Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-161-166-171.compute-1.amazonaws.com [54.161.166.171]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 06 / 2006

System: Various
Topic: Vulnerability in Apple iTunes
Links: APPLE-SA-2006-06-29, CVE-2006-1467, ESB-2006.0438, VU#907836, Q-237
ID: ae-200606-066

The AAC file parsing code in iTunes contains an integer overflow vulnerability. Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. Patches are available now.

System: HP Tru64 UNIX
Topic: Vulnerability in Perl
Links: HPSBTU02125, SSRT061105, CVE-2005-3962, ESB-2006.0437
ID: ae-200606-065

Security vulnerabilities have been identified in Perl 5.8.2 and earlier running on HP Tru64 UNIX. These vulnerabilities could be exploited by a local user to execute unauthorized code. Patches are available now.

System: Microsoft Windows
Topic: Vulnerabilities in Novell ZENworks Patch Management
Links: AL-2006.0055
ID: ae-200606-064

Several vulnerabilities were found in Novells ZENworks Patch Management. Patches are available now.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Internet Explorer
Links: VU#655100, CVE-2006-3281, AL-2006.0054
ID: ae-200606-063

Microsoft Internet Explorer fails to properly handle directories with CLSID extensions. This may allow an attacker to bypass the warning dialog that Internet Explorer should display before executing downloaded code. No security update is available yet.

System: Cisco Wireless Access Point
Topic: Vulnerability in Cisco Wireless Access Point
Links: Cisco, VU#544484, Q-235, AL-2006.0053
ID: ae-200606-062

A vulnerability exists in the access point web-browser interface when Security > Admin Access is changed from Default Authentication (Global Password) to Local User List Only (Individual Passwords). Successful exploitation of this vulnerability will result in unauthorized administrative access to the access point via the web management interface or via the console port. A patch is available now.

System: Various
Topic: Vulnerabilities in Cisco Wireless Control System
Links: Cisco, Q-234, AL-2006.0052
ID: ae-200606-061

Wireless Control System is a centralized, systems-level application for managing and controlling lightweight access points and wireless LAN controllers for the Cisco Unified Wireless Network. WCS contains multiple vulnerabilities including information disclosure and privilege escalation issues. Patches are available now.

System: Various
Topic: Vulnerabilities in OpenOffice.org and StarOffice
Links: OpenOffice.org, Sun Alert 102475, Sun Alert 102490, Sun Alert 102501, CVE-2006-2198, CVE-2006-2199, CVE-2006-3117, DSA-1104, ESB-2006.0439, ESB-2006.0442, Q-236, RHSA-2006-0573, ESB-2006.0444, SUSE-SA:2006:040, MDKSA-2006:118
ID: ae-200606-060

Several vulnerabilities were found in the OpenOffice.org ans StarOffice office suite. It is possible to embed arbitrary BASIC macros in documents in a way that OpenOffice.org does not see them but executes them anyway without any user interaction. It is possible to evade the Java sandbox with specially crafted Java applets. Loading malformed XML documents can cause buffer overflows and cause a denial of service or execute arbitrary code. Patches are available now.

System: Mandriva Linux
Topic: Vulnerability in mutt
Links: MDKSA-2006:115, CAN-2006-3242
ID: ae-200606-059

A stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. Fixed packages are available now.

System: Mac OS X
Topic: Vulnerabilities in AFP, ClamAV, ImageIO, launchd, and OpenLDAP
Links: APPLE, ESB-2006.0432, Q-233, CVE-2006-1468, CVE-2006-1989, CVE-2006-1469, CVE-2006-1471, CVE-2006-1470, VU#988356
ID: ae-200606-058

Several security issues in AFP, ClamAV, ImageIO, launchd, and OpenLDAP are fixed in Mac OS X version v10.4.7, which is available now.

System: Suse Linux
Topic: Vulnerabilities in freetype
Links: SUSE-SA:2006:037, CVE-2006-0747, CVE-2006-1861, CVE-2006-2661
ID: ae-200606-057

The freetype2 library renders TrueType fonts for open source projects. Three integer overflows were found in freetype2 that can lead to a remote denial-of-service attack and may lead to remote command execution. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in gd, tetex, and libwmf
Links: MDKSA-2006:112, MDKSA-2006:113, MDKSA-2006:114, CVE-2006-2906, CVE-2004-0941
ID: ae-200606-056

The LZW decoding in the gdImageCreateFromGifPtr function in the libgd graphics draw (GD) library allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Tetex and libwmf contain a embedded copies of the GD library code and are also vulnerable.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in kernel-source-2.6.8
Links: DSA-1103, ESB-2006.0433
ID: ae-200606-055

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Fixed packages are available now.

