Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-50-17-162-174.compute-1.amazonaws.com [50.17.162.174]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 03 / 2006

System: Various
Topic: Vulnerabilities in TWiki
Links: TWiki, CVE-2006-1386, Q-160
ID: ae-200603-068

Vulnerabilities in the diff and preview scripts allow unautorized user to view restricted areas and gain access to confidential content in TWiki topics. Fixed software is available now.

System: Various
Topic: Vulnerability in Samba winbindd
Links: Samba, CVE-2006-1059, ESB-2006.0249, Q-159
ID: ae-200603-067

The winbindd daemon of Samba writes the clear text of the machine trust account password to log files. These log files are world readable by default. Fixed software is available now.

System: Various
Topic: Vulnerabilities in Veritas NetBackup
Links: SYM06-006, CVE-2006-0989, CVE-2006-0990, CVE-2006-0991, VU#377441, VU#744137, VU#880801, Q-156
ID: ae-200603-066

Multiple buffer overflow vulnerabilities have been identified in daemons running on Veritas NetBackup Master, Media Servers and clients. An attacker, able to access a vulnerable Veritas NetBackup server or client and successfully exploit any of these issues, could potentially execute arbitrary code resulting in possible unauthorized, elevated privileged access to the targeted system. Fixed software is available now.

System: NetBSD
Topic: Vulnerabilities in racoon, pf, kernel, and mail
Links: NetBSD-SA2006-003, NetBSD-SA2006-004, NetBSD-SA2006-005, NetBSD-SA2006-007, NetBSD-SA2006-008, ESB-2006.0243, ESB-2006.0244, ESB-2006.0245, ESB-2006.0246, ESB-2006.0247
ID: ae-200603-065

Several vulnerabilities were found in racoo, pf, mail and in the kernel. Patches are available now.

System: Sun Solaris
Topic: Vulnerability in /usr/ucb/ps
Links: Sun Alert #102215, ESB-2006.0241
ID: ae-200603-064

A security vulnerability in the "/usr/ucb/ps" (see ps(1B)) command may allow unprivileged local users the ability to see environment variables and their values for processes which belong to other users. A patch is available now.

System: Various
Topic: Vulnerability in Sun Grid Engine rsh
Links: Sun Alert 102268, ESB-2006.0240
ID: ae-200603-063

A security vulnerability in the Sun Grid Engine / N1 Grid Engine rsh(1) binary may allow a local unprivileged user the ability to gain unauthorized root access. Fixed software is available now.

System: Turbolinux
Topic: Vulnerabilities in php
Links: TLSA-2006-6, CAN-2005-3391
ID: ae-200603-062

Multiple vulnerabilities in PHP allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in ext/curl and ext/gd. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in netpbm-free
Links: DSA-1021, CVE-2005-2471, ESB-2006.0239, Q-158
ID: ae-200603-061

It was discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files. Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerability in freeradius
Links: SuSE-2006:19, CVE-2006-1354
ID: ae-200603-060

A vulnerability in FreeRADIUS allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in flex
Links: DSA-1020, CVE-2006-0459, ESB-2006.0238, Q-157
ID: ae-200603-059

It was discovered that flex, a scanner generator, generates code, which allocates insufficient memory, if the grammar contains REJECT statements or trailing context rules. This may lead to a buffer overflow and the execution of arbitrary code. Fixed packages are available now.

System: HP-UX
Topic: Vulnerability in swagentd
Links: HPSBUX02105, SSRT061134, ESB-2006.0237
ID: ae-200603-058

A security vulnerability has been identified in HP-UX running swagentd. The vulnerability could be exploited remotely by an unauthenticated user to cause swagentd to abort resulting in a Denial of Service (DoS). HP has released patches now.

System: Microsoft Windows
Topic: Vulnerability in Internet Explorer
Links: Microsoft, CVE-2006-1359, ISS Alert #217, Q-154, VU#876678
ID: ae-200603-057

No further comment due to legal reasons.

