Vulnerabilities in the diff and preview scripts allow unautorized user to view restricted areas and gain access to confidential content in TWiki topics. Fixed software is available now.

The winbindd daemon of Samba writes the clear text of the machine trust account password to log files. These log files are world readable by default. Fixed software is available now.

Multiple buffer overflow vulnerabilities have been identified in daemons running on Veritas NetBackup Master, Media Servers and clients. An attacker, able to access a vulnerable Veritas NetBackup server or client and successfully exploit any of these issues, could potentially execute arbitrary code resulting in possible unauthorized, elevated privileged access to the targeted system. Fixed software is available now.

Several vulnerabilities were found in racoo, pf, mail and in the kernel. Patches are available now.

A security vulnerability in the "/usr/ucb/ps" (see ps(1B)) command may allow unprivileged local users the ability to see environment variables and their values for processes which belong to other users. A patch is available now.

A security vulnerability in the Sun Grid Engine / N1 Grid Engine rsh(1) binary may allow a local unprivileged user the ability to gain unauthorized root access. Fixed software is available now.

Multiple vulnerabilities in PHP allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in ext/curl and ext/gd. Fixed packages are available now.

It was discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files. Fixed packages are available now.

A vulnerability in FreeRADIUS allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. Fixed packages are available now.

It was discovered that flex, a scanner generator, generates code, which allocates insufficient memory, if the grammar contains REJECT statements or trailing context rules. This may lead to a buffer overflow and the execution of arbitrary code. Fixed packages are available now.

A security vulnerability has been identified in HP-UX running swagentd. The vulnerability could be exploited remotely by an unauthenticated user to cause swagentd to abort resulting in a Denial of Service (DoS). HP has released patches now.

No further comment due to legal reasons.

Multiple buffer overflow vulnerabilities were found in xpdf. Fixed packages are available now.

Local exploitation of a design error in the multiple Internet Security Systems (ISS) products may allow a user to gain System level privileges. Affected products are BlackICE PC Protection, BlackICE Server Protection, BlackICE Agent for Server, and RealSecure Desktop.

A vulnerability in FreeRADIUS allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. Fixed packages are available now.

A buffer overflow bug was discovered in the way RealPlayer processes Flash Media (.swf) files. It is possible for a malformed Flash Media file to execute arbitrary code as the user running RealPlayer. Fixed software is available now.

Several format string vulnerabilities were discovered in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code.
A number of vulnerabilities were discovered in the Linux 2.6 kernel and Linux 2.4 kernel.
Several potential vulnerabilities were found in xpdf, the Portable Document Format (PDF) suite, which are also present in koffice, the KDE Office Suite.
Fixed packagess are available now.

IPsec provides an anti-replay service which when enabled prevents an attacker from successfully executing a replay attack. This is done through the verification of sequence numbers. A programming error in the fast_ipsec(4) implementation results in the sequence number associated with a Security Association not being updated, allowing packets to unconditionally pass sequence number verification checks. An attacker able to to intercept IPSec packets can replay them. If higher level protocols which do not provide any protection against packet replays (e.g., UDP) are used, this may have a variety of effects.
The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return "root" even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user.
Patches are available now.

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel, so a kernel update should be installed as soon as possible. Fixed packages are available now.

A buffer overflow was discovered in firebird2, an RDBMS based on InterBase 6.0 code, that allows remote attackers to crash. Fixed packages are available now.

A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as the user running sendmail (typically root). Fixed software is available now.

A programming flaw in the X.Org X Server allows local attackers to gain root access when the server is setuid root. Fixed software is available now.

Two vulnerabilities have been discovered in the Debian vserver support for Linux.
A buffer overflow in the command line argument parsing has been discovered in unzip, the de-archiver for ZIP files that could lead to the execution of arbitrary code.
It was discovered that snmptrapfmt, a configurable snmp trap handler daemon for snmpd, does not prevent overwriting existing files when writing to a temporary log file.
Fixed packagess are available now.

IBM released technotes and updates for 'Tivoli Directory Server', 'Tivoli Identity Manager' and 'Websphere Application Server' to avoid denial-of-service attacks, providing misleading information and reduced security.

Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail (a lightweight multilingual web-based IMAP/POP3 client) allow remote attackers to inject arbitrary web script or HTML via the e-mail body, filename, or MIME type.
A fixed package solve these problems.

Certain versions of 'usermod' have unexpected behavior in special cases of combining options. It recursively changes the ownership of all directories and files under a users's new home directory. This may result in unauthorized access to these files and directories.
Several longer known vulnerabilities (mod_ssl, proxy_http) in the 'Apache 2' webserver were fixed now.
'Apache 1.x' running on 'VirtualVault' 4.5 to 4.7 may allow HTTP request splitting/spoofing attacks resulting in remote unauthorized access.
HP has released patches now.

