The Cyrus IMAP Server is an E-Mail application that uses the Internet Message Access Protocol (IMAP). It allows an user to perform certain mail functions on a remote server rather than on a local computer. A remotely exploitable pre-login buffer overflow in cyrus imapd has been found. The problem resides in the way memory is managed. It may be exploited prior to authentication to the IMAP server and could allow a remote attacker to read other users' E-Mail and to execute arbitrary code with the privileges of the user running the IMAP server. A patch to fix this problem has been published now.

In xpdf and mhonarc some vulnerabilities have been found. Now, OpenBSD has pulished new packages for affected clients.

Some Vulnerabilities were found in cyrus-sasl, cyrus-imapd, openldap, and cups. At least the vulnerability in openldap might lead to a remote command execution. It's recommended to download and install the updated packages.

Within the last the last week 29 new vulnerabilities have been reported:

Typespeed is a game that lets you measure your typematic speed. By overflowing a buffer a local attacker might execute arbitrary commands under the group id games.
Bugzilla is a web-based bug tracking system. It doesn't properly sanitize any input submitted by users. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
Patches are available now.

The new version Sendmail 8.12.7 has been published now. It fixes the vulnerability in smrsh and some other bugs.

ISS point out that a new worm called Dynamic Trojan Horse Network (DTHN) is spreading in the Internet. DTHN propagates through E-Mail and through open NetBIOS file shares. DTHN installs itself and establishes communication to a sophisticated peer-to-peer communications network, to further spread infections and launch additional attacks. So it's recommended to upgrade your security software.

In KDE recently some vulnerabilities have been found. Now, OpenBSD has pulished new packages for affected clients.

Fetchmail is an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When fetchmail retrieves a mail all headers that contain addresses are searched for local addresses. If a hostname is missing, fetchmail appends it but doesn't reserve enough space for it. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail. A fixed package has been published now.

Some Vulnerabilities were found in perl, canna, wget, and KDE. It's recommended to download and install the updated packages.

Sendmail Restricted Shell (smrsh) may let local users bypass restrictions to execute code, so users might execute unauthorized programs. Affected are HP 9000 Series 700 and 800 running HP-UX 11.00, 11.11, 11.22 running sendmail version 8.11.1 ONLY. Until patches are available it's recommended to download and install fixed versions of /usr/sbin/smrsh from the ftp site.

In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. Affected are all KDE 2 releases and all KDE 3 releases. The vulnerabilities potentially enable local or remote attackers to compromise the privacy of a vicitim's data and to execute arbitrary shell commands with the victim's privileges, such as erasing files or accessing or modifying data. All known problems have been fixed in KDE 3.0.5a.

A buffer overflow in the Cyrus IMAP server has been found. It could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server. A fixed package is available now.

Javasoft has issued Security Bulletin 109 concerning problems with the Java Bytecode verifier initialization. The vulnerabilities are a potential denial of Service, information leakage, or arbitrary execution of code. Affected are HP-UX versions of Java (1.1.X, 1.2.X, 1.3.X, and 1.4.X only.). A security fix has been published now.

A buffer overflow in the Cyrus IMAP server has been found. It could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server. A fixed package is available now.

In MySQL recently a security hole has been found. Now, OpenBSD has also pulished new packages for affected clients and servers.

Within the last the last week, 40 new vulnerabilities have been found:

Two flaws in the MySQL server can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address have been found. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient.
Another vulnerability has been found in cups. It might lead to local or remote root-access.
Fixed packages are available now.

KDE lanbrowsing service LISa is used to identify CIFS and other servers on the local network, and consists of two main modules: "lisa", a network daemon, and "reslisa", a restricted version of the lisa daemon. One vulnerability found is a buffer overflow in the lisa daemon. It can be exploited by an attacker on the local network to obtain root privilege on a machine running the lisa daemon. Another vulnerability is a buffer overflow in the rlan:// URL handler. It can possibly be exploited by remote attackers to gain access to the victim user's account, for instance by causing the user to follow a bad rlan:// link in a HTML document. Fixed packages are available now.

Several Cisco products are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. Patches are not available yet.

Several buffer overflows were found in both the OpenLDAP server and in the libraries provided with the OpenLDAP package. Some of these vulnerabilities can be exploited by attackers remotely or locally to compromise the OpenLDAP server or applications linked against the vulnerable libraries. Patches are available now.

Vulnerabilities were found in the packages mysql, wget, lynx-ssl, perl, tcpdump, and kernel. Fixed packages are available now.

Multiple vulnerabilities have been found in BIND (Berkeley Internet Name Domain). Updated packages are available now.

In libpng the starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer. Fixed packages are available now.

Two flaws in the MySQL server can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address have been found. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. So also PHP is affected by these problems.
Fixed packages of MySQL solve these problems.

Potential buffer overflows were found in the DNS resolver libraries.
Sendmail Restricted Shell (smrsh) may let local users bypass restrictions to execute code.
Patches are available now.

No further comment due to Microsoft insisting on their copyright on advisories.

New apache packagees are available for Mandrake Single Network Firewall 7.2.
Two flaws in the MySQL server can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address have been found. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. So also PHP is affected by these problems. Patches are available now.

The linux kernel is vulnerable to a local Denial-of-Service attack. Local users with non-root rights can cause the machine to freeze.
A vulnerability allows a remote attacker to crash Fetchmail and potentially execute arbitrary code by sending a carefully crafted email which is then parsed by Fetchmail.
Patches are available now.

Two flaws in the MySQL server can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address have been found. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. So also PHP is affected by these problems.
Fixed packages of MySQL solve these problems.

Vulnerabilities were found in mysql, fetchmail, squirrelmail, and exim. Updated packages are available now.

There exists a vulnerability within Macromedia's Flash software and its handling of malformed Flash files. Attackers can use this vulnerability to compromise users of Macromedia's Flash software. A corrupt file may be placed on a website or in some cases within an HTML email. Patches are available now.

This bug allows a remote attacker to crash Fetchmail and potentially execute arbitrary code by sending a carefully crafted email which is then parsed by Fetchmail.
The SNMP daemon included in the Net-SNMP package can be caused to crash if it is sent a specially crafted packet. Successful exploitation of this issue would require knowledge of a known SNMP community string.
Updated packages are available now.

Within the last the last week, 60 new vulnerabilities have been found:

A vulnerability has been found that allows a malicious user to execute arbitrary code with root privileges when AutoFS is used in conjunction with name-to-location executable maps.
The shell script dump_smutil.sh creates a temporary file in /tmp in an insecure way.
Patches are available now.

A buffer overrun was found in the url_filename function of wget. In addition wget does not verify the FTP server response to a NLST command. A patch is available now.

A number of vulnerabilities has been found in different vendors' SSH products. These vulnerabilities include buffer overflows, and they occur before user authentication takes place. Affected by these vulnerabilities are SSH products of following vendors: F-Secure, Intersoft International Inc., Pragma Systems, PuTTY, and SSH Communications Security. Details can be found in the advisories.

Two flaws in the MySQL server can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address have been found. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. So also PHP is affected by these problems.
Fixed packages of MySQL solve these problems.

Two flaws in the MySQL server can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address have been found. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. So also PHP is affected by these problems.
Fixed packages of MySQL solve these problems.

The text based ICQ client mICQ shows a problem when receiving certain ICQ messages: Under certain circumstances all versions crash. This problem has been fixed with a new package.

As reported in VU#210409, some ftp clients contain directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Currently, SGI is investigating about the problem and will not give further information at the moment.

In htdig the command line parameters might lead to security related problems, when htdig is executed as a cgi-program at a Web-Server.
Additionally, for libldap a security update has been published. It's necessary, if LDAP client applications use setuid. Other vulnerabilities in the man-pages for ldapmodify and ldapadd as well as a bug in the group-ACLs have been corrected, too.

In the packets mentioned some security related problems have been found, including a buffer overflow. Source code patches have been published to solve these problems.

The permissions of the shared memory used for the scoreboard allows an attacker who can execute under the Apache UID to send a signal to any process as root or cause a local denial of service attack.
Cross-site scripting (XSS) vulnerability in the default error page, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header.
Updated packages are available now.

The Safe extension module allows the creation of compartments in which perl code can be evaluated in a new namespace and the code evaluated in the compartment cannot refer to variables outside this namespace. However, when a Safe compartment has already been used, there's no guarantee that it is Safe any longer.
A buffer overrun was found in the url_filename function of wget. In addition wget does not verify the FTP server response to a NLST command.
lynx does not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request.
Fixed packages are now available.

A remotely exploitable vulnerability has been discovered in Sun Cobalt RaQ 4 Server Appliances running Sun's Security Hardening Package (SHP). Exploitation of this vulnerability may allow remote attackers to execute arbitrary code with superuser privileges.
A fixed package is available now.

A potential security vulnerability has been discovered in the Internode Communication System (ICS) that may result in a denial of service (DoS) on HP TruCluster Server systems. This potential security vulnerability may be in the form of local and remote security domain risks.
Patches are available now.

The ntpd of the xntpd software may hang or exhibit extremely poor performance, this can lead to a potential denial-of-service.
The already known potential remote root access in Samba exists also in the version of HP.
The installation of HP-UX Visualize Conference leaves certain directories with insecure permissions. This can lead to a potential increase in privileges or unauthorized access.
Patches are available now.

A vulnerability was discovered in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files.
Fixed packages are now available.

Web services in JRun 4.0 and ColdFusion MX products are vulnerable to a denial of service attack by passing incorrectly formed messages to the SOAP interfaces exposed by ColdFusion MX and JRun. Both products use an XML parser (either Crimson or Xerces) that can be made to run in an almost infinite loop with this specially formed message - exhausting CPU resources.
Patches are available now.

As longer known, older versions of uudecode didn't check whether output file is a link or a named pipe.
SCO now provides updated packages.