System: IBM HMC
Topic: Vulnerability in Hardware Management Console
Links: IBM, CVE-2006-0225, CVE-2006-0058, ESB-2006.0429
ID: ae-200606-054

Vulenrabilities were found in the openssh and sendmail programs of the Hardware Management Console (HMC). Patches are available now.

System: Various
Topic: Vulnerability in Sun ONE / Java System Application Server
Links: Sun Alert 102479, ESB-2006.0428
ID: ae-200606-053

A Cross Site Scripting (CSS or XSS) vulnerability in the Sun ONE and Sun Java System Application Server may allow an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server. Patches are available now.

System: HP-UX
Topic: Vulnerability in the kernel
Links: HPSBUX02127, SSRT051056, ESB-2006.0426
ID: ae-200606-052

A security vulnerability has been identified with HP-UX. The vulnerability could be exploited by a local user to create a Denial of Service (DoS). Patches are available now.

System: Suse Linux
Topic: Vulnerabilities in MySQL, Mozilla Firefox, Mozilla Thunderbird, and Mozilla SeaMonkey
Links: SUSE-SA:2006:036, CVE-2006-1516, CVE-2006-1517, CVE-2006-1518, SUSE-SA:2006:035
ID: ae-200606-051

Several vulnerabilities were found in MySQL, a popular SQL database management system.
Several vulnerabilities were found in Mozilla Firefox, Thunderbird and SeaMonkey, thirteen of which are rated as critical.
Fixed packagess are available now.

System: Mandriva Linux
Topic: Vulnerabilities in arts, xine-lib, wv2, and mysql
Links: MDKSA-2006:107, CVE-2006-2916, MDKSA-2006:108, CVE-2006-2802, MDKSA-2006:109, CVE-2006-2197, MDKSA-2006:111, CVE-2006-3081
ID: ae-200606-050

A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root.
A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server.
A boundary checking error was discovered in the wv2 library, used for accessing Microsoft Word documents. This error can lead to an integer overflow induced by processing certain Word files.
Mysqld allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
Fixed packages are available now.

System: Various
Topic: Vulnerability in GnuPG
Links: GnuPG, CVE-2006-3082, ESB-2006.0431, OpenPKG-SA-2006.010, MDKSA-2006:110
ID: ae-200606-049

A flaw in the handling of user IDs by GnuPG was detected, that may lead to denial of service or the execution of arbitrary code. A fixed software version is available now.

System: Debian GNU/Linux
Topic: Vulnerability in pinball
Links: DSA-1102, CVE-2006-2196
ID: ae-200606-048

It was discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Cisco Secure ACS 4.x
Links: FullDisclosure, Cisco, ESB-2006.0427
ID: ae-200606-047

Cisco Secure Access Control Server (ACS) provides a centralized identity networking solution and simplified user management experience across all Cisco devices and security management applications. A vulnerability has been identified in the Cisco Secure ACS session management architecture which could be exploited by an attacker to obtain full administrative access to the web interface and thus all managed assets (routers, switches, 802.1x authenticated networks, etc). By default, the Cisco Secure ACS web administration login page runs on TCP port 2002. Upon successful authentication, the client is then redirected to a dynamicand unique HTTP server port between 1024 and 65535. Once authenticated, ACS relies solely upon the port and the client IP address to validate the session. So an attacker might overtake the session - with all consequences.
Cisco is investigating on this topic and will publish a patch, if necessary.

System: Microsoft Windows
Topic: Vulnerability in WinSCP
Links: VU#912588, CVE-2006-3015
ID: ae-200606-046

WinSCP is an open source SFTP client for Microsoft windows. If an attacker convinces a user to follow a specially crafted URL, he or she can transfer a file directly to the user's computer. The attacker may also be able to append information to files. Version 3.8.2 of WinSCP has been published and contains a fix for this vulnerability.

System: OpenBSD
Topic: Vulnerability in Nagios
Links: OpenBSD, ae-200605-013
ID: ae-200606-045

As reported before, Nagios shows a buffer overflow when processing a HTTP header. Now, for OpenBSD a patch is available.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Hyperlink Object Library
Links: VU#394444, AL-2006.0051
ID: ae-200606-044

The Microsoft Windows system library for handling hyperlinks (HLINK.DLL) contains a buffer overflow. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. A patch is not available yet.

System: Microsoft Windows
Topic: Vulnerability in Cisco CallManager
Links: Cisco, VU#117929, ESB-2006.0423
ID: ae-200606-043

RealVNC is a remote control access product that is bundled with Cisco CallManager to provide remote console access. A vulnerability in RealVNC may allow a malicious user to bypass RealVNC authentication to gain console access to a Cisco CallManager system. A patch is available now.

System: Debian GNU/Linux
Topic: Vulnerability in courier
Links: DSA-1101, CVE-2006-2659, ESB-2006.0425
ID: ae-200606-042

A bug has been discovered in the Courier Mail Server that can result in a number of processes to consume arbitrary amounts of CPU power. Fixed packages are available now.

System: SUSE Linux
Topic: Vulnerabilities in tiff, snort, and xine-lib
Links: SUSE-SR:2006:014
ID: ae-200606-041

The weekly SUSE Security Summary report vulnerabilities in the tiff, snort, and xine-lib packages. Updated packages are available now and should be installed on the vulnerable systems.

System: SGI Advanced Linux Environment
Topic: Vulnerabilities in mailman, quagga, postgresql, sendmail, and xscreensaver
Links: SGI-20060602-01
ID: ae-200606-040

SGI has released the Security Update #59 for SGI Advanced Linux Environment 3. These updates fix security related problems in mailman, quagga, postgresql, sendmail, and xscreensaver. So it's recommended to install this update.

System: Suse Linux
Topic: Vulnerabilities in awstats
Links: SUSE-SA:2006:033, CVE-2006-2237, CVE-2006-2644
ID: ae-200606-039

Two remote code execution vulnerabilities were found in the WWW statistical analyzer awstats. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Cisco CallManager
Links: Cisco
ID: ae-200606-038

A Cross Site Scripting (XSS) weakness was discovered in the web interface of the Cisco CallManager. XSS attacks of this nature rely on intervention of a privileged user and typically attempt to manipulate or trick such a user into clicking on an HTTP URL (typically embedded in an email or HTTP web page). A patch is not available yet.

System: Suse Linux
Topic: Vulnerabilities in tiff
Links: Suse 10.1, Suse 10.0, CVE-2006-2656
ID: ae-200606-037

Two buffer overflows have been discovered in 'tiffsplit' and 'tiff2pdf', that are part of the tiff package. Fixed packages are available now.

System: HP-UX
Topic: Vulnerability in Support Tools Manager
Links: HPSBUX02115, SSRT061077, ESB-2006.0421
ID: ae-200606-036

A security vulnerability has been identified with HP-UX running Support Tools Manager (xstm, cstm, stm). The vulnerability could be exploited by a local user to create a Denial of Service (DoS). Patches are available now.

System: Various
Topic: Vulnerability in Cisco Secure Access Control Server for Unix
Links: Cisco, ESB-2006.0420, Q-231
ID: ae-200606-035

Cisco Secure Access Control Server (ACS) is a centralized user access control framework. Cisco Secure ACS for UNIX LogonProxy.cgi is vulnerable to Cross Site Scripting (XSS) attacks via both HTML GET and POST requests. A patch is available now.

System: IBM AIX
Topic: Vulnerability in update_flash
Links: CVE-2006-2647, ESB-2006.0411
ID: ae-200606-034

A vulnerability in update_flash may allow local users to execute arbitrary code with root privileges. Patches are available now.

System: Mandriva Linux
Topic: Vulnerabilities in gdm, squirrelmail, libtiff, and spamassassin
Links: MDKSA-2006:100, CVE-2006-2452, MDKSA-2006:101, CVE-2006-2842, MDKSA-2006:102, CVE-2006-2193 MDKSA-2006:103, CVE-2006-2447
ID: ae-200606-033

A vulnerability in gdm could allow a user to activate the gdm setup program if the administrator configured a gdm theme that provided a user list.
A PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
A buffer overflow in the t2p_write_pdf_string function in tiff2pdf allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters.
A flaw was discovered in the way that spamd processes the virtual POP usernames passed to it. If running with the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running spamd.
Fixed packages are available now.

System: Various
Topic: Vulnerability in kdm
Links: CVE-2006-2449, RHSA-2006-0548, ESB-2006.0415, Q-232, MDKSA-2006:105, MDKSA-2006:106, SUSE-SA:2006:039
ID: ae-200606-032

The core packages of KDE include the KDE Display Manager (KDM). A flaw was discovered in KDM. A malicious local KDM user could use a symlink attack to read an arbitrary file that they would not normally have permissions to read. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in kernel-source-2.4.27, horde2/3, and wv2
Links: DSA-1097, ESB-2006.0416, Q-230,
DSA-1098, DSA-1099, CVE-2006-2195, ESB-2006.0417, Q-229,
DSA-1100, CVE-2006-2197, ESB-2006.0418
ID: ae-200606-031

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
The Horde web application framework performs insufficient input sanitising, which might lead to the injection of web script code through cross-site scripting.
A boundary checking error has been discovered in wv2, a library for accessing Microsoft Word documents, which can lead to an integer overflow induced by processing word files.
Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in TCP/IP Protocol Driver
Links: MS06-032, CVE-2006-2379, Q-228, AL-2006.0044
ID: ae-200606-030

No further comment due to legal reasons

System: Microsoft Windows 2000
Topic: Vulnerability in RPC Mutual Authentication
Links: MS06-031, CVE-2006-2380, Q-227, ESB-2006.0408
ID: ae-200606-029

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Server Message Block
Links: MS06-030, CVE-2006-2373, CVE-2006-2374, Q-226, ESB-2006.0407
ID: ae-200606-028

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Exchange Server
Links: MS06-029, CVE-2006-1193, Q-225, ESB-2006.0405
ID: ae-200606-027

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft PowerPoint
Links: MS06-028, CVE-2006-0022, Q-224, AL-2006.0046
ID: ae-200606-026

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Word
Links: MS06-027, CVE-2006-2492, AL-2006.0046
ID: ae-200606-025

No further comment due to legal reasons

System: Microsoft Windows 98, 98SE, ME
Topic: Vulnerability in Graphics Rendering Engine
Links: MS06-026, CVE-2006-2376, ESB-2006.0406
ID: ae-200606-024

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Routing and Remote Access
Links: MS06-025, CVE-2006-2370, CVE-2006-2371, Q-223, AL-2006.0044, AU-2006.0023
ID: ae-200606-023

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Windows Media Player
Links: MS06-024, CVE-2006-0025, Q-222, ISS Alert, AL-2006.0047, iDefense
ID: ae-200606-022

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Internet Explorer
Links: MS06-021, MS06-022, MS06-023, CVE-2005-4089, CVE-2006-1303, CVE-2006-1626, CVE-2006-2218, CVE-2006-2382, CVE-2006-2383, CVE-2006-2384, CVE-2006-2385, CVE-2006-1313, CVE-2006-2378, ISS Alert, Q-219, Q-220, Q-221, AL-2006.0045, iDefense
ID: ae-200606-021

No further comment due to legal reasons

System: Various
Topic: Vulnerability in sendmail
Links: Sendmail, CVE-2006-1173, VU#146718, AL-2006.0048, RHSA-2006-0515, ESB-2006.0410, FreeBSD-SA-06:17, ESB-2006.0413, NetBSD-SA2006-017, ESB-2006.0414, OpenBSD, ESB-2006.0424, SUSE-SA:2006:032, MDKSA-2006:104, ESB-2006.0412, Sun Alert #102460, ESB-2006.0419, SGI 20060601-01-P, HPSBTU02116, SSRT061135, ESB-2006.0422, TLSA-2006-9, HPSBUX02124, SSRT061159, ESB-2006.0547
ID: ae-200606-020

Sendmail is a widely used mail transfer agent (MTA). Sendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. Fixed software is available now.

System: Suse Linux
Topic: Vulnerabilities in postgresql
Links: SUSE-SA:2006:030, CVE-2006-2313, CVE-2006-2314
ID: ae-200606-019

A vulnerability in PostgreSQL allows attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in webcalendar
Links: DSA-1096, CVE-2006-2762, ESB-2006.0404
ID: ae-200606-018

A vulnerability has been discovered in webcalendar, a PHP-based multi-user calendar, that allows a remote attacker to execute arbitrary PHP code when register_globals is turned on. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in freetype
Links: CVE-2006-0747, CVE-2006-1861, CVE-2006-2493, CVE-2006-2661, DSA-1095, ESB-2006.0403, MDKSA-2006:099, MDKSA-2006:099-1
ID: ae-200606-017

Several problems have been discovered in the FreeType 2 font engine which could allow remote attackers to cause a denial of service or lead to the execution of arbitrary code. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in mailman and mysql
Links: RHSA-2006-0486, CVE-2006-0052, ESB-2006.0401,
RHSA-2006-0544, CVE-2006-0903, CVE-2006-1516, CVE-2006-1517, CVE-2006-2753, ESB-2006.0402
ID: ae-200606-016

A flaw was found in the way Mailman handles MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which would cause that particular mailing list to stop working.
Several vulnerabilities were found in MySQL, a popular SQL database management system.
Fixed packages are available now.

System: NetBSD
Topic: Vulnerabilities in the kernel
Links: NetBSD-SA2006-015, CVE-2006-1056, ESB-2006.0395, NetBSD-SA2006-016, ESB-2006.0394
ID: ae-200606-015

On "7th generation" and "8th generation" processors manufactured by AMD the NetBSD kernel does not restore the contents of the FOP, FIP, and FDP debug registers between context switches. A local attacker can monitor the execution path of a process which uses floating-point operations. This may allow an attacker to steal cryptographic keys or other sensitive information.
Insufficient validation when parsing IPv6 socket options can lead to a system crash. This can be triggered by a local non-privileged user.
Patches are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in tiff, mysql, xine, and gforge
Links: DSA-1091, CVE-2006-2193, CVE-2006-2656, ESB-2006.0399,
DSA-1092, CVE-2006-2753, ESB-2006.0398,
DSA-1093, CVE-2006-2230, ESB-2006.0397,
DSA-1094, CVE-2005-2430, ESB-2006.0396
ID: ae-200606-014

Two buffer overflows have been discovered in the TIFF library.
It was discovered that MySQL, a popular SQL database, incorrectly parses a string escaped with mysql_real_escape() which could lead to SQL injection.
Several format string vulnerabilities have been discovered in xine-ui, the user interface of the xine video player, which may cause a denial of service.
Several cross-site scripting vulnerabilities were discovered in Gforge, an online collaboration suite for software development, which allow injection of web script code.
Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in openldap, mysql, and postgresql
Links: MDKSA-2006:096, CVE-2006-2754, MDKSA-2006:097, CVE-2006-2753, MDKSA-2006:098, CVE-2006-2313, CVE-2006-2314
ID: ae-200606-013

A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow attackers to execute arbitrary code via a long hostname.
SQL injection vulnerability in MySQL attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
A vulnerability in PostgreSQL allows attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters.
Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in spamassassin
Links: RHSA-2006-0543, CVE-2006-2447, ESB-2006.0393, Q-217
ID: ae-200606-012

A vulnerability has been discoverd in SpamAssassin, a Perl-based spam filter using text analysis, that can allow remote attackers to execute arbitrary commands. Fixed packages are available now.

System: Sun Solaris
Topic: Vulnerability in StorADE
Links: Sun Alert #102305, ESB-2006.0388, Q-216
ID: ae-200606-011

A local unprivileged user may be able to execute arbitrary code with the privileges of another user (including root), due to incorrect file and directory permissions from one of the package components of the Sun Storage Automated Diagnostic Environment (StorADE) Software. Patches are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in xmcd, postgresql, centericq, freeradius, and spamassassin
Links: DSA-1086, CVE-2006-2542, ESB-2006.0391,
DSA-1087, CVE-2006-2313, CVE-2006-2314, ESB-2006.0387,
DSA-1088, CVE-2005-3863, ESB-2006.0386,
DSA-1089, CVE-2005-4744, CVE-2006-1354, ESB-2006.0385,
DSA-1090, CVE-2006-2447, ESB-2006.0392
ID: ae-200606-010

The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service.
Several encoding problems have been discovered in PostgreSQL, a popular SQL database.
A buffer overflow was discovered in the ktools library which is used in centericq, a text-mode multi-protocol instant messenger client, which may lead local or remote attackers to execute arbitrary code.
Several problems have been discovered in freeradius, a high-performance and highly configurable RADIUS server.
A vulnerability has been discoverd in SpamAssassin, a Perl-based spam filter using text analysis, that can allow remote attackers to execute arbitrary commands.
Fixed packages are available now.

System: VMWare ESX
Topic: Vulnerability in VMware ESX Server
Links: ESB-2006.0383, CVE-2005-3619
ID: ae-200606-009

The VMware ESX Server product provides a web application to perform management of the system. One of the functions of this application is to allow administrative users to view log files, such as syslog, through a browser. No encoding of syslog data is performed to ensure that HTML meta-characters are not interpreted by the browser. This allows an attacker to inject HTML content, including JavaScript, into the syslog file where it would be rendered or executed when viewed through the Management Interface. Fixed software is available now.

System: Mandriva Linux
Topic: Vulnerability in evolution
Links: MDKSA-2006:094
ID: ae-200606-008

Evolution can crash displaying certain carefully crafted images, if the "Load images if sender is in address book" option in enabled. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Mozilla Firefox, Mozilla Thunderbird, and Mozilla SeaMonkey
Links: Mozilla AL-2006.0043, Q-214
ID: ae-200606-007

Mozilla has released new versions of Firefox, Thunderbird and SeaMonkey that fixes multiple vulnerabilites, thirteen of which are rated as critical. Patches are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in quagga/zebra and dia
Links: RHSA-2006-0525, RHSA-2006-0533, CVE-2006-2223, CVE-2006-2224, CVE-2006-2276, ESB-2006.0381, ESB-2006.0382,
RHSA-2006-0541, CVE-2006-2453, CVE-2006-2480, ESB-2006.0384
ID: ae-200606-006

Several vulnerabities were found in routing daemons quagga and zebra, that may lead to information disclosure, route injection and denial of service attackes.
Several format string vulnerabilities were found in Dia.
Fixed packages are available now.

System: SCO OpenServer
Topic: Vulnerability in sendmail
Links: SCOSA-2006.25
ID: ae-200606-005

Sendmail is a multi purpose Mailserver. It might allow a remote attacker to execute arbitrary code as root, caused by a signal race vulnerability. An updated package solves this problem.

System: HP-UX
Topic: Vulnerabilities in Mozilla
Links: HPSBUX02122, SSRT061158, Q-212, ESB-2006.0390
ID: ae-200606-004

Several security vulnerabilities have been identified with Mozilla running on HP-UX. HP has released patches now.

System: Suse Linux
Topic: Vulnerabilities in foomatic-filters, kernel, and cron
Links: SUSE-SA:2006:026, CVE-2004-0801, SUSE-SA:2006:028, SUSE-SA:2006:027, CVE-2006-2607
ID: ae-200606-003

A bug in cupsomatic/foomatic-filters allowes remote printer users to execute arbitrary commands with the UID of the printer daemon.
Several vulnerabilities were found in the Linux kernel.
The code in do_command.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
Fixed packagess are available now.

System: FreeBSD
Topic: Vulnerabilities in ypserv and smbfs
Links: FreeBSD-SA-06:15, CVE-2006-2655, ESB-2006.0378,
FreeBSD-SA-06:16, CVE-2006-2454, ESB-2006.0380
ID: ae-200606-002

A change in the build process of ypserv(8) caused the access restrictions through the /var/yp/securenets file to be inadvertantly disabled.
When inside a chroot environment which resides on a smbfs mounted file-system it is possible for an attacker to escape out of this chroot to any other directory on the smbfs mounted file-system.
Patches are available now.

System: Debian GNU/Linux
Topic: Vulnerability in typespeed
Links: DSA-1084 CVE-2006-1515
ID: ae-200606-001

A buffer overflow was discovered in the processing of network data in typespeed, a game for testing and improving typing speed, which could lead to the execution of arbitrary code. Fixed packages are available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH