A local or remote unprivileged user may be able to cause the Sun Java System Directory Server to become unresponsive or hang. This is a Denial of Service (DoS) due to a memory leak in the Network Security Services (NSS) software. A patch is not available yet.

The weekly SUSE Security Summary reports vulnerabilities in the packages ipsec-tools, inkscape, rarpd, ImageMagick/GraphicsMagick, mod_perl, and dovecot. Updated packages are available now and should be installed on vulnerable systems.

Symantec Norton Ghost is a backup and recovery application designed to allow users to completely restore their systems to previous snapshots. Two vulnerabilities haven been detected.
Norton Ghost allows administrators and other power users to schedule snapshots of local disks for backup and recovery purposes. If these recovery points are set to save to a remote network share Ghost will prompt the user to enter a user name and password for the share. Password information entered into Ghost for this purpose is encrypted and saved to the local file system in the applications home directory which has read access allowed for all users. The encryption key used by Ghost to decrypt these stored credentials is derived from the MD5 hash of the plain text user name stored in the configuration file. Since every user on the system has read access to these configuration files, any user can decrypt the stored passwords.
Local exploitation of a buffer overflow vulnerability in Norton Ghost could allow local attackers to run code as the SYSTEM level user. Norton Ghost Service Manager is a Local Server COM object that allows privileged Ghost Backup Operators the ability to take and restore Ghost images of the system. A function within the Service Manager can be used to trigger a buffer overflow by supplying an overly long string.
Symantec has addressed these vulnerabilities with a software update. It is available via their LiveUpdate channels.

A vulernability exists in ncp that ships with Novell eDirectory that could allow an attacker to crash the eDirectory service resulting in a denial of service. Exploitation of this vulernability could also cause the eDirectory log to grow consuming disk space. Fixed software is available now.

CA BrightStor ARCserve Backup Media Server contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. Patches are available now.

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. Fixed packages are available now.

A buffer overflow vulnerability in libX11 may allow a local unprivileged user to be able to execute arbitrary code or commands with elevated privileges.
Two security vulnerabilities in the OpenSSL product shipped with Solaris 10 may lead to a Denial of Service (DoS) in applications which make use of this product.
Patches are available now.

A privileged user on a Sun Cluster node which is a current cluster member may be able to corrupt in-memory data structures of a sibling cluster node. A patch is available now.

A security vulnerability in the Sun Java System Web Server may allow a local or remote user to gain unauthorized access to data stored on the host running the Sun Java System Web Server under certain conditions. A patch is available now.

Versions of Cisco Network Services (CNS) NetFlow Collection Engine (NFC) create and use default accounts with identical usernames and passwords. An attacker with knowledge of these accounts can modify the application configuration and, in certain instances, gain user access to the host operating system. A workaround is described in the advisory.

A flaw in GIF image handling was found in the IBM Java 2 Runtime Environment. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code. Fixed packages are available now.

A weakness in PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function. Fixed packages are available now.

It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs insufficient validation of 802.11 authentication packets, which allows the execution of arbitrary code. Fixed packages are available now.

A security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). Patches are available now.

IPv6 type 0 route headers can be used to mount a DoS attack against hosts and networks. This is a design flaw in IPv6. Patches that disable the handling of type 0 rote header are available now.

Multiple buffer overflows were found in the FreeRADIUS package that could allow a remote attacker to cause a crash. As well, an SQL injection vulnerability was also found in the rlm_sqlcounter that could allow a remote attacker to execute arbitrary SQL commands.
A stack-based buffer overflow in the ZZIPlib library could allow user-assisted remote attackers to cause an application crash (DoS) or execute arbitrary code via a long filename.
Fixed packages are available now.

Three potential security vulnerabilities have been discovered in Nortel VPN Routers. Patches are available now.

It was discovered that WebCalendar, a PHP-based calendar application, performs insufficient sanitising in the exports handler, which allows injection of web script. Fixed packages are available now.

Zone Alarm products provide security solutions such as anti-virus, firewall, spy-ware, and ad-ware protection. Local exploitation of multiple design error vulnerabilities within multiple Check Point Zone Alarm products could allow an attacker to gain elevated privileges. The Zone Labs Security Team reports that these issues are fixed in versions 5.0.156.0 of the ZoneAlarm Spyware Removal Engine (SRE) and higher.

The weekly SUSE Security Summary reports vulnerabilities in the packages ktorrent, cron, lighttpd, horde, MPlayer, avahi, and man. Updated packages are available now and should be installed on vulnerable systems.

Multiple security vulnerabilities in the Layout Engine in Mozilla 1.7 may allow a remote user who is able to create pages that are viewed with the Mozilla browser to crash the application or execute arbitrary code with the privileges of the user running Mozilla. A patch is available now.

Several security issues in Apple File Protocol (AFP) client, AirPort driver, CarbonCore, diskdev_cmds, fetchmail, ftpd, tar, Help Viewer, IOKit HID interface, Installer, Kerberos, Libinfo, Login Window, network_cmds, SMB, System Configuration, URLMount, VideoConference, WebDAV, and WebFoundation are fixed and bundled in the Security Update 2007-004, which is available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages qt, kdelibs3, mediawiki, freetype2, xmms, and spamassassin. Updated packages are available now and should be installed on vulnerable systems.

The latest patches for Microsoft are needed to be installed when using the SMA. It's strongly recommended to install these hotfixes from Microsoft.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express. Authentication is not required to exploit this vulnerability. Fixed software is available now.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. Fixed software is available now.

Remote exploitation of a buffer overflow vulnerability in McAfee's VirusScan Antivirus application allows attackers to disable the On-Access scanner or potentially execute arbitrary code with SYSTEM privileges. Fixed software version is available now.

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. This Critical Patch Update contains 36 new security fixes across all products. Affected are Oracle Database, Oracle Secure Enterprise Search, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne.

Several security vulenrabilities were found in the PHP packages.
A buffer overflow in sqlite could allow context-dependent attackers to execute arbitrary code via an empty value of the 'in' parameter.
Fixed packages are available now.

Remote exploitation of a buffer overflow vulnerability in Akamai Technologies, Inc's Download Manager ActiveX Control could allow an attacker to execute arbitrary code within the security context of the targeted user. Fixed software version is available now.

Remote exploitation of a buffer overflow vulnerability in Clam AntiVirus' ClamAV allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the cab_unstore() function in libclamav, the library used by clamd to scan various file types. Fixed software is available now.

The ipsec-tools package allows remote attackers to cause a Denial of Service (tunnel crash) via crafted DELTE and NOTIFY messages.
Memory leak in freeRADIUS allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
Fixed packages are available now.

A flaw was discovered in how CUPS handled SSL negotiation that could allow a remote attacker capable of connecting to the CUPS daemon to cause a DoS to other CUPS users. Fixed software is available now.

Several security vulenrabilities were found in the PHP packages. Fixed packages are available now.

A security vulnerability in the Solaris 8 and 9 IP implementation may allow a remote unprivileged user to degrade the performance of a networked Solaris system by sending specially crafted IP packets. This could result in a mild Denial of Service (DoS) against network services provided by the system and/or local services, due to increased CPU usage. A patch is available now.

An unpatched vulnerability in the DNS Server component of Windows Server 2003 and Windows 2000 Server potentially allows remote compromise of Windows DNS Servers. Workarounds are described in the advisory.

Remote exploitation of a buffer overflow vulnerability in pfs_mountd.rpc included in multiple versions of Hewlett Packard Co. HP-UX allows for remote root access. A software update is not available.

The Cisco Wireless Control System (WCS) works in conjunction with Cisco Aironet Lightweight Access Points, Cisco Wireless LAN Controllers, and the Cisco Wireless Location Appliance. Cisco WCS contains multiple vulnerabilities that can result in information disclosure, priviege escalation, and unathorized access through fixed authentication credentials. Cisco has made free software available to address this vulnerability.

The Cisco Wireless LAN Controller (WLC) manages Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). The WLC contains multiple vulnerabilities that could result in a denial of service (DoS) condition, information disclosure, or access control list changes, or allow an attacker to gain full administrative access. Cisco has made free software available to address this vulnerability.

Several vulnerabilities were found in madwifi-source and wpa_supplicant.
Apache mod_perl does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Fixed packages are available now.

Due to a security vulnerability in StarOffice/StarSuite 8, manipulated WordPerfect files, which may have been provided by a local or remote untrusted user, may lead to heap overflow and arbitrary code execution. A patch for Star Office 8 is available now, versions 6.0 and 7 are not impated by this issue.

Recently an Opera security advisory has been published, reporting an issue with Flash Player and the Opera browser on the Linux and Solaris platforms. Flash Player 9 users of Opera on Linux and Solaris should update to Opera 9.2 to address this vulnerability. Flash Player 7 users of Opera should update to Opera 9.2 and Flash Player 9 to address this vulnerability. Further information will follow.

The suexec binary is a helper application which is part of the Apache HTTP server package. It is designed to allow a script to run with the privileges of the owner of the script instead the privileges of the server. Some vulnerabilities have been found in this application. There are three path checking race condition vulnerabilities, a path checking design error and an error in input validation. If exploited, a local user might execute arbitrary code with the rights of another user. It's recommended to remove the set-uid bit from the binary file.

There is a problem with the previous installer for Bridge update 1.0.3. A potential vulnerability occurs when the administrator attempts to install the patch. While the patch is being installed a local non-administrative user may be able to gain administrative privileges. It's recommended to update to version 1.0.4.

Local exploitation of an insecure file and directory permissions vulnerability in Macromedia ColdFusion MX 7 may allow an attacker to execute code with root privileges. A patch was recently released to fix the vulnerabilities referenced in the Adobe Security Advisory APSB06-17. This patch was intended to correct insecure file permissions of multiple files within the Verity sub-directory of ColdFusion. Unfortunately, the patch archive creates an additional vulnerability. The vulnerability exists due to the directory permissions inside the directory structure of the patch. A corrected update is available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

AIM and ICQ are instant messaging applications that allow users to exchange messages and files. AIM and ICQ allow users to share and transfer files via a custom protocol. During file transfers, the sender is allowed to specify the display name of the file, and the filename used for the transfer. The recipient can only specify the folder in which to save the file. Due to an input validation flaw, the clients do not properly strip traversal characters from the filename the attacker supplies. By specially encoding the path attackers can force the file to be saved to a directory of their choosing when the victim accepts the file transfer. It's strongly recommended to update the software.

A potential security vulnerability has been identified with HP-UX running CIFS Server (Samba). It may allow a remote unauthorized user to create a Denial-of-Service (DoS). HP has made software updates available to resolve the vulnerability.

The Symantec Enterprise Security Manager Agent Software (6.5.2 and prior) accepts remote upgrade requests from any entity without correctly authenticating these. A remote attacker may gain root or Administrator privileges on computers running the agent. Symantec has released downloadable automated and manual fixes for all supported ESM agents.

Internet Pictures Corporation has produced equipment and software to create 360 degree field-of-view images. The Internet Pictures Corporation iPIX Image Well ActiveX control, provided by iPIX-ImageWell-ipix.dll, contains several buffer overflow vulnerabilities. By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash. A patch is not available, so the vulnerable ActiveX control should be disabled in Internet Explorer.

The Yahoo! Messenger AudioConf ActiveX control contains a buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. It's recommended to install an update which is available now.

Firmware version 7.1 is now available for the AirPort Extreme Base Station with 802.11n*, and addresses the following security issues:
The default configuration of an AirPort Extreme Base Station with 802.11n* allows incoming IPv6 connections. This may expose network services on hosts connected through an AirPort Extreme Base Station with 802.11n* to remote attackers. This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network.
AirPort Disk is a feature of AirPort Extreme Base Station with 802.11n* that allows the sharing of files from a USB hard drive connected to a compatible base station. Sharing options, including password protection, are available via the AirPort Disk Utility. An issue in the AirPort Disk feature allows users on the local network to view filenames (but not their contents) on a password-protected disk without providing a password. This update addresses the issue by performing additional validation on AirPort Disk access requests.

A buffer overflow has been dicovered in the man command that could allow an attacker to execute code as the man user by providing specially crafted arguments to the -H flag. This is likely to be an issue only on machines with the man and mandb programs installed setuid. An updated package solves this problem.

SGI has released the Security Update #73 for SGI Advanced Linux Environment 3. These updates fix an already known security related problem in krb5.
So it's recommended to install this update.

Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow an attacker to execute arbitrary code. Intel has released updates to address this issue.

The AOL SuperBuddy ActiveX control does not properly validate arguments to the LinkSBIcons() method. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. A patch is available now.

Asterisk is vulnerable to two Denial of Service issues in the SIP channel. Fixed software is available now.

Several vulnereabilities were found in VMware ESX Server. Patches are available now.

Two vulnerabilities were found in OpenSSH. A remote attacker may cause a denial of service or execute arbitrary code. A patch is available now.

A vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely to gain unauthorized access to certain facilities of the NNM server. Fixed software is available now.

A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser.
Multiple errors have been found in the skin handling routines in xmms, the X Multimedia System. These vulnerabilities could allow an attacker to run arbitrary code as the user running xmms by inducing the victim to load specially crafted interface skin files.
Fixed packages are available now.

Several vulnerabilities were discovered in the Linux 2.6 kernel. Fixed kernel packages are available now.

No further comment due to legal reasons

A bug was discovered in the UTF8 decoding of qt3, qt4, and kdelibs. Fixed packages are available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages xine-lib, tomcat, unrar, squid, and file. Updated packages are available now and should be installed on vulnerable systems.

A denial of service flaw was found in the way Squid processed the TRACE request method. It was possible for an attacker behind the Squid proxy to issue a malformed TRACE request, crashing the Squid daemon child process.
A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server.
Fixed packages are available now.

Several vulnerabilities were found in the X.org and XFree86 X Window servers. An attacker can potentially execute arbitrary code with the privileges of the X server. Fixed software is available now.

Several vulnerabilities were found in the MIT Kerberos implementation. A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Fixed software is available now.

Several vulnereabilities were found in VMware ESX Server. Patches are available now.

Security vulnerabilities in the Network Security Services (NSS) implementation of SSL2 may affect both SSL clients (such as browsers) and SSL servers which make use of this library. As a result, the client or server may exit unexpectedly. Fixed software is available now.

A security vulnerability Mozilla 1.7 for Solaris 8, 9 and 10 may allow a remote unprivileged user to run arbitrary code with the privileges of the user running Mozilla or create a Denial of Service (DoS) condition. A patch is available now.