The Optical Service Module (OSM) Line Cards installed in Catalyst 6500 or Cisco 7600 chassis, and running Cisco IOS® Software Version 12.1(8)E and higher are vulnerable to a Denial of Service upon receiving a specifically constructed or corrupted packet from the local network.
New software releases which fixes this issue are available now.

No further comment due to Microsoft insisting on their copyright on advisories.

For the already known vulnerability of wget Mandrake now provides updated packages.

Several buffer overflows were found in the gtetrinet (a multiplayer tetris-like game) package which could be abused by a malicious server.
The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution.
Updated packages are available now.

A security vulnerability in Tomcat 4.0.X versions prior to version 4.0.6 leads to potential unauthorized source code listing.
HP recommends upgrading to 4.0.6 or above or apply a workaround.

A buffer overflow in the DNS SRV code for nss_ldap allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Updated packages are available now.

The wget packages shipped with Red Hat Linux 6.2 through 8.0 contain a security bug which, under certain circumstances, can cause local files to be written outside the download directory.
The Canna server, used for Japanese character input, has two security vulnerabilities including an exploitable buffer overrun allowing a local user to gain 'bin' user privileges.
New packages are now available.

Within the last the last week, 45 new vulnerabilities have been found:

SCO implements now in UnixWare a fix to close file descriptors 0, 1 and/or 2 before executing a setuid program.

In handling arguments, groff pic has a buffer overrun. The problem could be remotely exploited depending on the lpd setup. A new package fixes this problem.

Similar to FreeS/WAN the IPSec implementation of IBM does not properly handle certain very short packets. This may lead to Denial-of-Service attacks. Fixed packages are available now.

The command ied(1) has the capability for a potential unauthorized data access.
The X Font Server contains the already known remote exploitable buffer overflow.
Patches are available now.

SUN has published several new patches for Solaris. Details can be found in the advisories.

For the already some time ago vulnerabilities found in
- Apache webserver (DoS by sending SIGUSR1, XSS and Buffer overflow in ApacheBench)
- exloitable memory leak in ypserv
- RPC XDR buffer overflow in glibc
SCO now provides updated packages.

For already known vulnerabilities:
- in Samba SGI recommends to install version 2.2.7 from the original Samba site.
- in X Font Service (xfs) SGI recommends to upgrade to IRIX 6.5.14 or newer.
- in BIND SGI recommends to apply a patch or upgrade to IRIX 6.5.19 or newer.

Also SGI currently investigates the BIND Name Server DNS Spoofing Vulnerability.

For the already known security problems in KDE (KIO) Debian has now released updated packages.

No further comment due to Microsoft insisting on their copyright on advisories.

No further comment due to Microsoft insisting on their copyright on advisories.

OpenLDAP is the Open Source implementation of the Lightweight Directory Access Protocol (LDAP) and is used in network environments for distributing certain information such as X.509 certificates or login information. Some buffer overflows and other bugs were found in the openldap server and in the openldap client libraries, so remote attackers might get access to a vulnerable system. Because there is no workaround but shutting down the server, it's strongly recommended to install fixed packages which have been published now.

A security problem in smb2www could lead a remote attacker to execute arbitrary programs under the user id www-data on the host where smb2www is running. Fixed packages are available now.

A number of vulnerabilities have been found that affect various versions of KDE. New packages are now available.

Access restrictions imposed via check_relay for IP addresses can be circumvented using bogus DNS data, patches for 8.12 and 8.9 are available now. Upcoming version 8.12.7 will contain a patch for this. If you use FEATURE(`delay_checks') then you don't need a patch.

Several updates are available now for:

Buffer Overflow Vulnerability in DNS Resolver Libraries (AIX 4.3.3)
(Malicious user may cause denial of service or could gain root privileges)

Buffer Overflow vulnerability in CDE DtSvc Library (AIX 4.3.3 and 5.1.0)
(Malicious user can obtain elevated privileges)

In addition some recalled Security APARs for AIX 4.3.3 are reinstated, fixing several vulnerabilities.

A buffer overflow vulnerability exists in versions of Cyrus IMAP Server up to and including 2.1.10. This vulnerability may allow a remote attacker to execute arbitrary code on the mail server with the privileges of the Cyrus IMAP Server.
Official Updates have not been released. This issue will be resolved in version 2.1.11 and 2.0.17.
Note that version 1.x are no longer supported and should be replaced with 2.0.17 (if available).

IM, containing interface commands and Perl libraries for E-Mail and NetNews, creates temporary files insecurely.
Fixed packages are available now.

Within the last the last week, 40 new vulnerabilities have been found:

A buffer overflow when parsing certain "From:" addresses was found in pine. A malicious user could send a message with a specially crafted "From:" address and cause a segmentation fault on the client.
The function RCreateImage from WindowMaker shows a buffer overflow. So remote attackers might execute arbitrary code with the rights of the user having startet WindowManager.
Fixed packages are available now.

FreeS/WAN does not properly handle certain very short packets. This may lead to Denial-of-Service attacks. Fixed packages are available now.

A denial-of-service (DoS) vulnerability was found in xinetd. New packages are now available.