004-275, September 28, 2004

Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004

Sun(sm) Alert Notification, 57646, October 7, 2004

SCO Security Advisory, COSA-2004.15, October 12, 2004

Conectiva Linux Security Announcement, CLA-2004:872, October
14, 2004

Fedora Legacy Update Advisory, FLSA:2072, October 16, 2004

Multiple Vendors

OpenBSD 3.4, 3.5; SuSE Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux
Enterprise Server 9, 8;
X.org X11R6 6.7.0, 6.8;
XFree86 X11R6
3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0,
4.2.1, Errata, 4.3.0

Multiple vulnerabilities exist: a stack overflow exists in
'xpmParseColors()' in 'parse.c' when a specially crafted XPMv1 and XPMv2/3
file is submitted, which could let a remote malicious user execute
arbitrary code; a stack overflow vulnerability exists in the
'ParseAndPutPixels()' function in -create.c' when reading pixel values,
which could let a remote malicious user execute arbitrary code; and an
integer overflow vulnerability exists in the colorTable allocation in
'xpmParseColors()' in 'parse.c,' which could let a remote malicious user
execute arbitrary code.

Debian: href="http://security.debian.org/pool/updates/main/i/imlib/">http://security.debian.org/pool/updates/main/i/imlib/

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php"
target=_blank>http://www.mandrakesecure.net/en/ftp.php

OpenBSD:
href="ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/">ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

X.org: http://x.org/X11R6.8.1/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-34.xml">http://security.gentoo.org/glsa/glsa-200409-34.xml

IBM: href="http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp">http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-478.html">http://rhn.redhat.com/errata/RHSA-2004-478.html

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57652-1&searchclause=">http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57652-1&searchclause=

Proofs of Concept exploits have been published.

X.Org Foundation Security Advisory, September 16, 2004

US-CERT Vulnerability Notes, VU#537878 & VU#882750, September 30,
2004

SecurityFocus, October 4, 2004

Debian Security Advisory, DSA 560-1 & 561-1, October 7 & 11,
2004

Gentoo Linux Security Advisory, GLSA 200410-09, October 9, 2004

Sun(sm) Alert Notification, 57652, October 18, 2004

MySQL AB

MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32,
3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.56,
3.23.58, 4.0.0-4.0.15, 4.0.18, 4.0.20, 4.1 .0-alpha, 4.1 .0-0, 4.1.2
-alpha, 4.1.3 -beta, 4.1.3 -0, 5.0 .0-alpha, 5.0 .0-0

Debian: href=" http://security.debian.org/pool/updates/main/m/mysql/">http://security.debian.org/pool/updates/main/m/mysql/

Trustix: href="http://http.trustix.org/pub/trustix/updates/">http://http.trustix.org/pub/trustix/updates/

We are not aware of any exploits for this vulnerability.

Secunia Advisory,
SA12305, August 20, 2004

Debian Security Advisory, DSA 562-1, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054,
October 15, 2004

MySQL AB

MySQL 4.0.0-4.0.15, 4.0.18, 4.0.20

A remote Denial of Service vulnerability exists in the 'FULLTEXT'
search functionality due to a failure to handle exceptional search input.

Upgrades available at:
href="http://dev.mysql.com/downloads/mysql/4.0.html ">http://dev.mysql.com/downloads/mysql/4.0.html

Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/

There is no exploit code required.

MySQL AB

MySQL 3.x, 4.x

Two vulnerabilities exist: a vulnerability exists due to an error in
'ALTER TABLE ... RENAME' operations because the 'CREATE/INSERT' rights of
old tables are checked, which potentially could let a remote malicious
user bypass security restrictions; and a remote Denial of Service
vulnerability exists when multiple threads issue 'alter' commands against
'merge' tables to modify the 'union.'

Updates available at: href="http://dev.mysql.com/downloads/mysql/">http://dev.mysql.com/downloads/mysql/

Debian: href=" http://security.debian.org/pool/updates/main/m/mysql">http://security.debian.org/pool/updates/main/m/mysql

Trustix: href="http://http.trustix.org/pub/trustix/updates/">http://http.trustix.org/pub/trustix/updates/

We are not aware of any exploits for these vulnerabilities.

Secunia Advisory, SA12783, October 11, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054,
October 15, 2004

phpMyAdmin

phpMyAdmin 2.0-2.0.5, 2.1-2.1.2, 2.2, 2.2 pre1&2, 2.2 rc1-rc3,
2.2.2-2.2.6, 2.3.1, 2.3.2, 2.4 .0, 2.5 .0-2.5.2, 2.5.4, 2.5.5 pl1. 2.5.5
-rc1&rc2, 2.5.5, 2.5.6 -rc1, 2.5.7 pl1, 2.5.7, 2.6.0pl1

Upgrades available at:
href="http://sourceforge.net/project/showfiles.php?group_id=23067&package_id=16462&release_id=274709">http://sourceforge.net/project/showfiles.php?group_id=23067&package
_id=16462&release_id=274709

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-14.xml">http://security.gentoo.org/glsa/glsa-200410-14.xml

There is no exploit code required.

PNG Development
Group
  Conectiva
  Debian
  Fedora
  Gentoo

  Mandrakesoft
  RedHat
  SuSE
  Sun
Solaris
  HP-UX
  GraphicsMagick
  ImageMagick
  Slackware

libpng 1.2.5 and 1.0.15

Multiple vulnerabilities exist in the libpng library
which could allow a remote malicious user to crash or execute arbitrary
code on an affected system. These vulnerabilities include:

• libpng fails to properly check length of transparency chunk (tRNS)
  data,
  
• libpng png_handle_iCCP() NULL pointer dereference,
  
• libpng integer overflow in image height processing,
  
• libpng png_handle_sPLT() integer overflow,
  
• libpng png_handle_sBIT() performs insufficient bounds checking,
  
• libpng contains integer overflows in progressive display image
  reading.

If using original, update to libpng version 1.2.6rc1
(release candidate 1) available at: href="http://www.libpng.org/pub/png/libpng.html">http://www.libpng.org/pub/png/libpng.html

Conectiva: href="http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000856">http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000856

Debian: href="http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00139.html">http://lists.debian.org/debian-security-announce/
debian-security-announce-2004/msg00139.html

Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-03.xml">http://security.gentoo.org/glsa/glsa-200408-03.xml

Mandrakesoft: href="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:079">http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:079

RedHat href="http://rhn.redhat.com/">http://rhn.redhat.com/

SuSE: href="http://www.suse.de/de/security/2004_23_libpng.html">http://www.suse.de/de/security/2004_23_libpng.html

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Sun Solaris: href="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57617">http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57617

HP-UX: href="http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01065">http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01065

GraphicsMagick: href="http://www.graphicsmagick.org/www/download.html ">http://www.graphicsmagick.org/www/download.html

ImageMagick: href="http://www.imagemagick.org/www/download.html">http://www.imagemagick.org/www/download.html

Slackware: href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.439243">http://www.slackware.com/security/viewer.php?l=slackware-
security&y=2004&m=slackware-security.439243

Yahoo: href="http://messenger.yahoo.com/">http://messenger.yahoo.com/

SuSE: href=" ftp://ftp.suse.com/pub/suse">ftp://ftp.suse.com/pub/suse

SCO: href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16">ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16

A Proof of Concept exploit has been published.

US-CERT Technical Cyber Security Alert TA04-217A,
August  4, 2004

US-CERT Vulnerability Notes VU#160448, VU#388984,
VU#817368, VU#236656, VU#477512, VU#286464, August 4, 2004

SUSE Security Announcement, SUSE-SA:2004:035, October
5, 2004

SCO Security Advisory, SCOSA-2004.16,
October 12, 2004

ProFTPd.net

ProFTPd 1.2.8, 1.2.10; possibly other versions

A vulnerability exists due to a time delay difference in the
login
process for existing and non-existing usernames, which could let
a remote malicious user obtain sensitive information.

No workaround or patch available at time of
publishing.

An exploit script has been published.

Samba.org

Samba version 3.0 - 3.0.6

Updates available at: href=" http://samba.org/samba/download/">http://samba.org/samba/download/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-16.xml">http://security.gentoo.org/glsa/glsa-200409-16.xml

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php

OpenPKG: href="ftp://ftp.openpkg.org/release/2.1/UPD/">ftp://ftp.openpkg.org/release/2.1/UPD/

SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/

Trustix: href="http://http.trustix.org/pub/trustix/updates/">http://http.trustix.org/pub/trustix/updates/

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-467.html">http://rhn.redhat.com/errata/RHSA-2004-467.html

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

We are not aware of any exploits for these vulnerabilities.

Securiteam, September 14, 2004

Gentoo Linux Security Advisory, GLSA 200409-16, September 13, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:092, September 13,
2004

Trustix Secure Linux Bugfix Advisory, TSL-2004-0046, September 14, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.040, September 15, 2004

SUSE Security Announcement, SUSE-SA:2004:034, September 17, 2004

RedHat Security Advisory, RHSA-2004:467-08, September 23, 2004

Conectiva Linux Security Announcement, CLA-2004:873, October
14, 2004

sox.sourceforge
.net
  Fedora

  Mandrakesoft
  Gentoo
  Conectiva
  RedHat

Multiple vulnerabilities exist that could allow a remote malicious user
to execute arbitrary code This is due to boundary errors within the
"st_wavstartread()" function when processing ".WAV" file headers and can
be exploited to cause stack-based buffer overflows. Successful
exploitation requires that a user is tricked into playing a malicious
".WAV" file with a large value in a length field.

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Mandrakesoft: href="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:076%20">http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:076

Gentoo: href="http://security.gentoo.org/glsa/glsa-200407-23.xml">http://security.gentoo.org/glsa/glsa-200407-23.xml

Conectiva: href="ftp://atualizacoes.conectiva.com.br">ftp://atualizacoes.conectiva.com.br

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-409.html">http://rhn.redhat.com/errata/RHSA-2004-409.html

Slackware: href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/pub/slackware/

SGI: href="ftp://patches.sgi.com/support/free/security/patches/ProPack/3/">ftp://patches.sgi.com/support/free/security/patches/ProPack/3/

Debian: href="http://security.debian.org/pool/updates/main/s/sox/">http://security.debian.org/pool/updates/main/s/sox/

An exploit script has been published.

Secunia, SA12175, 12176, 12180, July 29, 2004

SecurityTracker Alerts 1010800 and 1010801, July 28/29, 2004

Mandrakesoft Security Advisory MDKSA-2004:076, July 28, 2004

PacketStorm, August 5, 2004

Slackware Security Advisory, SSA:2004-223-03, august 10,
2004

SGI Security Advisory, 20040802-01-U, August 14, 2004

Debian Security Advisory, DSA 565-1, October 13,
2004

Squid-cache.org

Squid 2.5-STABLE6, 3.0-PRE3-20040702; when compiled with SNMP support

A remote Denial of Service vulnerability exists in the
'asn_parse_header()' function in 'snmplib/asn1.c' due to an input
validation error when handling certain negative length fields.

Updates available at: href=" http://www.squid-cache.org/">http://www.squid-cache.org/

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-15.xml">http://security.gentoo.org/glsa/glsa-200410-15.xml

Trustix: href="http://http.trustix.org/pub/trustix/updates/">http://http.trustix.org/pub/trustix/updates/

We are not aware of any exploits for this vulnerability.

iDEFENSE Security Advisory, October 11, 2004

Fedora Update Notification,
FEDORA-2004-338, October 13,
2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0054,
October 15, 2004

Gentoo Linux Security Advisory, GLSA 200410-15, October 18,
2004

Sun Microsystems, Inc.

Solaris 8

A vulnerability exists in the gzip(1) command, which could let a
malicious user access the files of other users that were processed using
gzip.

Workaround and update available at: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1">http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1

We are not aware of any exploits for this vulnerability.

Sun(sm) Alert Notification, 57600, October 1, 2004

US-CERT Vulnerability Note VU#635998, October 18, 2004

Todd Miller

Sudo 1.6.8

A vulnerability exists due to insufficient validation of
symbolic
links when sudoedit ("sudo -u" option) copies temporary files,
which could let a malicious user access the contents of arbitrary files
with superuser privileges.

Upgrade available at:
href="ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.8p1.tar.gz">ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.8p1.tar.gz

There is no exploit code required; however, a Proof of Concept exploit
script has been published.

Secunia Advisory, SA12596, September 20, 2004

US-CERT Vulnerability Note VU#424358, October 19, 2004

WeHelpBUS

WeHelpBUS 0.1

Upgrade available at:
href="http://prdownloads.sourceforge.net/wehelpbus/wehelpbus-0.2.tar.gz?download ">http://prdownloads.sourceforge.net/wehelpbus/wehelpbus-0.2.tar.gz?download

There is no exploit code required.

Yukihiro Matsumoto

Ruby 1.6, 1.8

A vulnerability exists in the CGI session management component due to
the way temporary files are processed, which could let a malicious user
obtain elevated privileges.

Upgrades available at: href="http://security.debian.org/pool/updates/main/r/ruby/">http://security.debian.org/pool/updates/main/r/ruby/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-08.xml">http://security.gentoo.org/glsa/glsa-200409-08.xml

RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-441.html">http://rhn.redhat.com/errata/RHSA-2004-441.html

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

We are not aware of any exploits for this vulnerability.

Ruby CGI Session Management Unsafe Temporary File

CVE Name:
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755">CAN-2004-0755

Debian Security Advisory, DSA 537-1, August 16, 2004

Gentoo Linux Security Advisory, GLSA 200409-08, September 3, 2004

RedHat Security Advisory, RHSA-2004:441-18, September 30, 2004

Fedora Update Notification,
FEDORA-2004-264, October 15,
2004

3Com

OfficeConnect ADSL Wireless 11g Firewall Router 1.13 firmware, 1.23
firmware, 1.24 firmware

Upgrades available at:
href="http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCFR4 ">http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCFR4

Currently, we are not aware of any exploits for this vulnerability.

3Com

3CRADSL72 Wireless Router

A vulnerability exists when a remote malicious user connects to a
certain web page, which could lead to the disclosure of sensitive
information and administrative access.

No workaround or patch available at time of
publishing.

There is no exploit code required; however, Proof of Concept exploit
has been published.

Alivesites

Forum 2.0

Multiple input validation vulnerabilities exist: a Cross-Site Scripting
vulnerability exists due to insufficient sanitization of unspecified
input, which could let a remote malicious user execute arbitrary HTML and
script code; and a Cross-Site Scripting vulnerability exists due to
insufficient sanitization of unspecified input before used in a SQL query,
which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of
publishing.

There is no exploit code required

ASN.1

ASN.1 Compiler 0.9.4

Several vulnerabilities exist: a vulnerability exists in
'OCTET_STRING.c'. when processing ANY type tags; and a vulnerability
exists due to the way CHOICE types are handled when extensions have
indefinite length structures.

Upgrade available at:
href="http://sourceforge.net/project/showfiles.php?group_id=103893&package_id=111693&release_id=274592">http://sourceforge.net/project/showfiles.php?group_id=103893&package
_id=111693&release_id=274592

We are not aware of any exploits for these vulnerabilities.

clientexec.com

ClientExec 2.2.1

No workaround or patch available at time of
publishing.

A Proof of Concept exploit has been published.

cphp.sourceforge.net

CoolPHP Web Portal 1.0 -stable

No workaround or patch available at time of
publishing.

There is no exploit code required; however, Proofs of Concept exploits
have been published.

DevoyBB

DevoyBB Web Forum 1.0

Multiple input validation vulnerabilities exist: a Cross-Site Scripting
vulnerability exists due to insufficient sanitization of unspecified
input, which could let a remote malicious user execute arbitrary HTML and
script code; and a Cross-Site Scripting vulnerability exists due to
insufficient sanitization of unspecified input before used in a SQL query,
which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of
publishing.

There is no exploit code required

Express-Web

Content Management System

A Cross-Site Scripting vulnerability exists due to insufficient
sanitization of unspecified input, which could let a remote malicious user
execute arbitrary HTML and script code.

No workaround or patch available at time of
publishing.

There is no exploit code required

FuseTalk Inc.

FuseTalk 4.0

No workaround or patch available at time of
publishing.

Proof of Concept exploits have been published.

GoSmart Inc.

GoSmart Message Board

Multiple vulnerabilities exist: a vulnerability exists due to
insufficient sanitization of the 'QuestionNumber' and 'Category'
parameters in 'Forum.asp,' and the 'Username' and 'Password' parameters in
'Login_Exec.asp,' which could let a remote malicious user execute
arbitrary SQL code; and a vulnerability exists due to insufficient
sanitization of the 'Category' parameter in 'Forum.asp' and the
'MainMessageID' parameter in 'ReplyToQuestion.asp,' which could let a
remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of
publishing.

There is no exploit code required; however, Proofs of Concept exploits
have been published.

IBM

DB2 Universal Database for AIX 8.0, 8.1, DB2 Universal Database for
HP-UX 8.0, 8.1, DB2 Universal Database for Linux 8.0, 8.1, DB2 Universal
Database for Solaris 8.0, 8.1, DB2 Universal Database for Windows 8.0,
8.1

Patches available at:
href="http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html ">http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html

We are not aware of any exploits for these vulnerabilities.

NGSSoftware Insight Security Research Advisory, October 5, 2004

SecurityFocus, October 13, 2004

Macromedia

JRun 3.0, 3.1, 4.0,

Patches available at:
href="http://www.macromedia.com/support/jrun/updaters.html">http://www.macromedia.com/support/jrun/updaters.html

We are not aware of any exploits for these vulnerabilities.

Macromedia Security Bulletin, MPSB04-08, September 23, 2004

US-CERT Vulnerability Notes VU#977440, VU#584958, &
VU#668206, October 12, 2004, VU#990200, October 14, 2004

Motorola

WR850G 4.0 3 firmware

Upgrade available at:
href="http://broadband.motorola.com/consumers/products/WR850g/downloads/Motorola_WR850G_5.13.exe">http://broadband.motorola.com/consumers/products/
WR850g/downloads/Motorola_WR850G_5.13.exe

There is no exploit code required.

SecurityTracker Alert ID, 1011413, September 26, 2004

SecurityFocus, October 13, 2004

A vulnerability exists due to the way some networking devices store
cookies on a user's system when the 'Secure' attribute is not set, which
could let a remote malicious user obtain sensitive information.

Patches and update information available at: href="http://www.kb.cert.org/vuls/id/546483">http://www.kb.cert.org/vuls/id/546483

We are not aware of an exploit for this vulnerability.

ocportal.com

Ocportal Web Content Management System 1.0-1.0.3

A vulnerability exists in 'index.php' due to insufficient verification
of the 'reg_path' parameter, which could let a remote malicious user
execute arbitrary code.

Upgrades available at:
href="http://ocportal.com/dload.php?id=32 ">http://ocportal.com/dload.php?id=32

There is no exploit code required.

phpWebSite Development Team

phpWebsite 0.7.3, e 0.8.2, 0.8.3, 0.9.3 -4, 0.9.3

Patches available at:
href="http://www.phpwebsite.appstate.edu/downloads/security/phpwebsite-core-security-patch.tar.gz ">http://www.phpwebsite.appstate.edu/downloads/security
/phpwebsite-core-security-patch.tar.gz

There is no exploit code required; however, a Proof of Concept exploit
script has been published.

GulfTech Security Research Security Advisory, August 31, 2004

US-CERT Vulnerability Note VU#925166 & VU#664422, October
19, 2004

Research In Motion Limited

BlackBerry Wireless Handheld 3.7.1.41; Model 7230

A remote Denial of Service vulnerability exists in the 'Location' field
due to a failure to handle meeting request messages with a string larger
than 128KB.

The vulnerability has been fixed in BlackBerry handheld software
version
3.8.

We are not aware of any exploits for this vulnerability.

The BNC Project

BNC 2.2.4, 2.4.6, 2.4.8, 2.6, 2.6.2, 2.8.8

A buffer overflow vulnerability exists due to a flaw when processing
the backspace character, which could let a remote malicious user execute
arbitrary code.

Upgrade available at: href="http://www.gotbnc.com/files/bnc2.8.9.tar.gz ">http://www.gotbnc.com/files/bnc2.8.9.tar.gz

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-13.xml">http://security.gentoo.org/glsa/glsa-200410-13.xml

We are not aware of any exploits for this vulnerability.

SecurityTracker Alert ID, 1011583, October 9, 2004

Gentoo Linux Security Advisory, GLSA 200410-13, October 15,
2004

Thomas Ehrhardt

Powies PSCRIPT Forum 1.26 & prior

Several input validation vulnerabilities exist due to insufficient
sanitization of user-supplied input to the 'logincheck.php,'
'changepass.php,' and 'edituser.php' scripts, which could let a remote
malicious user execute arbitrary SQL code.

No workaround or patch available at time of
publishing.

We are not aware of any exploits for this vulnerability.

Veritas

Veritas Cluster Server 4.0 & prior

A vulnerability exists due to an unspecified error, which could let a
malicious user execute arbitrary code with root privileges.

Update available at: href=" http://seer.support.veritas.com/docs/271040.htm"> href="http://seer.support.veritas.com/docs/">http://seer.support.veritas.com/docs/

We are not aware of any exploits for this vulnerability.

wikipedia.
sourceforge.net

MediaWiki prior to 1.3.6

Multiple vulnerabilities exist: a vulnerability exists due to
insufficient sanitization of input passed in UnicodeConverter extension
and 'raw' page view, which could let a remote malicious user execute
arbitrary HTML and script code; a vulnerability exists due to insufficient
sanitization of input passed to 'Specialblcoklist,' 'SpecialEmailuser,'
'SpecialMaintenance,' and 'ImagePage,' which could let a remote malicious
user execute arbitrary HTML and script code; and a vulnerability exists in
'SpecialMaintenance' due to insufficient verification, which could let a
remote malicious user manipulate SQL queries.

Updates available at: href=" http://sourceforge.net/project/showfiles.php?group_id=34373">http://sourceforge.net/project/showfiles.php?group_id=34373

We are not aware of any exploits for these vulnerabilities.

WordPress

WordPress 1.2

Multiple Cross-Site Scripting vulnerabilities exist due to insufficient
verification of user-supplied input passed to certain parameters in
various scripts, which could let a remote malicious user execute arbitrary
HTML and script code.

Upgrade available at: href="http://wordpress.org/latest.tar.gz">http://wordpress.org/latest.tar.gz

Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-12.xml">http://security.gentoo.org/glsa/glsa-200410-12.xml

There is no exploit code required; however, Proofs of Concept exploits
have been published.

Bugtraq, September 27, 2004

Secunia Advisory, SA12773, October 11, 2004

Gentoo Linux Security Advisory, GLSA 200410-12, October 14,
2004

Multiple input validation vulnerabilities exist: a Cross-Site Scripting
vulnerability exists due to insufficient sanitization of unspecified
input, which could let a remote malicious user execute arbitrary HTML and
script code; and a Cross-Site Scripting vulnerability exists due to
insufficient sanitization of unspecified input before used in a SQL query,
which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of
publishing.

There is no exploit code required

yahoopops.sourceforge.
net

YPOPs! 0.x

Several buffer overflow vulnerabilities exist in the POP3 and SMTP
services, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of
publishing.

Proofs of Concept exploit scripts have been published.

Hat-Squad Advisory, September 27, 2004

SecurityFocus, October 18, 2004

yapig.sourceforge.net

YaPiG prior to 0.92.2b

A Cross-Site Scripting vulnerability exists due to insufficient
sanitization of user-supplied input, which could let a remote malicious
user execute arbitrary HTML and script code.

Update available at: href="http://sourceforge.net/project/shownotes.php?release_id=275720">http://sourceforge.net/project/shownotes.php?release_id=275720

A Proof of Concept exploit has been published.