Last Security News

[shakhe.bizhat.com]

March 16, 2005 - IBM has reported, at
http://www-1.ibm.com/support/docview...id=swg21199839 , a
vulnerability in WebSphere Commerce, which could allow a remote attacke
to obtain confidential information.

Under certain circumstances, the cache entry for a product or category
display page can become linked to a form showing private information.

This flaw is confirmed in WebSphere Commerce versions 5.5, 5.6 and
5.6.0.1. The company recommends applying WebSphere Commerce fix pack
5.6.0.2 or later, which is available at:
http://www-1.ibm.com/support/docview...id=swg21173312 . For
systems with WebSphere Commerce 5.5, IBM offers the update APAR IY60949.
================================
[ shakhe.bizhat.com ]

[shakhe.bizhat.com]

March 18 2005 - Security Tracker has announced, at
http://www.securitytracker.com/alert...r/1013460.html , a
vulnerability in NetWare affecting the xvesa code, which could allow
remote users access to Xwindows sessions without authentication.

A remote user could invoke a specific type of URL to cause the system to
redirect to the active Graphic User Interface on the target system. The
user could access this interface without authenticating. Then, the
remote user could run the server console applet and access the server
console.

Novell has released a fix for NetWare 6.5 SP2. The original Novell
advisory is available at:
http://support.novell.com/cgi-bin/se...i?/2971038.htm

[shakhe.bizhat.com]

hi
March 17 2005 -
in the Linux kernel -in the PPP driver-, that could allow a remote
attacker to launch denial of service attack.
http://securitytracker.com/alerts/2005/Mar/1013437.html , a vulnerability
PPP (point-to-point protocol), is used to connect computers to the
Internet across a standard telephone line. A remote attacker could send
a specially crafted PPP packet to cause the system to crash.

A fix for the Linux kernel (2.6.11.4) is available at http://kernel.org/

[shakhe.bizhat.com]

hi all
13, 2005 -
Four worms :
-the B and C variants of Kelvir, Fatso.A and Sober.O-
and two Trojans:
-Ruzes.A and Downloader.BBN

The first three worms -Kelvir.B, Kelvir.C and Fatso.A- are designed to spread rapidly via the application MSN Messenger. These worms
reach computers in a message that includes a link to an Internet address. If the user access this link, files containing the code of these worms will be downloaded and installed on the computer.
Kelvir.B and Kelvir.C carry out various actions in the computers that they
infect, including the following:

- Send messages to the entries in the contacts in MSN Messenger.

- Download several variants of the Gaobot or Sdbot Trojans from a web page, which allow a hacker to gain remote control of the affected computer through IRC chat channels.

Fatso.A spreads through the instant messaging application MSN Messenger and via peer-to-peer (P2P) file sharing programs. When it infects a computer, it ends the processes belonging to various security tools, such as antivirus programs and firewalls, leaving the computer vulnerable to other malware.
Fatso.A also modifies the system configuration so that it is automatically
copied to all the CD-ROMs recorded on the computer.
A curious detail about Fatso.A is that it continues the cyber-war between
virus authors that started with the appearance of the Assiral.A worm, and
which displayed a text attacking the Bropia worms. In response, Fatso.A
creates a file called "Message to n00b LARISSA.txt" on affected systems,
which contains an unfriendly message for the author of Assiral, signed by
someone called Skydevil.
The fourth worm is Sober.O, which spreads via email in a message that can be written in German -if the extension of the mail domain is one of the following: de (German), ch (Switzerland), at (Austria) or li
(Liechtenstein)-, or in English. When it infects a computer, Sober.O looks for email addresses in files with certain extensions. Then, Sober.O sends itself out using its own SMTP engine. What's more, when it is run, Sober.O opens Notepad and displays a text on screen.
---------
The first of the two Trojans is Ruzes.A, which collects email address from the files it finds on the affected computer with certain extensions. Then, it sends these addresses to an Internet address.
Ruzes.A is being downloaded by Downloader.BBN, another Trojan that appeared recently, which is very similar to the other variants in the family it belongs to.

-----------------------------------------------------------------------------------
[ shakhe.bizhat.com ]

[shakhe.bizhat.com]

Watch out for files sent in IM—they could be viruses in disguise

Instant messaging, commonly referred to as IM, is a method of online communication like e-mail. The main difference, as the name suggests, is that IM is instantaneous. Using an IM program—such as MSN Messenger, Windows Messenger, AOL Instant Messenger, Yahoo Messenger, or others—you and a friend can type messages to each other and see the messages almost immediately.
Because IM has become so popular, virus writers are using it to spread malicious programs. Read on to find out how to avoid getting or spreading a virus when you use IM.
Understanding instant message viruses
Like e-mail viruses, instant message viruses are malicious or annoying programs that are designed to travel through IM. In most cases these viruses are spread when a person opens an infected file that was sent in an instant message that appeared to come from a friend.
The following is an example of what an IM virus sent through an infected file might look like:


5 steps to help avoid instant message viruses
As with most threats on the Internet, you can help keep yourself safe by taking basic precautions. If you know how to avoid e-mail viruses, you'll already be familiar with many of these steps.

1.
Be careful downloading files in IM. Never open, accept, or download a file in IM from someone you don't know. If the file comes from someone you do know, don't open it unless you know what the file is and you were expecting it. Contact the sender by e-mail, phone, or some other method to confirm that what they sent was not a virus.

2.
Update your Windows software. Visit Windows Update to scan your computer and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. For more information, visit the Protect Your PC site.

3.
Make sure you're using an updated version of your IM software. Using the most up-to-date version of your IM software can better protect your computer against viruses and spyware. If you're using MSN Messenger, install the updated version by visiting the MSN Messenger Web site and clicking the Download Now! button.

4.
Use antivirus software and keep it updated. Antivirus software can help to detect and remove IM viruses from your computer, but only if you keep the antivirus software current. If you've purchased a subscription from an antivirus software company, your antivirus software may update itself when you're connected to the Internet.

5.
Use anti-spyware software and keep it updated. Some IM viruses may install spyware or other unwanted software on your computer. Anti-spyware software can help to protect your computer from spyware and remove any spyware you may already have. If you don't have anti-spyware software, you can download the new Microsoft Windows AntiSpyware (Beta) or another spyware removal tool.

source:microsoft
========================================
[ shakhe.bizhat.com ]

[shakhe.bizhat.com]

The FBI is warning users about a fraudulent email making the rounds this week. The latest version of Email-Worm.Win32.Sober arrives in a variety of letters in German and English targeted into tricking users into opening the attachments.

Sober.k carries a complete set of tools, enabling it to spread effectively. Texts are written in either English or German, with the choice of language depending on the domain suffix. The worm contains a number of different texts, ranging from a warning about possible criminal proceedings from the FBI to a purported patch from Microsoft.

In this case, the FBI letters upset a number of people, since the letter seemed to accuse them of committing cyber crimes: “we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached.”

While social engineering tactics have been used successfully by virus writers for years, many users still get confused by new versions. It is important to remember that today, no reputable company, organization or government body will ask you to reveal personal data or send important documents in unsolicited emails.

The rule of thumb is, if you didn't contact them, it is 99.99% certain that they wouldn't choose these methods to contact you. Therefore, do NOT click on an attachment, or follow a link from an e-mail, unless you were expecting it: even if the source looks innocent, it is most likely a threat.

source:viruslist

[shakhe.bizhat.com]

Phishing defined
Phishing [a deliberate misspelling of the word 'fishing'] is a specific form of cyber crime. Phishing tricks computer users into disclosing personal details such as usernames, passwords, PIN numbers, credit card numbers etc, which are linked to bank accounts or on-line shopping accounts. These details are then used to steal money. So phishing is fraud: first your personal information and then your money...

Phishing and social engineering
Phishers rely heavily on social engineering techniques. The term social engineering normally refers to the use of sociological methods to influence a large group of people.. In computer security, the term refers to methods employed by virus writers to trick users into disclosing information and causing a security breach.

For instance, social engineering is commonly employed by virus writers to trick users into running malicious code. This can be done by attaching a virus or worm to a seemingly innocent/standard email message. LoveLetter, for example, arrived as an email headed 'I LOVE YOU' - who wouldn't like to receive a love letter? The message itself said "Kindly check the attached LOVELETTER coming from me". The attachment had a double extension [LOVE-LETTER-FOR-YOU.TXT.vbs]. By default, Windows does not display the second [real] extension, which might alert users to the fact that the attachment contained malicious code. This double extension trick has been used by lots of viruses and worms during the last five years.
Another social engineering technique is using an email that offers something desirable. Swen, for example, masqueraded as a cumulative Microsoft patch. In this case, the goal is to exploit users' growing awareness of computer security and the need to patch systems to avoid Internet worms. Other social engineering tricks include ICQ messages with links to infected Web pages.
Phishing in focus
Basic phishing techniques
The phisher first creates a web site which is almost identical to the site of the financial institution being targeted. The criminal then goes 'phishing', spamming an email that imitates an email from the bank or credit card company itself.

Phishers typically use genuine logos, good business style and may even include the names of real employees from the financial institution's senior management. They also spoof the header of the email to make it look legitimate: it's not difficult to send an e-mail and make look like it has come from a different sender. Usually, emails say that the bank has changed its IT structure, and customers therefore need to confirm their user information. Occasionally, the letters cite network failure, or a hacker attack, as the reason why personal data should be resubmitted.

Phishing emails have one thing in common: they're the bait used to try and lure customers into clicking on the link included in the email. The link takes the user directly to the specially constructed site. If the luckless fish swallows the bait, and completes the form with the personal information requested - the phisher now has access to the victim's bank, credit card, or on-line shopping account.

Typical phisher targets
As you'd expect, phishers target organizations that handle high volume financial transactions online. In the last 18 months, customers of nearly all major banks (Barclays, Citibank, Halifax, HSBC, Lloyds TSB and MBNA, NatWest) have all been targeted by phishers. However, it's not only banking customers who are at risk - amazon.com, AOL, BestBuy, eBay, MSN, PayPal and Yahoo have all been targeted by phishing scams.

In any single phishing scam, only a small proportion of recipients will be customers of the spoofed bank or other organization, and only a small proportion of them will 'take the bait'. However, phishing messages are spammed - such large volumes of fake messages are sent that even a low response will harvest enough data to make the scam worthwhile.

Financial losses
Phishers are playing for high stakes. Estimates of losses caused by phishing vary - search online and you can find figures ranging from $400 million to $2.4 billion. However, one fact is clear: the number of phishing attacks, and the associated costs, are increasing. Between July 2004 through to November 2004, there was a 34% month-on-month growth in the number of new, unique phishing e-mail messages; and a 28% month-on-month growth in the number of unique fraudulent web sites [figures taken from the Phishing Activity Trends Report – November 2004, Anti-Phishing Working Group].


Indirect losses
The problem doesn't necessarily end with direct financial losses experienced by the victims and the financial institutions. Some phishers also place exploits for Microsoft Internet Explorer [IE] vulnerabilities on their sites. When the victim views the fake site, the exploit uploads a Trojan to their computer. As a result, not only is the user's banking information harvested, but their machines become part of a network of zombie machines. This network may be used for other malicious activities: as part of a DDoS [Distributed Denial of Service] attack designed to extort money from a victim organization, for use as a spamming platform, or to spread a virus or worm.

Not bad for a day's phishing!

It's hardly surprising that phishing has attracted a lot of media attention during the last year or so. Responsible financial institutions now inform their customers of the potential dangers. Users are becoming increasingly wary. So phishers are looking for more sophisticated ways of luring users into giving up their personal information.

The latest phishing techniques
Some phishers make use of vulnerabilities [or unwanted features] to make their scams less obvious. An Internet Explorer [IE] vulnerability documented by Microsoft in late 2003 allows phishers to create fake sites that not only have the look-and-feel of a legitimate site, but also display the URL of a genuine site. When the user clicks on the link in the phisher's email, the web browser displays content from the fake web site, but the URL in the browser window is that of the genuine bank. This vulnerability is explained on the Microsoft web site, together with tips on how to identify spoofed web sites.

Moreover, phishers have found a way to direct users to fake sites without getting them to click on a link. This is because it's possible to embed script instructions [including exploit instructions] within HTML that will execute automatically when the email is read.

In November 2004, phishers sent HTML emails containing scripted instructions to edit the hosts file on the victim's machine. As a result, when the user next directed their browser to their bank's web site, it was automatically re-directed to a fraudulent site, where any input could be captured. The user hadn't clicked on a link, and had no reason to think there was anything different about the way the bank site was accessed. Yet the user still fell victim to the phishers. This is one more reason for using plain text email, rather than HTML, and for disabling scripting on your machine.

Avoiding phishers
The following provides some general guidelines on how to minimize the risk of getting hooked by phishers.

Be very wary of any email asking for personal information. It's highly unlikely that your bank will request such information by email. If in doubt, call them to check!
Don't use links in an email message to load a web page. Instead, type the URL into your web browser.
Don't complete a form in an email asking for personal information. Only submit such information via a secure web site. Check that the URL starts with 'https://', rather than just 'http://'. If you're using IE, look for the lock symbol in the right of the status bar and double-click it to check the validity of the digital certificate. Or, alternatively, use the telephone to transact your business.
Consider installing a web browser tool bar that alerts you to known phishing attacks.
Think about using plain text in your emails, rather than HTML. It may not look as nice, but it's a lot safer
Check your bank accounts regularly [including debit and credit cards, bank statements, etc.], to make sure that listed transactions are legitimate.
Make sure that you use the latest version of your web browser and that all necessary patches have been installed.
Immediately report anything suspicious to your bank or credit card provider.

Source:
Anti-Phishing Working Group

[shakhe.bizhat.com]

hi
March 20, 2005
three worms:
Tobecho.A, Mytob.E; and Elitper.D.

Tobecho.A is a worm with some backdoor Trojan characteristics, as it istens for remote instructions through a TCP/IP port. These can be instructions to restart the system, download files, steal information from the compromised computer, etc. When it runs, it displays a false run-time error message.

Tobecho.A spreads via email, in a message that simulates a mail delivery error message and through the MSN Messenger program.
This worm also prevents users and the applications running on the computer from accessing the websites of certain antivirus and security companies. It also terminates certain processes including those belonging to variants of Netsky, Bagle and Blaster. Finally, Tobecho.A alters the settings of the affected computer and prevents users from accessing the Windows Registry Editor, as well as disabling remote administration of the computer's passwords.

The second worm is Mytob.E, which spreads via email. The message received by users try to trick them into thinking that they contain an interesting application (images, etc.). When users run the attachment, the computer will be infected.
To send itself to other users, Mytob.E looks for email addresses in files with extensions like HTM, HTML, TXT, etc.

The last is Elitper.D. It uses P2P file sharing programs, getting users to voluntarily download one of the files created by Elitper.D, thinking that it is some kind of interesting file, films , images, etc., when really they are downloading a copy of the worm onto their computer.

source:panda

[shakhe.bizhat.com]

hi
Mar 21 2005
SecurityTracker Vulnerability Summary
SecurityTracker Alerts: 40

Vendors: Apache Software Foundation - ASPjar - ASPPress.com
- Cagninacci, Marc - Citrix - FutureStore Technologies Ltd -
GoodTech Systems - Hartmann, Hensel - holaCMS Team - IBM -
KAME Project - KDE.org - kernel.org - MailEnable Pty. Ltd. -
McAfee - Microsoft - Moller, Niels - Mozilla.org - MySQL.com
- Novell - openslp.org - Phorum.org - PHP Arena -
phpadsnew.com - phpopenchat.org - punbb.org - rxvt-unicode -
Sun - Symantec - thepoolclub.com - winehq.org - Woodstone

Products: ACS Blog - aeNovo - ASPJar - holaCMS - IBM
WebSphere - iPool - iSnooker - KDE - lsh - MailEnable - MaxDB
- McAfee GroupShield - McAfee NetShield - McAfee VirusScan -
McAfee VirusScan ASaP - McAfee WebShield - mcNews - MetaFrame
Conferencing Manager - Microsoft Office InfoPath - Mozilla
Firefox - NetWare - Newgrp - OpenSLP - paFileDB - Phorum -
phpAdsNew - PHPOpenChat - Ppp - PunBB - Racoon - rxvt-unicode
- Servers Alive - Symantec Enterprise Firewall (Raptor) -
Symantec Gateway Security - ...

------------------------------------------------------------------------
1. MailEnable

Vendor: MailEnable Pty. Ltd.