System: SCO OpenServer
Topic: Vulnerabilities in xpdf
Links: SCOSA-2006.15, CAN-2005-3191, CAN-2005-3192, CAN-2005-3193, CAN-2005-3624, CAN-2005-3625, CAN-2005-3626, CAN-2005-3627, CAN-2006-0301
ID: ae-200603-056

Multiple buffer overflow vulnerabilities were found in xpdf. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in ISS BlackICE / RealSecure Desktop
Links: iDEFENSE, CAN-2005-2711, ESB-2006.0232, ESB-2006.0238
ID: ae-200603-055

Local exploitation of a design error in the multiple Internet Security Systems (ISS) products may allow a user to gain System level privileges. Affected products are BlackICE PC Protection, BlackICE Server Protection, BlackICE Agent for Server, and RealSecure Desktop.

System: Mandriva Linux
Topic: Vulnerability in freeradius
Links: MDKSA-2006:060, CVE-2006-1354
ID: ae-200603-054

A vulnerability in FreeRADIUS allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. Fixed packages are available now.

System: Various
Topic: Vulnerability in RealPlayer
Links: CVE-2005-2922, CVE-2006-0323, iDEFENSE, VU#231028, VU#451556, VU#172489, RHSA-2006-0257, ESB-2006.0236, Q-153, SUSE-SA:2006:018, ISS Alert, Q-166,
ID: ae-200603-053

A buffer overflow bug was discovered in the way RealPlayer processes Flash Media (.swf) files. It is possible for a malformed Flash Media file to execute arbitrary code as the user running RealPlayer. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in evolution, kernel, and koffice
Links: DSA-1016, CVE-2005-2549, CVE-2005-2550, ESB-2006.0230,
DSA-1017, DSA-1018, CVE-2005-3257, ESB-2006.0231, Q-155, ESB-2006.0235,
DSA-1019, CVE-2006-1244, ESB-2006.0234
ID: ae-200603-052

Several format string vulnerabilities were discovered in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code.
A number of vulnerabilities were discovered in the Linux 2.6 kernel and Linux 2.4 kernel.
Several potential vulnerabilities were found in xpdf, the Portable Document Format (PDF) suite, which are also present in koffice, the KDE Office Suite.
Fixed packagess are available now.

System: FreeBSD
Topic: Vulnerabilities in ipsec and opie
Links: FreeBSD-SA-06:11, CVE-2006-0905, ESB-2006.0222, FreeBSD-SA-06:12, CVE-2006-1283, ESB-2006.0223
ID: ae-200603-051

IPsec provides an anti-replay service which when enabled prevents an attacker from successfully executing a replay attack. This is done through the verification of sequence numbers. A programming error in the fast_ipsec(4) implementation results in the sequence number associated with a Security Association not being updated, allowing packets to unconditionally pass sequence number verification checks. An attacker able to to intercept IPSec packets can replay them. If higher level protocols which do not provide any protection against packet replays (e.g., UDP) are used, this may have a variety of effects.
The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return "root" even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user.
Patches are available now.

System: Mandriva Linux
Topic: Vulnerabilities in kernel
Links: MDKSA-2006:059, CVE-2005-2709, CVE-2005-3044, CVE-2005-3359, CVE-2006-0457, CVE-2006-0554, CVE-2006-0555, CVE-2006-0557, CVE-2006-0741, CVE-2006-0742
ID: ae-200603-050

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel, so a kernel update should be installed as soon as possible. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in firebird2
Links: DSA-1014, CVE-2004-2043, ESB-2006.0228
ID: ae-200603-049

A buffer overflow was discovered in firebird2, an RDBMS based on InterBase 6.0 code, that allows remote attackers to crash. Fixed packages are available now.

System: Various
Topic: Vulnerability in Sendmail
Links: Sendmail, CVE-2006-0058, ESB-2006.0227, VU#834865, ISS Advisory, AL-2006.0020, RHSA-2006-0264, Q-151, ESB-2006.0226, DSA-1015, ESB-2006.0229, SUSE-SA:2006:017, MDKSA-2006:058, FreeBSD-SA-06:13, ESB-2006.0224, ESB-2006.0225, OpenPKG-SA-2006.007, OpenBSD, FLSA-2006_186277, Sun Alert 102262, ESB-2006.0233, TLSA-2006-5, NetBSD-SA2006-010, ESB-2006.0248, SGI-20060302-01-P, HPSBUX02108, SSRT061133, ESB-2006.0261
ID: ae-200603-048

A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as the user running sendmail (typically root). Fixed software is available now.

