Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-227-34-0.compute-1.amazonaws.com [54.227.34.0]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 03 / 2005

System: Cisco VPN 3000 Concentrator
Topic: Vulnerability in Cisco VPN 3000 Concentrator
Links: Cisco, ESB-2005.0257
ID: ae-200503-045

A malicious user may be able to send a crafted attack via SSL (Secure Sockets Layer) to the Cisco VPN 3000 series concentrators which may cause the device to reload, and/or drop user connections. The affected products are only vulnerable if they have the HTTPS service enabled and the access to the service is not limited to trusted hosts or network management workstations. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerability in mailreader
Links: DSA-700, CAN-2005-0386, ESB-2005.0260
ID: ae-200503-044

A cross-site scripting problem was discovered in mailreader, a simple, but powerful WWW mail reader system, when displaying messages of the MIME types text/enriched or text/richtext. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in XFree86
Links: RHSA-2005-331, CAN-2005-0605, ESB-2005.0259, P-165
ID: ae-200503-043

An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in mc
Links: DSA-698, CAN-2005-0763, ESB-2005.0252
ID: ae-200503-042

A buffer overflow has been discovered in mc, the midnight commander, a file browser and manager. Fixed packages are available now.

System: Various
Topic: Vulnerability in Telnet
Links: iDEFENSE, iDEFENSE, ESB-2005.0244, VU#291924, VU#341908, CAN-2005-0468, CAN-2005-0469, DSA-697, DSA-699, ESB-2005.0251, ESB-2005.0253, RHSA-2005-327, ESB-2005.0246, RHSA-2005-330, ESB-2005.02R58, FreeBSD-SA-05:01, ESB-2005.0248, MITKRB5-SA-2005-001, P-163, ESB-2005.0254, Sun Alert #57755, ESB-2005.0250, MDKSA-2005:061, SUSE 9.2, SUSE 9.1, OpenBSD, ESB-2005.0263, DSA-703, Sun Alert #57761, ESB-2005.0291, SCOSA-2005.21
ID: ae-200503-041

Buffer overflows were discovered in the env_opt_add() and slc_add_reply() functions of the telnet(1) command. These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1). Patches are available now.

System: SuSE Linux
Topic: Vulnerabilities in Kernel
Links: CAN-2005-0449, CAN-2005-0209, CAN-2005-0529, CAN-2005-0530, CAN-2005-0532, CAN-2005-0384, CAN-2005-0210, CAN-2005-0504, CAN-2004-0814, CAN-2004-1333, CAN-2005-0003, SUSE-2005:018
ID: ae-200503-040

The Linux kernel is the core component of the Linux system. Several vulnerabilities were reported in the last few weeks which are fixed by a new update.

System: SuSE Linux
Topic: Vulnerability in ImageMagick
Links: CAN-2005-0397, SUSE-SA:2005:017
ID: ae-200503-039

A format string vulnerability was found in the display program which could lead to a remote attacker being to able to execute code as the user running display by providing handcrafted filenames of images. Fixed packages are avaiable now.

System: Various
Topic: Multiple vulnerabilities in Mozilla, Firefox, and Thunderbird
Links: CAN-2004-0906, CAN-2004-1380, CAN-2004-1613, CAN-2005-0141, CAN-2005-0142, CAN-2005-0143, CAN-2005-0144, CAN-2005-0146, CAN-2005-0147, CAN-2005-0149, CAN-2005-0232, CAN-2005-0255, CAN-2005-0399, CAN-2005-0401, CAN-2005-0402, ISS Advisory, ESB-2005.0237, P-160, RHSA-2005-323, RHSA-2005-335, RHSA-2005-336, RHSA-2005-337, ESB-2005.0241, ESB-2005.0242, ESB-2005.0243, P-138
ID: ae-200503-038

Several vulnerabilities were found in the Web browser Mozilla Firefox, the Mailclient Mozilla Thunderbird and the Browser Suite Mozilla. Exploiting the worst of these vulnerabilities may allow an attacker to execute arbitrary code or conduct malicious spoofing attacks. Fixed versions are available now.

System: Mac OS X
Topic: New Apple Security Update
Links: APPLE-SA-2005-003, CAN-2005-0340, CAN-2005-0715, CAN-2005-0713, CAN-2005-0716, CAN-2004-1011, CAN-2004-1012, CAN-2004-1013, CAN-2004-1015, CAN-2004-1067, CAN-2002-1347, CAN-2004-0884, CAN-2005-0712, CAN-2005-0202, CAN-2005-0234, P-156
ID: ae-200503-037

A new Apple Security Update solves several security related problems. The Update gives improvements for AFP Server, Bluetooth Setup Assistant, Core Foundation, Cyrus IMAP, Cyrus SASL, Folder Permissions, Mailman, and Safari. So the installation of this update is recommended.