A format string vulnerability was reported in MailEnable. A
remote user can cause the SMTP service to crash.description00:A
format string vulnerability exists in MailEnable. A remote user
can cause the SMTP service to crash.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013473.html


2. ACS Blog

Vendor: ASPPress.com

An input validation vulnerability was reported in ACS Blog. A
remote user can conduct cross-site scripting
attacks.description00:An input validation vulnerability exists in
ACS Blog. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013470.html


3. mcNews

Vendor: Cagninacci, Marc

An include file vulnerability was reported in mcNews in
'install.php'. A remote user can execute arbitrary commands on the
target system.description00:An include file vulnerability exists in
mcNews in 'install.php'. A remote user can execute arbitrary
commands on the target system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013469.html


4. lsh

Vendor: Moller, Niels

A vulnerability was reported in lsh. A remote user can deny
service.description00:A vulnerability exists in lsh. A remote user
can deny service.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013468.html


5. McAfee NetShield

Vendor: McAfee

A vulnerability was reported in McAfee NetShield in the
processing of LHA archives. A remote user can execute arbitrary
code with System privileges.description00:A vulnerability exists in
McAfee NetShield in the processing of LHA archives. A remote user
can execute arbitrary code with System privileges.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013467.html


6. McAfee GroupShield

Vendor: McAfee

A vulnerability was reported in McAfee GroupShield in the
processing of LHA archives. A remote user can execute arbitrary
code with System privileges.description00:A vulnerability exists in
McAfee GroupShield in the processing of LHA archives. A remote
user can execute arbitrary code with System privileges.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013466.html


7. McAfee WebShield

Vendor: McAfee

A vulnerability was reported in McAfee WebShield in the
processing of LHA archives. A remote user can execute arbitrary
code with System privileges.description00:A vulnerability exists in
McAfee WebShield in the processing of LHA archives. A remote user
can execute arbitrary code with System privileges.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013465.html


8. McAfee VirusScan ASaP

Vendor: McAfee

A vulnerability was reported in McAfee VirusScan ASaP in the
processing of LHA archives. A remote user can execute arbitrary
code with System privileges.description00:A vulnerability exists in
McAfee VirusScan ASaP in the processing of LHA archives. A remote
user can execute arbitrary code with System privileges.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013464.html


9. McAfee VirusScan

Vendor: McAfee

A vulnerability was reported in McAfee VirusScan in the
processing of LHA archives. A remote user can execute arbitrary
code with System privileges.description00:A vulnerability exists in
McAfee VirusScan in the processing of LHA archives. A remote user
can execute arbitrary code with System privileges.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013463.html


10. Newgrp

Vendor: Sun

A vulnerability was reported in Sun Solaris in the newgrp
command. A local user can obtain root privileges.description00:A
vulnerability exists in Sun Solaris in the newgrp command. A local
user can obtain root privileges.

Impact: Execution of arbitrary code via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013462.html


11. NetWare

Vendor: Novell

A vulnerability was reported in Netware in the xvesa code. A
remote user can access an Xwindows session without
authenticating.description00:A vulnerability exists in Netware in
the xvesa code. A remote user can access an Xwindows session
without authenticating.

Impact: User access via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013460.html


12. iSnooker

Vendor: thepoolclub.com

Kozan reported a vulnerability in iSnooker. A local user can
obtain passwords.description00:A vulnerability exists in iSnooker.
A local user can obtain passwords.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013459.html


13. iPool

Vendor: thepoolclub.com

Kozan reported a vulnerability in iPool. A local user can
obtain passwords.description00:A vulnerability exists in iPool. A
local user can obtain passwords.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013458.html


14. MetaFrame Conferencing Manager

Vendor: Citrix

A vulnerability was reported in Citrix MetaFrame Conferencing
Manager. A remote user may be able to obtain control of a
conference.description00:A vulnerability exists in Citrix MetaFrame
Conferencing Manager. A remote user may be able to obtain control
of a conference.

Impact: User access via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013457.html


15. ASPJar

Vendor: ASPjar

An input validation vulnerability was reported in ASPjar
Tell-a-Friend. A remote user can conduct cross-site scripting
attacks.description00:An input validation vulnerability exists in
ASPjar Tell-a-Friend. A remote user can conduct cross-site
scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013456.html


16. Servers Alive

Vendor: Woodstone

A vulnerability was reported in Servers Alive. A local user
can gain System privileges.description00:A vulnerability exists in
Servers Alive. A local user can gain System privileges.

Impact: Execution of arbitrary code via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013455.html


17. Microsoft Office InfoPath

Vendor: Microsoft

A vulnerability was reported in Microsoft Office InfoPath 2003.
A remote user may be able to obtain system information and
authentication data from form template files.description00:A
vulnerability exists in Microsoft Office InfoPath 2003. A remote
user may be able to obtain system information and authentication
data from form template files.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013454.html


18. KDE

Vendor: KDE.org

A denial of service vulnerability was reported in the KDE
Desktop Communication Protocol (DCOP) daemon. A local user can
cause the dcopserver to hang.description00:A denial of service
vulnerability exists in the KDE Desktop Communication Protocol
(DCOP) daemon. A local user can cause the dcopserver to hang.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013453.html


19. Symantec Enterprise Firewall (Raptor)

Vendor: Symantec

A vulnerability was reported in Symantec Enterprise Firewall in
the DNSd proxy. A remote user may be able to poison the DNS
cache.description00:A vulnerability exists in Symantec Enterprise
Firewall in the DNSd proxy. A remote user may be able to poison
the DNS cache.

Impact: Modification of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013452.html


20. VelociRaptor

Vendor: Symantec

A vulnerability was reported in Symantec VelociRaptor in the
DNSd proxy. A remote user may be able to poison the DNS
cache.description00:A vulnerability exists in Symantec VelociRaptor
in the DNSd proxy. A remote user may be able to poison the DNS cache.

Impact: Modification of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013451.html


21. Symantec Gateway Security

Vendor: Symantec

A vulnerability was reported in Symantec Gateway Security in
the DNSd proxy. A remote user may be able to poison the DNS
cache.description00:A vulnerability exists in Symantec Gateway
Security in the DNSd proxy. A remote user may be able to poison
the DNS cache.

Impact: Modification of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013450.html


22. PunBB

Vendor: punbb.org

Benji Lemien reported an input validation vulnerability in
PunBB. A remote user can conduct cross-site scripting
attacks.description00:An input validation vulnerability exists in
PunBB. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013446.html


23. OpenSLP

Vendor: openslp.org

Some vulnerabilities were reported in OpenSLP. A remote user
can execute arbitrary code on the target system.description00:Some
vulnerabilities exist in OpenSLP. A remote user can execute
arbitrary code on the target system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013439.html


24. Ppp

Vendor: kernel.org

A vulnerability was reported in the Linux kernel ppp driver. A
remote user can cause denial of service conditions.description00:A
vulnerability exists in the Linux kernel ppp driver. A remote user
can cause denial of service conditions.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013437.html


25. Telnet Server for Windows NT/2000/XP (GoodTech)

Vendor: GoodTech Systems

A vulnerability was reported in the Telnet Server for Windows
NT/2000/XP/2003 from GoodTech Systems. A remote user can execute
arbitrary code with Local System privileges.description00:A
vulnerability exists in the Telnet Server for Windows
NT/2000/XP/2003 from GoodTech Systems. A remote user can execute
arbitrary code with Local System privileges.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013436.html


26. IBM WebSphere

Vendor: IBM

A vulnerability was reported in IBM WebSphere Commerce. A
remote user may be able obtain private information from a
prepopulated form in certain cases.description00:A vulnerability
exists in IBM WebSphere Commerce. A remote user may be able obtain
private information from a prepopulated form in certain cases.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013435.html


27. PHPOpenChat

Vendor: phpopenchat.org

Mafia_Boy from Albania Security Clan reported an include file
vulnerability in PHPOpenChat. A remote user can execute arbitrary
commands on the target system.description00:An include file
vulnerability exists in PHPOpenChat. A remote user can execute
arbitrary commands on the target system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013434.html


28. Racoon

Vendor: KAME Project

A vulnerability was reported in Racoon in the parsing of ISAKMP
headers. A remote user can cause the target process to
crash.description00:A vulnerability exists in Racoon in the parsing
of ISAKMP headers. A remote user can cause the target process to
crash.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013433.html


29. Tomcat

Vendor: Apache Software Foundation

An input validation vulnerability was reported in Apache
Tomcat. A remote user can cause the Tomcat server to
crash.description00:An input validation vulnerability exists in
Apache Tomcat. A remote user can cause the Tomcat server to crash.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013432.html


30. VoteBox

Vendor: Hartmann, Hensel

SmOk3 of SystemSecure.org reported an include file
vulnerability in VoteBox. A remote user can execute arbitrary
commands on the target system.description00:An include file
vulnerability exists in VoteBox. A remote user can execute
arbitrary commands on the target system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013431.html


31. MaxDB

Vendor: MySQL.com

iDEFENSE reported several vulnerabilities in MaxDB Web Agent.
A remote user can deny service.description00:Several
vulnerabilities exist in MaxDB Web Agent. A remote user can deny
service.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013430.html


32. phpAdsNew

Vendor: phpadsnew.com

Maksymilian Arciemowicz (cXIb8O3) of SecurityReason reported
some vulnerabilities in phpAdsNew. A remote user can determine the
installation path. A remote user can conduct cross-site scripting
attacks.description00:Some vulnerabilities exist in phpAdsNew. A
remote user can determine the installation path. A remote user can
conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013429.html


33. Wine

Vendor: winehq.org

A vulnerability was reported in Wine. A local user may be able
to access the registry.description00:A vulnerability exists in
Wine. A local user may be able to access the registry.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013428.html


34. rxvt-unicode

Vendor: rxvt-unicode

A vulnerability was reported in rxvt-unicode. A user may be
able to execute arbitrary code on the target system.description00:A
vulnerability exists in rxvt-unicode. A user may be able to
execute arbitrary code on the target system.

Impact: Execution of arbitrary code via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013427.html


35. paFileDB

Vendor: PHP Arena

sp3x of SecurityReason reported an input validation
vulnerability in paFileDB in 'viewall.php' and 'category.php'. A
remote user can inject SQL commands and conduct cross-site
scripting attacks.description00:An input validation vulnerability
exists in paFileDB in 'viewall.php' and 'category.php'. A remote
user can inject SQL commands and conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013426.html


36. paFileDB

Vendor: PHP Arena

sp3x of SecurityReason reported a vulnerability in paFileDB in
many of the scripts. A remote user can determine the installation
path.description00:A vulnerability exists in paFileDB in many of
the scripts. A remote user can determine the installation path.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013425.html


37. holaCMS

Vendor: holaCMS Team

An input validation vulnerability was reported in HolaCMS in
the Vote Module. A remote user can modify files on the target
system.description00:An input validation vulnerability exists in
HolaCMS in the Vote Module. A remote user can modify files on the
target system.

Impact: Modification of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013424.html


38. Mozilla Firefox

Vendor: Mozilla.org

A spoofing vulnerability was reported in Firefox. A remote
user can create HTML that, in certain cases, will spoof the status
bar.description00:A spoofing vulnerability exists in Firefox. A
remote user can create HTML that, in certain cases, will spoof the
status bar.

Impact: Modification of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013423.html


39. Phorum

Vendor: Phorum.org

Several input validation vulnerabilities were reported in
Phorum in 'file.php', 'follow.php', and the user's control panel.
A remote user can conduct cross-site scripting
attacks.description00:Several input validation vulnerabilities
exist in Phorum in 'file.php', 'follow.php', and the user's control
panel. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013422.html


40. aeNovo

Vendor: FutureStore Technologies Ltd

A vulnerability was reported in aeNovo. A remote user can
obtain the database file, including the administrative
password.description00:A vulnerability exists in aeNovo. A remote
user can obtain the database file, including the administrative
password.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013421.html

[shakhe.bizhat.com]

hi
:arrow: March 22, 2005 - Apple has released an update to resolve nine security problems affecting its MAC OS.

The update includes the fix for the following problems:

- Two errors in the Apple Filing Protocol (AFP) that could allow an attacker to launch a denial of service attack or discover the contents of a drop box.
- A local security bypass affecting Bluetooth input devices.
- A buffer overflow problem in Core Foundation, which could allow execution of arbitrary code.
- Multiple vulnerabilities in Cyrus IMAP, including remotely exploitable denial of service and buffer overflows.
- A problem affecting the assigning of write permissions, which could allow different types of attacks.
- Directory traversal in Mailman, which could allow access to arbitrary files
- A script is also included for the Safari browser to correct a problem in the processing of URLs in International Domain Names (IDN) format that could allow phishing attacks.

The updates can be downloaded from:
Client
http://wsidecar.apple.com/cgi-bin/np...005-003Pan.dmg
Server
http://wsidecar.apple.com/cgi-bin/np...005-003Pan.dmg

-------------------------------
| shakhe.bizhat.com |
-------------------------------