System: Various
Topic: Vulnerabilities in Xorg X server
Links: X.Org, CVE-2006-0745, Sun Alert 102252, ESB-2006.0217, SUSE-SA:2006:016
ID: ae-200603-047

A programming flaw in the X.Org X Server allows local attackers to gain root access when the server is setuid root. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in kernel-patch-vserver, unzip, and snmptrapfmt
Links: DSA-1011, CVE-2005-4347, CVE-2005-4418, ESB-2006.0216, Q-149,
DSA-1012, CVE-2005-4667, ESB-2006.0218, Q-150,
DSA-1013, CVE-2006-0050, ESB-2006.0220, Q-152
ID: ae-200603-046

Two vulnerabilities have been discovered in the Debian vserver support for Linux.
A buffer overflow in the command line argument parsing has been discovered in unzip, the de-archiver for ZIP files that could lead to the execution of arbitrary code.
It was discovered that snmptrapfmt, a configurable snmp trap handler daemon for snmpd, does not prevent overwriting existing files when writing to a temporary log file.
Fixed packagess are available now.

System: UNIX, Linux, Mac OS X, Windows
Topic: Security problems in IBM Tivoli Directory Server, Tivoli Identity Manager, Websphere Application Server
Links: ESB-2006.0210
ID: ae-200603-045

IBM released technotes and updates for 'Tivoli Directory Server', 'Tivoli Identity Manager' and 'Websphere Application Server' to avoid denial-of-service attacks, providing misleading information and reduced security.

System: Debian GNU/Linux
Topic: Vulnerability in ilohamail
Links: DSA-1010, CVE-2005-1120, ESB-2006.0212
ID: ae-200603-044

Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail (a lightweight multilingual web-based IMAP/POP3 client) allow remote attackers to inject arbitrary web script or HTML via the e-mail body, filename, or MIME type.
A fixed package solve these problems.

System: HP UX
Topic: Vulnerabilities in usermod, Apache 2 and Apache 1.x on VirtualVault
Links: HPSBUX02102, SSRT051078, ESB-2006.0213,
HPSBUX02074, SSRT051251, ESB-2006.0214, CVE-2005-1268, CVE-2005-2088, CVE-2005-2491, CVE-2005-2728, ESB-2005.0697, ae-200509-017
HPSBUX02101, SSRT051128, ESB-2006.0215
ID: ae-200603-043

Certain versions of 'usermod' have unexpected behavior in special cases of combining options. It recursively changes the ownership of all directories and files under a users's new home directory. This may result in unauthorized access to these files and directories.
Several longer known vulnerabilities (mod_ssl, proxy_http) in the 'Apache 2' webserver were fixed now.
'Apache 1.x' running on 'VirtualVault' 4.5 to 4.7 may allow HTTP request splitting/spoofing attacks resulting in remote unauthorized access.
HP has released patches now.

System: Mandriva Linux
Topic: Vulnerabilites in xorg-x11 and cairo
Links: MDKSA-2006:056, CVE-2006-0745
MDKSA-2006:057, CVE-2006-0528
ID: ae-200603-042

In versions of 'Xorg' 6.9.0 and greater have a bug in xf86Init.c which can be used for a local root exploit.
A problem in 'cairo', used by GNOME 'evolution', can lead to a persistent client crash resulting in a remote triggered denial-of-service.
Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Symantec Backup Exec
Links: SYM06-005, Q-148, ESB-2006.0219, ESB-2006.0221
ID: ae-200603-041

A format string vulnerability in the job log in BENGINE.exe of the Backup Exec Media Server was found. The malicious user could potentially be able to run arbitrary code on the system hosting the Media Server.
Patches are available now for following vulnerable versions: Backup Exec for Windows Servers 9.1, 10.0, 10.1

System: Debian GNU/Linux
Topic: Vulnerabilities in wzdftpd and crossfire
Links: DSA-1006, CVE-2005-3081, ESB-2006.0207
DSA-1009, CVE-2006-1236, ESB-2006.0211
ID: ae-200603-040

It was discovered that the wzdftpd FTP server lacks input sanitising for the SITE command, which may lead to the execution of arbitrary shell commands.
A buffer overflow has been discovered in the crossfire game which allows remote attackers to execute arbitrary code.
Fixed packages solve these problems.

System: Mac OS X
Topic: Security Update 2006-002
Links: APPLE-SA-2006-02, CVE-2006-0396, CVE-2006-0397, CVE-2006-0398, CVE-2006-0399, CVE-2006-0400, VU#980084
ID: ae-200603-039

Several security issues in CoreTypes, Mail, and Safari are fixed and bundled in the Security Update 2006-002, which is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in drupal and kdegraphics
Links: DSA-1007, CVE-2006-1225, CVE-2006-1226, CVE-2006-1227, CVE-2006-1228, ESB-2006.0208,
DSA-1008, CVE-2006-0746, ESB-2006.0209
ID: ae-200603-038

Several vulnerabilities have been detected in Drupal, a fully-featured content management and discussion engine. Due to missing input sanitising a remote attacker could inject headers of outgoing E-Mail messages and use Drupal as a spam proxy. Missing input sanity checks allows attackers to inject arbitrary web script or HTML. Menu items created with the menu.module lacked access control, which might allow remote attackers to access administrator pages. Finally, a bug in the session fixation which may allow remote attackers to gain Drupal user privileges.
An earlier published patch for kpdf, the PDF viewer for KDE, doesn't fix all buffer overflows, still allowing an attacker to execute arbitrary code.
Updated packages solve these problems.

System: SCO OpenServer
Topic: Vulnerabilities in OpenSSH, vim, and XORGServer
Links: SCOSA-2006.11, SCOSA-2006.12, SCOSA-2006.13, SCOSA-2006.14
ID: ae-200603-037

Severl vulnerabilities were found in the OpenSSH, vim, and XORGServer packages. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in xpvm, vlc, and xine-lib
Links: DSA-1003, CVE-2005-2240, ESB-2006.0203,
DSA-1004, DSA-1005, CVE-2005-4048, ESB-2006.0205, ESB-2006.0206
ID: ae-200603-036

It was discoverd that xpvm, a graphical console and monitor for PVM, creates a temporary file that allows local attackers to create or overwrite arbitrary files with the privileges of the user running xpvm.
It was discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code. The vlc media player and xine-lib are also affected by this vulnerability.
Fixed packages are available now.

System: Red Hat Enterprise Linux 3
Topic: Vulnerabilities in initscripts, squid, vixie-cron, and kernel
Links: RHSA-2006-0015, CVE-2005-3629, ESB-2006.0200,
RHSA-2006-0045, CVE-2005-2917, ESB-2006.0198,
RHSA-2006-0117, CVE-2005-1038, ESB-2006.0201,
RHSA-2006-144 CVE-2005-2458, CVE-2005-2801, CVE-2005-3276, ESB-2006.0199
ID: ae-200603-035

A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user.
A denial of service flaw was found in the way squid processes certain NTLM authentication requests. It is possible for a remote attacker to crash the Squid server by sending a specially crafted NTLM authentication request.
A bug was found in the way vixie-cron installs new crontab files. It is possible for a local attacker to execute the crontab command in such a way that they can view the contents of another user's crontab file.
Several vulnerabilities were found in the linux kernel.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in webcalendar
Links: DSA-1002, CVE-2005-3949, CVE-2005-3961, CVE-2005-3982, ESB-2006.0197
ID: ae-200603-034

Several security related problems have been discovered in webcalendar, a PHP based multi-user calendar. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerabilities Microsoft Office
Links: MS06-012, CVE-2005-4131, CVE-2006-0009, CVE-2006-0028, CVE-2006-0029, CVE-2006-0030, CVE-2006-0031, VU#104302, VU#123222, VU#235774, VU#339878, VU#642428, VU#682820, ESB-2006.0193, Q-145
ID: ae-200603-033

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability Microsoft Windows Services DACL
Links: MS06-011, CVE-2006-0023, ESB-2006.0193, Q-146
ID: ae-200603-032

No further comment due to legal reasons

System: SCO OpenServer
Topic: Vulnerabilities in System Libraries
Links: SCOSA-2006.10
ID: ae-200603-031

Severl vulnerabilities were found in the libpcre, libwww, and libcurl libraries. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Flash Player
Links: APSB06-03, CVE-2006-0024, VU#945060, Q-147, RHSA-2006-0268, ESB-2006.0194, ESB-2006.0195, ESB-2006.0202, SUSE-SA:2006:015
ID: ae-200603-030

Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerability in crossfire
Links: DSA-1001, CVE-2006-1010
ID: ae-200603-029

It was discovered that Crossfire, a multiplayer adventure game, performs insufficient bounds checking on network packets when run in "oldsocketmode", which may possibly lead to the execution of arbitrary code. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in bomberclone, libextractor, lurker, and libapreq2-perl
Links: DSA-997, CVE-2006-0460,
DSA-998, ESB-2006.0204,
DSA-999, CVE-2006-1062, CVE-2006-1063, CVE-2006-1064, ESB-2006.0191,
DSA-1000, CVE-2006-0042, ESB-2006.0192
ID: ae-200603-028

It was discovered that bomberclone, a free Bomberman-like game, crashes when receiving overly long error packets, which may also allow remote attackers to execute arbitrary code.
Several potential vulnerabilities were found in xpdf, which are also present in libextractor, a library to extract arbitrary meta-data from files.
Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine.
An algorithm weakness has been discovered in Apache2::Request, the generic request library for Apache2 which can be exploited remotely and cause a denial of service via CPU consumption.
Fixed packages are available now.

System: SGI Advanced Linux Environment
Topic: Vulnerabilities in ImageMagick, bzip2, and tar
Links: SGI-20060301-01
ID: ae-200603-027

SGI has released the Security Update #55 for SGI Advanced Linux Environment 3. These updates fix security related problems in ImageMagick, bzip2, and tar. So it's recommended to install this update.

System: Debian GNU/Linux
Topic: Vulnerabilities in ffmpeg, freeciv, metamail, and libcrypt-cbc-perl
Links: DSA-992, Q-144, CVE-2005-4048,
DSA-994, CVE-2006-0047,
DSA-995, CVE-2006-0709, ESB-2006.0189,
DSA-996, CVE-2006-0898, ESB-2006.0190
ID: ae-200603-026

It was discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code.
A denial of service condition was discovered in the free Civilization server that allows a remote user to trigger a server crash.
A buffer overflow was discovered in metamail, an implementation of MIME (Multi-purpose Internet Mail Extensions), that could lead to a denial of service or potentially execute arbitrary code when processing messages.
It was discovered that the Perl Crypt::CBC module produces weak ciphertext when used with block encryption algorithms with blocksize> 8 bytes.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in bluez-hcidump and zoo
Links: DSA-990, CVE-2006-0670, ESB-2006.0186,
DSA-991, CVE-2006-0855, ESB-2006.0167
ID: ae-200603-025

A denial of service condition has been discovered in bluez-hcidump, a utility that analyses Bluetooth HCI packets, which can be triggered remotely.
A buffer overflow was discovered in zoo, a utility to manipulate zoo archives, that could lead to the execution of arbitrary code when unpacking a specially crafted zoo archive.
Fixed packages are available now.

System: Various
Topic: Vulnerability in GPG
Links: CVE-2006-0049, DSA-993, SUSE-SA:2006:014, RHSA-2006-0266, ESB-2006.0196, MDKSA-2006:055
ID: ae-200603-024

The GNU Privacy Guard (GPG) allows crafting a message which could check out correct using "--verify", but would extract a different, potentially malicious content when using "-o --batch". Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in zoph
Links: DSA-989, CVE-2006-0402, ESB-2006.0181
ID: ae-200603-023

It was discovered that Zoph, a web based photo management system performs insufficient sanitising for input passed to photo searches, which may lead to the execution of SQL commands through a SQL injection attack. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in python and kdegraphics
Links: RHSA-2006-0197, CVE-2005-2491, ESB-2006.0182,
RHSA-2006-0262, CVE-2006-0746, ESB-2006.0183
ID: ae-200603-022

An integer overflow flaw was found in Python's PCRE library that could be triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library.
It was discovered that a kpdf security fix was incomplete. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened.
Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Symantec Ghost
Links: SYM06-003, ESB-2006.0180
ID: ae-200603-021

Three local access vulnerabilities were found impacting the Sybase SQLAnywhere database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite (SGSS). Successful exploitation by a malicious local user could result in unauthorized information disclosure, modification or destruction of stored administrative data or could possibly be leveraged by a non-privileged local user to potentially gain additional access on the local system. Fixed software is available now.