System: Verschiedene
Topic: Vulnerability in Perl
Links: P-157, DSA-696, CAN-2005-0448, ESB-2005.0236
ID: ae-200503-036

A new vulnerability was found in File::Path::rmtree function which can lead to create suid binaries as a normal user.

Debian already provides updates.
It can be expect that other distributions will follow soon.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in realplay, ImageMagick, kdelibs and ipsec-tools
Links: RHSA-2005-299, RHSA-2005-070, RHSA-2005-320, RHSA-2005-232 RHSA-2005-325, P-159, CAN-2005-0398 CAN-2005-0237 CAN-2005-0365 CAN-2005-0396, ESB-2005.0238, ESB-2005.0239, ESB-2005.0240
ID: ae-200503-035

The racoon IKE daemon, contained in package ipsec-tools, can be crashed from remote by sending a special crafted ISAKMP packet.
A format string problem was found in ImageMagick which can lead to execute arbitrary code as the user who opened a file with a special crafted namwas found in ImageMagick which can lead to execute arbitrary code as the user who opened a file with a special crafted name.
Several new security issues were found in kdelibs.

Fixed packages are available now.

In former distributed version 8 of Realplayer, several security issued where discovered. Because it's no longer supported by RealNetworks, Red Hat provides an update to version 10.

System: Unix/Linux
Topic: Vulnerabilities in MySQL
Links: CAN-2005-0709, CAN-2005-0710, CAN-2005-0711, MDKSA-2005:060, SuSE-2005_19, RHSA-2005:334, ESB-2005.0247, P-164, RHSA-2005:348
ID: ae-200503-034

Three new vulnerabilites were found in MySQL database:
- two of them allow ahtuenticated users to execute arbitrary code with the privileges of the user running the database server
- the third one allow any local user to overwrite arbitrary files with the privileges of the database server

Mandrake already provides updates for their Linux versions 10.0, 10.1, CS2.1, CS3.0.
It can be expect that other distributions will follow soon.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in mailman and libexif
Links: RHSA-2005-235, CAN-2004-1177, ESB-2005.0233, RHSA-2005-300, CAN-2005-0664, ESB-2005.0235
ID: ae-200503-033

A cross-site scripting (XSS) flaw in the driver script of mailman prior to version 2.1.5 could allow remote attackers to execute scripts as other web users.
A bug was found in the way libexif parses EXIF tags. An attacker could create a carefully crafted EXIF image file which could cause image viewers linked against libexif to crash.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in xloadimage and xli
Links: DSA-694, DSA-695, CAN-2005-0638, CAN-2005-0639, ESB-2005.0230, ESB-2005.0231
ID: ae-200503-032

Two vulnerabilities were found in xloadimage and xli. A flaw was reported in the handling of compressed images, where shell meta-characters are not adequately escaped. Insufficient validation of image properties have been discovered which could potentially result in buffer management errors. Fixed packages are available now.

System: Some
Topic: Vulnerability in Java Web Start
Links: Sun Alert #57740, ESB-2005.0225, P-161, ESB-2005.0249
ID: ae-200503-031

A vulnerability in Java Web Start may allow an untrusted application the ability to elevate its privileges. As a result, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the Java Web Start application. As a workaround, Java Web Start might be disabled. An update to version J2SE 5.0 Update 2 or J2SE 1.4.2_07 is available, also.

System: Red Hat Enterprise Linux 2.1
Topic: Vulnerability in sylpheed
Links: RHSA-2005-303, CAN-2005-0667, P-155, ESB-2005.0223
ID: ae-200503-030

Sylpheed is a GTK+ based fast E-Mail client. A buffer overflow bug has been found in the way Sylpheed handles non-ASCII characters in the header of a message to which a victim replies. So a carefully crafted E-Mail message could potentially allow an attacker to execute arbitrary code on a victim's machine if they reply to such a message. A fixed package solves this problem.

System: Various
Topic: Vulnerability in McAfee AntiVirus Library
Links: ISS Advisory, VU#361180, P-158, ESB-2005.0222
ID: ae-200503-029

The McAfee AntiVirus Library is widely relied upon to provide antivirus capabilities to desktop, server, and gateway systems. By crafting an LHA file, an attacker is able to trigger a stack overflow within the process importing the McAfee AntiVirus Library. Affected are McAfee AntiVirus Library versions prior to 4400.

System: Sun Solaris
Topic: Vulnerability in newgrp
Links: Sun Alert #57710, ESB-2005.0221
ID: ae-200503-028

A buffer overflow in newgrp(1) may allow a local unprivileged user the ability to gain root privileges. A patch is available now.

System: Mandrake Linux
Topic: Vulnerability in evolution
Links: MDKSA-2005:059
ID: ae-200503-027

It was discovered that certain types of messages could be used to crash the Evolution mail client. Fixed packages are available now.

System: Unix/Linux
Topic: Vulnerabilities in KDE
Links: KDE-20050316-1, KDE-20050316-2, KDE-20050316-3, CAN-2005-0237, CAN-2005-0365, CAN-2005-0396, MDKSA-2005:058, ESB-2005.0227, ESB-2005.0228, ESB-2005.0229, SUSE-SA:2005:022
ID: ae-200503-026

A vulnerability in dcopserver was discovered. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service.
The IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters.
It was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user.
Patches are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in squid, postfix, and tetex
Links: RHSA-2005-201, CAN-2005-0446, ESB-2005.0220, RHSA-2005-152, CAN-2005-0337, ESB-2005.0219, RHSA-2005-026, CAN-2004-1125, CAN-2005-0064, ESB-2005.0218
ID: ae-200503-025

A bug was found in the way Squid handles fully qualified domain name (FQDN) lookups. A malicious DNS server could crash Squid by sending a carefully crafted DNS response to an FQDN lookup.
Postfix is a Mail Transport Agent (MTA). A flaw was found in the ipv6 patch used with Postfix. When the file /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, this flaw could allow remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
The tetex packages (teTeX) contain an implementation of TeX for Linux or UNIX systems. teTeX uses code from xdpf, which includes two buffer overflows.
Fixed packages are available now.

System: Mandrake Linux
Topic: Vulnerabilities in koffice and gnupg
Links: MDKSA-2005:056, CAN-2005-0206, MDKSA-2005:057, CAN-2005-0366
ID: ae-200503-024

Koffice uses an embedded version of xpdf. Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform.
Gnupg is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called "quick scan" and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption.
Fixed packages are available now.

System: Unix / Linux
Topic: Vulnerability in OpenSLP
Links: SuSE-2005_15, MDKSA-2005:055
ID: ae-200503-023

Various buffer overflows and out of bounds memory access were found in openslp which can be triggered by remote attackers by sending malformed SLP packets. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Ethereal
Links: SA-00018, CAN-2005-0699, CAN-2005-0704, CAN-2005-0705, CAN-2005-0739, P-154, ESB-2005.0216, MDKSA-2005:053, RHSA-2005-306, ESB-2005.0224
ID: ae-200503-022

Buffer overflows were found in the Ethereal dissectors for Etheric, GPRS-LLC, 3GPP2 A11, IAPP, JXTA, and sFlow. It's strongly recommended to upgrade to version 0.10.10.

System: Debian GNU/Linux
Topic: Vulnerability in luxman
Links: DSA-693, CAN-2005-0385
ID: ae-200503-021

A buffer overflow was discovered in luxman, an SVGA based PacMan clone, that could lead to the execution of arbitrary commands as root. Fixed packages are available now.

System: Several Anti-Virus Scanner Software
Topic: Filenames containing escape sequences archived in a ZIP file can lead to bypass AV scanning or unfiltered logging
Links: AERAsec/unfiltered-escape-sequences, AERAsec/unfiltered-escape-sequences/samples, Heise Online#57561, SecurityFocus#12793
ID: ae-200503-020

Anti-Virus-Scanner-Software, either local or as gateway scanner (SMTP or HTTP) decompresses archives to check their contents also.
Good decompression routines are smart enough to decompress files regardless the filename contain strange characters like escape sequences or not.
Also good AV software takes care about such escape sequences in case the decompressed filename would be logged.
Unfortunately, this is not always the case in current available software.
In our TXT-only available advisory more information about some affected products is available. Also, we provide some samples for testing this issue.

System: Microsoft Windows
Topic: Vulnerability in Ipswitch Collaboration Suite
Links: iDEFENSE #216, CAN-2005-0707, ESB-2005.0212
ID: ae-200503-019

Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows. Exploitation of a remote buffer overflow within the IMAP daemon of ICS allows attackers to execute arbitrary code with administrator privileges. This vulnerability is reasoned by the EXAMINE handler function. It selects a mailbox so messages may be accessed. If an overly long name with more than 259 bytes is used, EXAMINE will overwrite the saved stack from pointer, resulting in potential process execution control.
The EXAMINE IMAP command is only valid after authentication has occurred. This vulnerability is fixed in IMail Server 8.15 Hotfix 1, which should be installed.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in gaim
Links: RHSA-2005-215, CAN-2005-0208, CAN-2005-0472, CAN-2005-0473, ESB-2005.0213
ID: ae-200503-018

Gaim versions prior to version 1.1.4 suffer from a few security issues such as the HTML parser not sufficiently validating its input. This allowed a remote attacker to crash the Gaim client be sending certain malformed HTML messages. As well, insufficient input validation was also discovered in the "Oscar" protocol handler, used for ICQ and AIM. By sending specially crafted packets, remote users could trigger an inifinite loop in Gaim causing it to become unresponsive and hang.
Gaim 1.1.4 is provided and fixes these issues.

System: HP Tru64 UNIX
Topic: Vulnerability in Kernel
Links: SSRT4891, HPSBTU01109, ESB-2005.0211
ID: ae-200503-017

There is a security vulnerability on HP Tru64 UNIX systems message queue where a local unpriviledged user may cause a Denial-of-Service (DoS). The vulnerability may impact processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd. Early Release Patch (ERP) kits are available now.

System: Debian GNU/Linux
Topic: Vulnerability in kdenetwork
Links: DSA-692, CAN-2005-0205, ESB-2005.0210
ID: ae-200503-016

A vulnerability was found in the kppp program from the kdenetwork package. By opening a sufficiently large number of file descriptors before executing kppp which is installed setuid root a local attacker is able to take over privileged file descriptors. Fixed packages are available now.

System: Sun Solaris
Topic: Vulnerability in AnswerBook2
Links: Sun Alert #57737, ESB-2005.0207, P-153
ID: ae-200503-015

The AnswerBook2 Search function dynamically generated web pages may allow the execution of scripts or present malicious HTML to a user. A patch is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in abuse
Links: DSA-691, CAN-2005-0098, CAN-2005-0099
ID: ae-200503-014

Several buffer overflows were found in the command line handling of abuse, which could lead to the execution of arbitrary code with elevated privileges since it is installed setuid root. In addition abuse creates some files without dropping privileges first, which may lead to the creation and overwriting of arbitrary files. Fixed packages are available now.

System: Red Hat Linux
Topic: Vulnerability in Mozilla
Links: RHSA-2005-277, CAN-2005-0255, ESB-2005.0206
ID: ae-200503-013

A bug was found in the Mozilla string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. Fixed packages are available now.

System: Mandrake Linux
Topic: Vulnerabilities in gaim
Links: MDKSA-2005:049, CAN-2005-0208, CAN-2005-0472, CAN-2005-0473
ID: ae-200503-012

Gaim versions prior to version 1.1.4 suffer from a few security issues such as the HTML parser not sufficiently validating its input. This allowed a remote attacker to crash the Gaim client be sending certain malformed HTML messages. As well, insufficient input validation was also discovered in the "Oscar" protocol handler, used for ICQ and AIM. By sending specially crafted packets, remote users could trigger an inifinite loop in Gaim causing it to become unresponsive and hang.
Gaim 1.1.4 is provided and fixes these issues.

System: SGI Advanced Linux Environment
Topic: Some potential vulnerabilities fixed
Links: SGI-20050203-01, SGI-20050204-01, SGI-20050301-01
ID: ae-200503-011

SGI has released Security Updates #27, #28, and #29 for SGI Advanced Linux Environment 3. These updates fix security related problems in Python, PostgreSQL, Squid, kdelibs, kdebase, mod_python, emacs, xemacs, Squirrelmail, mailman, cpio, vim, cups, and imap. It's recommended to install these updates.

System: Unix/Linux
Topic: Vulnerability in xpdf
Links: CAN-2004-0888, CAN-2005-0206, RHSA-2005-213, ESB-2005.0204, MDKSA-2005:052
ID: ae-200503-010

The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. As reported before, xpdf shows some vulnerabilities. An updated xpdf package that correctly fixes several integer overflows is now available.

System: Unix / Linux
Topic: Vulnerability in cyrus-sasl
Links: CAN-2005-0373, SuSE-2005_13, MDKSA-2005:054
ID: ae-200503-009

Cyrus-sasl is a library providing authentication services. A buffer overflow in the digestmda5 code could lead to a remote attacker executing code in the context of the service using sasl authentication. An updated package is available now.

System: Some
Topic: Vulnerabilities in RealNetworks Software
Links: iDEFENSE #209, Real, CAN-2005-0455, CAN-2005-0611, ESB-2005.0200, RHSA-2005-265, ESB-2005.0203, P-152, SUSE-SA:2005:014, RHSA-2005-265, ESB-2005.0234
ID: ae-200503-008

RealNetworks provides Software like e.g. RealPlayer, RealOne Player, or Helix Player. The RealPlayer Synchronized Multimedia Integration Language (SMIL) file processor is vulnerable to a buffer overflow. Another buffer overflow has been found in the way RealPlayer decodes WAV sound files. An attacker could create a specially crafted SMIL file or WAV file that would execute arbitrary code when opened by a user. Updates address these vulnerabilities.

System: Various
Topic: Multiple vulnerabilities in Computer Associates License Manager
Links: AD20050302, iDEFENSE #210, iDEFENSE #211, iDEFENSE #212, iDEFENSE #213, iDEFENSE #214, iDEFENSE #215, CA, CAN-2005-0581, CAN-2005-0582, CAN-2005-0583 ESB-2005.0198, P-150
ID: ae-200503-007

The Licensing software allows for the remote management and tracking of software licenses. CA License package version between v1.53 and v1.61.8 show buffer overflow conditions which can potentially allow arbitrary code to be executed remotely with local SYSTEM privileges. CA strongly recommends the application of the appropriate CA License patch.

System: HP OpenVMS
Topic: Vulnerability caused by privileged file access
Links: SSRT4866/HPSBOV01121, ESB-2005.0197
ID: ae-200503-006

A potential security vulnerability has been identified with HP OpenVMS VAX version 7.x and 6.x and OpenVMS Alpha Version 7.x or 6.x that may allow a local authorized user to gain unauthorized privileged access to data and system resources. An update solves this problem.

System: SCO UnixWare 7.1.4
Topic: Vulnerability in SQUID
Links: SCOSA-2005.16, CAN-2004-0189, CAN-2004-0918
ID: ae-200503-005

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a Denial-of-Service (server restart) via certain SNMP packets with negative length fields that causes a memory allocation error. Additionally, the "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. SCO has fixed these binaries now.

System: Unix/Linux
Topic: Vulnerability in KPPP
Links: iDEFENSE #208, CAN-2005-0205, ESB-2005.0195, RHSA-2005-175, P-151, ESB-2005.0202
ID: ae-200503-004

KPPP is a dialer and front end for pppd. It allows for interactive script generation and network setup. Local exploitation of a privileged file descriptor leak in KPPP can allow attackers to hijack a system's domain name resolution function. The vulnerability specifically exists due to kppp's failure to properly close privileged file descriptors. Typically, KPPP is installed setuid root and uses privilege separation to allow only certain functions of the PPP dialer to execute with elevated privileges. Communication between the privileged portion and non-privileged portion of kppp is done over a domain socket which does not properly get closed. As a workaround, temporarily remove the setuid bit from KPPP and manually gain root privileges before executing KPPP. A patch for KDE 3.1 is available now.

System: Symantec Firewall
Topic: Vulnerability in AMTP
Links: Symantec, P-148
ID: ae-200503-003

Symantec has responded to a potential vulnerability identified in the SMTP binding function of the entry-level Symantec Gateway Security appliances with the ISP load-balancing capabilities. In certain firmware versions, the SMTP (outbound E-Mail) traffic would be load-balanced regardless of the user-configured WAN binding selection. This could result in SMTP traffic intended only for a trusted network potentially being passed over an untrusted connection instead. New firmware releases are available now.

System: Various
Topic: Multiple vulnerabilities in Firefox
Links: Mozilla, MFSA2005-18, CAN-2004-1156, CAN-2005-0585, CAN-2005-0231, CAN-2005-0232, CAN-2005-0233, CAN-2005-0527, CAN-2005-0255, CAN-2005-0578, CAN-2005-0584, CAN-2005-0586, CAN-2005-0588, CAN-2005-0589, CAN-2005-0590, CAN-2005-0591, CAN-2005-0592, CAN-2005-0593, iDEFENSE#200, ESB-2005.0194, P-149, RHSA-2005-176, ESB-2005.0191, ESB-2005.0196, SUSE-SA:2005:016
ID: ae-200503-002

Seventeen vulnerabilities were found in the Web browser Mozilla Firefox. Exploiting the worst of these vulnerabilities may allow an attacker to execute arbitrary code or conduct malicious spoofing attacks. Firefox 1.0.1 fixes these problems.

System: SuSE Linux
Topic: Vulnerability in uw-imap
Links: CAN-2005-0198, SuSE-2005_12
ID: ae-200503-001

A logical error was found in the challenge response authentication mechanism CRAM-MD5 used by the University of Washington imap daemon. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user. Fixed packages are avaiable now.



(c) 2000-2014 AERAsec Network Services and Security GmbH