In versions of 'Xorg' 6.9.0 and greater have a bug in xf86Init.c which can be used for a local root exploit.
A problem in 'cairo', used by GNOME 'evolution', can lead to a persistent client crash resulting in a remote triggered denial-of-service.
Fixed packages are available now.

A format string vulnerability in the job log in BENGINE.exe of the Backup Exec Media Server was found. The malicious user could potentially be able to run arbitrary code on the system hosting the Media Server.
Patches are available now for following vulnerable versions: Backup Exec for Windows Servers 9.1, 10.0, 10.1

It was discovered that the wzdftpd FTP server lacks input sanitising for the SITE command, which may lead to the execution of arbitrary shell commands.
A buffer overflow has been discovered in the crossfire game which allows remote attackers to execute arbitrary code.
Fixed packages solve these problems.

Several security issues in CoreTypes, Mail, and Safari are fixed and bundled in the Security Update 2006-002, which is available now.

Several vulnerabilities have been detected in Drupal, a fully-featured content management and discussion engine. Due to missing input sanitising a remote attacker could inject headers of outgoing E-Mail messages and use Drupal as a spam proxy. Missing input sanity checks allows attackers to inject arbitrary web script or HTML. Menu items created with the menu.module lacked access control, which might allow remote attackers to access administrator pages. Finally, a bug in the session fixation which may allow remote attackers to gain Drupal user privileges.
An earlier published patch for kpdf, the PDF viewer for KDE, doesn't fix all buffer overflows, still allowing an attacker to execute arbitrary code.
Updated packages solve these problems.

Severl vulnerabilities were found in the OpenSSH, vim, and XORGServer packages. Fixed packages are available now.

It was discoverd that xpvm, a graphical console and monitor for PVM, creates a temporary file that allows local attackers to create or overwrite arbitrary files with the privileges of the user running xpvm.
It was discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code. The vlc media player and xine-lib are also affected by this vulnerability.
Fixed packages are available now.

A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user.
A denial of service flaw was found in the way squid processes certain NTLM authentication requests. It is possible for a remote attacker to crash the Squid server by sending a specially crafted NTLM authentication request.
A bug was found in the way vixie-cron installs new crontab files. It is possible for a local attacker to execute the crontab command in such a way that they can view the contents of another user's crontab file.
Several vulnerabilities were found in the linux kernel.
Fixed packages are available now.

Several security related problems have been discovered in webcalendar, a PHP based multi-user calendar. Fixed packages are available now.

No further comment due to legal reasons

No further comment due to legal reasons

Severl vulnerabilities were found in the libpcre, libwww, and libcurl libraries. Fixed packages are available now.

Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Fixed software is available now.

It was discovered that Crossfire, a multiplayer adventure game, performs insufficient bounds checking on network packets when run in "oldsocketmode", which may possibly lead to the execution of arbitrary code. Fixed packages are available now.

It was discovered that bomberclone, a free Bomberman-like game, crashes when receiving overly long error packets, which may also allow remote attackers to execute arbitrary code.
Several potential vulnerabilities were found in xpdf, which are also present in libextractor, a library to extract arbitrary meta-data from files.
Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine.
An algorithm weakness has been discovered in Apache2::Request, the generic request library for Apache2 which can be exploited remotely and cause a denial of service via CPU consumption.
Fixed packages are available now.

SGI has released the Security Update #55 for SGI Advanced Linux Environment 3. These updates fix security related problems in ImageMagick, bzip2, and tar. So it's recommended to install this update.

It was discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code.
A denial of service condition was discovered in the free Civilization server that allows a remote user to trigger a server crash.
A buffer overflow was discovered in metamail, an implementation of MIME (Multi-purpose Internet Mail Extensions), that could lead to a denial of service or potentially execute arbitrary code when processing messages.
It was discovered that the Perl Crypt::CBC module produces weak ciphertext when used with block encryption algorithms with blocksize> 8 bytes.
Fixed packages are available now.

A denial of service condition has been discovered in bluez-hcidump, a utility that analyses Bluetooth HCI packets, which can be triggered remotely.
A buffer overflow was discovered in zoo, a utility to manipulate zoo archives, that could lead to the execution of arbitrary code when unpacking a specially crafted zoo archive.
Fixed packages are available now.

The GNU Privacy Guard (GPG) allows crafting a message which could check out correct using "--verify", but would extract a different, potentially malicious content when using "-o --batch". Fixed packages are available now.

It was discovered that Zoph, a web based photo management system performs insufficient sanitising for input passed to photo searches, which may lead to the execution of SQL commands through a SQL injection attack. Fixed packages are available now.

An integer overflow flaw was found in Python's PCRE library that could be triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library.
It was discovered that a kpdf security fix was incomplete. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened.
Fixed packages are available now.

Three local access vulnerabilities were found impacting the Sybase SQLAnywhere database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite (SGSS). Successful exploitation by a malicious local user could result in unauthorized information disclosure, modification or destruction of stored administrative data or could possibly be leveraged by a non-privileged local user to potentially gain additional access on the local system. Fixed software is available now.

Multiple vulnerabilities have been identified on HP Tru64 UNIX operating systems running IPSEC, which uses the Internet Security Association and Key Management Protocol (ISAKMP). The vulnerabilities could be exploited remotely to cause Denial of Service (DoS). HP has released Early Release Patch kits (ERPs) publicly.

It was that discovered the official published kpdf patches for several previous xpdf vulnerabilities were lacking some hunks published by upstream xpdf. As a result, kpdf is still vulnerable to certain carefully crafted pdf files. Fixed packages are available now.

Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. A flaw was found in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. A interpretation conflict in the MagicHTML filter allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) slashes inside the "url" keyword, which is processed by some web browsers including Internet Explorer. A CRLF injection vulnerability allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." Fixed packages are available now.

Seven (7) vulnerabilities with the use of "reflection" APIs in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Fixed packages are available now.

A Denial of Service vulnerability was discovered in the civserver component of the freeciv game on certain incoming packets. Fixed packages are available now.

A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user.
A denial of service flaw was found in the way squid processes certain NTLM authentication requests. It is possible for a remote attacker to crash the Squid server by sending a specially crafted NTLM authentication request.
A denial of service bug was found in SpamAssassin. An attacker could construct a message in such a way that would cause SpamAssassin to crash.
The dm-crypt kernel module does not clear a structure before freeing it, which could allow local users to discover information about cryptographic keys.
Fixed packages are available now.

A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. A flaw in date handling was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. Fixed packages are available now.

A buffer overflow vulnerability was found in GNU tar. Fixed packages are available now.

A local unprivileged user may be able to cause significant performance degradation, hang the system, or panic the system, resulting in a Denial of Service (DoS) condition. This is due to a security vulnerability involving the pagedata subsystem of the process file system "/proc". A patch is available now.

Several serious bugs were found in gnutls, that would make the DER decoder in libtasn1 crash on invalid input. Fixed software is available now.

Oracle has released patches for multiple security vulnerabilities. There are several sql injection and information disclosure vulnerabilities reported. Oracle warns that the unpatched exposure risk is high. Exploiting some of the vulnerabilities requires network access, but not valid user accounts. Please refer to the advisory from Oracle for further information.

The Dantz Retrospect 7 backup client listens on TCP port 497 for commands from the central backup server. Sending a specially crafted malformed packet to this socket can force the backup client to terminate. This allows for an unauthenticated attacker to effectively disable the network backup services for a target network. This problem has been resolved in the latest updates to the Retrospect Client for Windows versions 7.0.109 and 6.5.138 software.

Local exploitation of a design error in version 10.3.9 of Apple's Mac OS X might allow arbitrary files to be overwritten with user supplied contents. The /usr/bin/passwd binary is a setuid application which allows users to change their password. There are two related vulnerabilities. A first vulnerability occurs because the Mac OS X version of the passwd utility accepts options specifying which password database to operate on. The passwd binary does not check that the user has permissions to create a file in the location specified and doesn't set the created file permissions. By setting the file creation mask to 0 a user can create arbitrary files owned by root, with permissions which allow any user to change the contents. A second vulnerability exists in the insecure creation of temporary files with predictable names. The temporary filename created by the process is in the form /tmp/.pwtmp. where is the process id of the passwd process. By creating a symbolic link to the target file, and then changing the password, it's possible to put controllable contents into the target file.
An update remedies these problems.

An unprivileged local user may be able to cause a Perl application to crash or possibly execute arbitrary code with the privileges of the Perl application due to an integer overflow in the Perl_sv_vcatpvfn() function. A patch is available now.
Several vulnerabilities were found in the Apache 2.0 and Apache 1.3 Webserver. Patches are not available yet.

Several security issues in apache_mod_php, automount, BOM, Directory Services, FileVault, IPSec, LibSystem, Mail, perl, rsync, Safari, Syndication, and iChat were fixed and bundled in the now available Security Update 2006-001.

A vulnerability in OpenSSH allows remote unauthenticated denial of sevice attackes, if PAM authentication is used.
A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic.
Fixed packages are available now.

A security vulnerability has been identified with HP System Management Homepage (SMH) running on Microsoft Windows. The vulnerability could be exploited remotely to allow unauthorized access to files via directory traversal. Fixed software is not available yet. A workaround is described in the advisory.

The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. Fixed packages are available now.

A buffer overflow vulnerability was found in GNU tar. Fixed packages are available now.

A buffer overflow was found in the way unzip handles file name arguments. If a user could be tricked into processing a specially crafted, excessively long file name with unzip, an attacker could execute arbitrary code with the user's privileges.
Temporary file vulnerabilities were discovered in the autopoint and gettextize scripts, part of GNU gettext. These scripts insecurely created temporary files which could allow a malicious user to overwrite another user's files via a symlink attack.
Fixed packages are available now.