System: HP Tru64 UNIX
Topic: Vulnerabilities in IPSEC
Links: HPSBTU02100, SSRT050979, ESB-2006.0176
ID: ae-200603-020

Multiple vulnerabilities have been identified on HP Tru64 UNIX operating systems running IPSEC, which uses the Internet Security Association and Key Management Protocol (ISAKMP). The vulnerabilities could be exploited remotely to cause Denial of Service (DoS). HP has released Early Release Patch kits (ERPs) publicly.

System: Mandriva Linux
Topic: Vulnerability in kdegraphics
Links: MDKSA-2006:054, CVE-2006-0746
ID: ae-200603-019

It was that discovered the official published kpdf patches for several previous xpdf vulnerabilities were lacking some hunks published by upstream xpdf. As a result, kpdf is still vulnerable to certain carefully crafted pdf files. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in squirrelmail
Links: DSA-988, CVE-2006-0188, CVE-2006-0195, CVE-2006-0377, ESB-2006.0177
ID: ae-200603-018

Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. A flaw was found in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. A interpretation conflict in the MagicHTML filter allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) slashes inside the "url" keyword, which is processed by some web browsers including Internet Explorer. A CRLF injection vulnerability allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." Fixed packages are available now.

System: Turbolinux
Topic: Vulnerabilities in Java
Links: TLSA-2006-4, Sun Alert #102171
ID: ae-200603-017

Seven (7) vulnerabilities with the use of "reflection" APIs in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerability in freeciv
Links: MDKSA-2006:053, CVE-2006-0047
ID: ae-200603-016

A Denial of Service vulnerability was discovered in the civserver component of the freeciv game on certain incoming packets. Fixed packages are available now.

System: Red Hat Enterprise Linux 4
Topic: Vulnerabilities in initscripts, squid, spamassassin, and kernel
Links: RHSA-2006-0016, CVE-2005-3629, Q-143, ESB-2006.0173,
RHSA-2006-0052, CVE-2005-2917, ESB-2006.0172,
RHSA-2006-0129, CVE-2005-3351, ESB-2006.0171,
RHSA-2006-132 CVE-2006-0095, ESB-2006.0170
ID: ae-200603-015

A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user.
A denial of service flaw was found in the way squid processes certain NTLM authentication requests. It is possible for a remote attacker to crash the Squid server by sending a specially crafted NTLM authentication request.
A denial of service bug was found in SpamAssassin. An attacker could construct a message in such a way that would cause SpamAssassin to crash.
The dm-crypt kernel module does not clear a structure before freeing it, which could allow local users to discover information about cryptographic keys.
Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in mailman
Links: RHSA-2006-0204, CVE-2005-3573, CVE-2005-4153, ESB-2006.0174
ID: ae-200603-014

A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. A flaw in date handling was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in tar
Links: DSA-987, CVE-2006-0300, ESB-2006.0168
ID: ae-200603-013

A buffer overflow vulnerability was found in GNU tar. Fixed packages are available now.

System: Sun Solaris
Topic: Vulnerability in Process File System
Links: Sun Alert #102159, ESB-2006.0164
ID: ae-200603-012

A local unprivileged user may be able to cause significant performance degradation, hang the system, or panic the system, resulting in a Denial of Service (DoS) condition. This is due to a security vulnerability involving the pagedata subsystem of the process file system "/proc". A patch is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in libtasn1 and gnutls11
Links: DSA-985, DSA-985, CVE-2006-0645, ESB-2006.0166, ESB-2006.0167, Q-139
ID: ae-200603-011

Several serious bugs were found in gnutls, that would make the DER decoder in libtasn1 crash on invalid input. Fixed software is available now.

System: Several
Topic: Vulnerabilities in Oracle Database
Links: Oracle Alert #68, VU#298958, Q-137, Q-140, ESB-2006.0179
ID: ae-200603-010

Oracle has released patches for multiple security vulnerabilities. There are several sql injection and information disclosure vulnerabilities reported. Oracle warns that the unpatched exposure risk is high. Exploiting some of the vulnerabilities requires network access, but not valid user accounts. Please refer to the advisory from Oracle for further information.

System: Microsoft Windows
Topic: Vulnerability in EMC Dantz Retrospect
Links: iDEFENSE #398, ESB-2006.0160
ID: ae-200603-009

The Dantz Retrospect 7 backup client listens on TCP port 497 for commands from the central backup server. Sending a specially crafted malformed packet to this socket can force the backup client to terminate. This allows for an unauthenticated attacker to effectively disable the network backup services for a target network. This problem has been resolved in the latest updates to the Retrospect Client for Windows versions 7.0.109 and 6.5.138 software.

System: Mac OS X
Topic: Vulnerabilities in passwd
Links: iDEFENSE #400, APPLE, CVE-2005-2713, CVE-2005-2714
ID: ae-200603-008

Local exploitation of a design error in version 10.3.9 of Apple's Mac OS X might allow arbitrary files to be overwritten with user supplied contents. The /usr/bin/passwd binary is a setuid application which allows users to change their password. There are two related vulnerabilities. A first vulnerability occurs because the Mac OS X version of the passwd utility accepts options specifying which password database to operate on. The passwd binary does not check that the user has permissions to create a file in the location specified and doesn't set the created file permissions. By setting the file creation mask to 0 a user can create arbitrary files owned by root, with permissions which allow any user to change the contents. A second vulnerability exists in the insecure creation of temporary files with predictable names. The temporary filename created by the process is in the form /tmp/.pwtmp. where is the process id of the passwd process. By creating a symbolic link to the target file, and then changing the password, it's possible to put controllable contents into the target file.
An update remedies these problems.

System: Sun Solaris
Topic: Vulnerabilities in perl, Apache 2, and Apache 1.3
Links: Sun Alert #102192, CVE-2005-3962, VU#948385, ESB-2006.0154,
Sun Alert #102198, ESB-2006.0157,
Sun Alert #102197, ESB-2006.0158
ID: ae-200603-007

An unprivileged local user may be able to cause a Perl application to crash or possibly execute arbitrary code with the privileges of the Perl application due to an integer overflow in the Perl_sv_vcatpvfn() function. A patch is available now.
Several vulnerabilities were found in the Apache 2.0 and Apache 1.3 Webserver. Patches are not available yet.

System: Mac OS X
Topic: Security Update 2006-001
Links: APPLE-SA-2006-03-01, CVE-2006-0391, VU#351217, VU#999708, VU#176732, iDEFENSE #399, Q-138, AL-2006.0017
ID: ae-200603-006

Several security issues in apache_mod_php, automount, BOM, Directory Services, FileVault, IPSec, LibSystem, Mail, perl, rsync, Safari, Syndication, and iChat were fixed and bundled in the now available Security Update 2006-001.

System: FreeBSD
Topic: Vulnerabilities in openssh and nfs
Links: FreeBSD-SA-06:09, CVE-2006-0883, ESB-2006.0155,
FreeBSD-SA-06:10, CVE-2006-0900, ESB-2006.0156
ID: ae-200603-005

A vulnerability in OpenSSH allows remote unauthenticated denial of sevice attackes, if PAM authentication is used.
A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic.
Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in HP System Management Homepage
Links: HPSBMA02099, SSRT061118, Q-136, ESB-2006.0151
ID: ae-200603-004

A security vulnerability has been identified with HP System Management Homepage (SMH) running on Microsoft Windows. The vulnerability could be exploited remotely to allow unauthorized access to files via directory traversal. Fixed software is not available yet. A workaround is described in the advisory.

System: Various
Topic: Vulnerability in mozilla-thunderbird
Links: CVE-2006-0884, AA-2006.0021, MDKSA-2006:052
ID: ae-200603-003

The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in tar
Links: RHSA-2006-0232, CVE-2006-0300, ESB-2006.0153, Q-141
ID: ae-200603-002

A buffer overflow vulnerability was found in GNU tar. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in unzip and gettext
Links: MDKSA-2006:050, CVE-2005-4667,
MDKSA-2006:051, CVE-2004-0966
ID: ae-200603-001

A buffer overflow was found in the way unzip handles file name arguments. If a user could be tricked into processing a specially crafted, excessively long file name with unzip, an attacker could execute arbitrary code with the user's privileges.
Temporary file vulnerabilities were discovered in the autopoint and gettextize scripts, part of GNU gettext. These scripts insecurely created temporary files which could allow a malicious user to overwrite another user's files via a symlink attack.
Fixed packages are available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH