Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-234-225-23.compute-1.amazonaws.com [54.234.225.23]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 05 / 2007

System: IBM AIX
Topic: Vulnerabilities in WebSM, BIND, and Perl
Links: ESB-2007.0368, ESB-2007.0369, ESB-2007.0370
ID: ae-200705-079

A remotely exploitable denial of service vulnerability exist in WebSM.
A vulnerability in the BIND could allow a remote attacker to cause a denial of service.
A vulnerability in the Perl interpreter may allow a local user to execute arbitrary code as another user.
Patches are available now.

System: Sun Solaris
Topic: Vulnerabilities in in.iked, inetd, and in.iked
Links: Sun Alert #102930, ESB-2007.0365,
Sun Alert #102921, ESB-2007.0366,
Sun Alert #102745, ESB-2007.0367
ID: ae-200705-078

A security vulnerability in the kadm5 library shipped with Solaris may allow a remote authenticated user to command a host running kadmind(1M) and execute arbitrary code with the privileges of the kadmind process (usually 'root').
A security vulnerability in the inetd(1M) service may allow a local unprivileged user the ability to shut down the inetd daemon process, causing a Denial of Service (DoS) to all internet services managed by the inetd(1M) process on the system.
A security vulnerability in the in.iked(1M) service for Solaris 9 may allow an unprivileged local or remote user to crash the in.iked(1M) daemon, causing a Denial of Service (DoS) to IPsec protected network traffic.
Patches are available now.

System: Various
Topic: Vulnerabilities in Mozilla Firefox, Mozilla Thunderbird, and Mozilla Seamonkey
Links: Mozilla, CVE-2007-1362, CVE-2007-1558, CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871, R-252, R-253, R-254, R-255, RHSA-2007-0400, RHSA-2007-0401, RHSA-2007-0402, ESB-2007.0362, ESB-2007.0363, ESB-2007.0364, DSA-1300, ESB-2007.0389, SUSE-SA:2007:036
ID: ae-200705-077

The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Fixed software is available now.

System: Microsoft Windows
Topic: Vulnerability in Avast! Antivirus
Links: VU#125868, R-249
ID: ae-200705-076

Avast! antivirus contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute code a vulnerable system. An update is available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in evolution-data-server, quagga, file, and mod_jk
Links: RHSA-2007-0344, CVE-2007-1558, ESB-2007.0332,
RHSA-2007-0389, CVE-2007-1995, ESB-2007.0358,
RHSA-2007-0391, CVE-2007-2799, ESB-2007.0359, R-250,
RHSA-2007-0379, CVE-2007-1860, ESB-2007.0360
ID: ae-200705-075

A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials.
An out of bounds memory read flaw was discovered in Quagga's bgpd. A configured peer of bgpd could cause Quagga to crash, leading to a denial of service.
An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution.
If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content.
Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in net-snmp, vim, kdebase3, and mod_perl
Links: SUSE-SR:2007:012, CVE-2005-2177, CVE-2007-1349, CVE-2007-2022, CVE-2007-2438
ID: ae-200705-074

The weekly SUSE Security Summary reports vulnerabilities in the packages net-snmp, vim, kdebase3, and mod_perl. Updated packages are available now and should be installed on vulnerable systems.

System: Various
Topic: Vulnerabilities in Apple QuickTime
Links: Apple, CVE-2007-2388, CVE-2007-2389, VU#434748, VU#995836, ESB-2007.0356, R-251
ID: ae-200705-073

Two vulnerabilities were found in Apple QuickTime. Fixed software is available now.

System: Sun Solaris
Topic: Vulnerabilities in NFS Client Module and snmpd
Links: Sun Alert #102911, ESB-2007.0347,
Sun Alert #102929, ESB-2007.0348
ID: ae-200705-072

A security vulnerability in the NFS client module related to the handling of acl(2) packets may allow a local or remote unprivileged user to cause an NFS server to panic, leading to a Denial of Service (DoS) condition.
When the System Management Agent (SMA) SNMP daemon (snmpd(1M)) is running in "master agentx" mode, a security vulnerability may allow a local or remote unprivileged user to create a Denial of Service (DoS) condition by causing a particular TCP disconnect.
Patches are available now.

System: Various
Topic: Vulnerability in Sun Java System Messaging Server
Links: Sun Alert 102909 ESB-2007.0351
ID: ae-200705-071

A Cross Site Scripting (CSS or XSS) vulnerability in the Sun Java System Messaging Server may allow an unprivileged remote user the ability to execute arbitrary JavaScript commands in a client user's Internet Explorer web browser. A patch is not available yet.

System: Debian GNU/Linux
Topic: Vulnerabilities in gforge-plugin-scmcvs and otrs2
Links: DSA-1297, CVE-2007-0246, ESB-2007.0350
DSA-1298, CVE-2007-2524, ESB-2007.0353, R-257
ID: ae-200705-070

It was discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user.
It was discovered that the Open Ticket Request System performs insufficient input sanitising for the Subaction parameter, which allows the injection of arbitrary web script code.
Fixed packages are available now.

System: Various
Topic: Vulnerability in Sun Java System Web Proxy
Links: iDEFENSE #536, Sun Alert #102927, VU#746889, ESB-2007.0346, R-248
ID: ae-200705-069

Sun Microsystems Java System is a bundle of server applications. One such server application included is the Web Proxy Server, offering services for HTTP and SOCKS. The daemon for SOCKS shows a vulnerability which can be exploited remotely by attackers. It leads to the execution of arbitrary commands with superuser privileges. Version 4.0.5 is available now, solving this problem.

System: Cisco IOS
Topic: Poblem in Cisco CallManager for VoIP
Links: SCIP, Cisco, ESB-2007.0344
ID: ae-200705-068

The Cisco CallManager has a web interface, which has some mechanisms against possible attacks. It is possible to integrate external resources when filling out fields, so Cross-Site Scripting might be possible. Cisco has published a patch to improve the web interface.

System: Apple OSX
Topic: Apple Security Update available
Links: Apple 2007-05, ESB-2007.0345, VU#221876, VU#116100, R-247
ID: ae-200705-067

Apple has published the security update for May 2007. It fixes many potential vulnerabilities, also critical problems. It's recommended to update systems running OSX.

System: HP-UX
Topic: Vulnerability in Kerberos
Links: HPSBUX02217, SSRT071337, ESB-2007.0342
ID: ae-200705-066

A security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code. A patch is available now.

System: FreeBSD
Topic: Vulnerability in file
Links: FreeBSD-SA-07:04, CVE-2007-1536, ESB-2007.0343
ID: ae-200705-065

A buffer overflow was found in file. A patch is available now.

System: Cisco IOS
Topic: Vulnerability in Crypto Library
Links: Cisco, R-245
ID: ae-200705-064

A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. Cisco has made free software available to address these vulnerability.

System: Cisco IOS
Topic: Vulnerabilities in Cisco IOS
Links: Cisco, R-246
ID: ae-200705-063

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. Cisco has made free software available to address these vulnerability.

System: Various
Topic: Vulnerabilities in OPeNDAP
Links: R-244, VU#659148, VU#671028
ID: ae-200705-062

The BES daemon in OPeNDAP server version 4 contains a vulnerability which may allow an attacker to execute arbitrary commands or upload files to a remote server. Fixed software is available now.

System: Mandriva Linux
Topic: Vulnerabilities in tetex
Links: MDKSA-2007:109, CVE-2007-0455, CVE-2007-0650
ID: ae-200705-061

Two buffer overflows were found in tetex. Fixed packages are available now.

System: Various
Topic: Vulnerability in gimp
Links: CVE-2007-2356, RHSA-2007-0343, ESB-2007.0338, MDKSA-2007:108
ID: ae-200705-060

A stack overflow bug was discovered in The GIMP RAS file loader. An attacker could create a carefully crafted file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. Fixed software is available now.

System: Mandriva Linux
Topic: Vulnerabilities in squirrelmail and evolution
Links: MDKSA-2007:106, CVE-2007-1262, CVE-2007-2589, MDKSA-2007:107, CVE-2007-1558
ID: ae-200705-059

A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messges on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message
The APOP functionality in evolutions's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications.
Fixed packages are available now.

System: HP Tru64
Topic: Vulnerability in ssh
Links: HPSBTU02209, SSRT071323, ESB-2007.0326
ID: ae-200705-058

A security vulnerability has been identified with HP Tru64 UNIX running Secure Shell (SSH). The vulnerability could be exploited remotely by an unauthorized user to identify valid users. A patch is available now.

System: Microsoft Windows
Topic: Vulnerability in HP Systems Insight Manager
Links: HPSBMA02213, SSRT061214, ESB-2007.0327
ID: ae-200705-057

A ecurity vulnerability has been identified with HP Systems Insight Manager (SIM) for Windows. The vulnerability could be exploited to allow remote privileged access and arbitrary code execution. An update is available now.

System: Various
Topic: Vulnerability in Apache mod_security
Links: CVE-2007-1359, ESB-2007.0336
ID: ae-200705-056

A vulnerability has been discovered in mod_security, allowing a remote attacker to bypass rules Fixed software is available now.

System: Microsoft Windows
Topic: Vulnerability in HP Storage Management Appliance (SMA)
Links: HPSBST02214, SSRT071422, ESB-2007.0328
ID: ae-200705-055

The latest patches for Microsoft are needed to be installed when using the SMA. It's strongly recommended to install these hotfixes from Microsoft.

System: Mandriva Linux
Topic: Vulnerability in fetchmail
Links: MDKSA-2007:105, CVE-2007-1558
ID: ae-200705-054

The APOP functionality in fetchmail's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications. Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in apache, gimp, and zope
Links: SUSE-SR:2007:011, CVE-2005-3352, CVE-2007-0240, CVE-2007-2356
ID: ae-200705-053

The weekly SUSE Security Summary reports vulnerabilities in the packages apache, gimp, and zope. Updated packages are available now and should be installed on vulnerable systems.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in kernel
Links: RHSA-2007-0347, CVE-2007-1496, CVE-2007-1497, CVE-2007-1592, CVE-2007-1861, CVE-2007-2172, CVE-2007-2242, ESB-2007.0325
ID: ae-200705-052

Several local and remote vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to a denial of service attacks. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in ipsec-tools, vixie-cron,evolution, and squirrelmail
Links: RHSA-2007-0342, CVE-2007-1841, ESB-2007.0329,
RHSA-2007-0345, CVE-2007-1856, ESB-2007.0331,
RHSA-2007-0353, CVE-2007-1558, ESB-2007.0332,
RHSA-2007-0358, CVE-2007-1262, CVE-2007-2589, ESB-2007.0330
ID: ae-200705-051

A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines.
A denial of service bug was discovered in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs.
A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.
Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in quagga and xfree86
Links: DSA-1293, CVE-2007-1995, ESB-2007.0333
DSA-1290, CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667, ESB-2007.0335
ID: ae-200705-050

It was discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon.
Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation.
Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Symantec Norton Internet Security 2004 and Symantec Norton Personal Firewall 2004
Links: SYM07-007, CVE-2007-1689, VU#983953, ESB-2007.0324
ID: ae-200705-049

The software mentioned above includes the ISAlertDataCOM ActiveX control which shows a stack buffer overflow. Due to this, a remote attacker might be able to execute arbitrary code on a vulnerable system. Symantec provides a patch through their LiveUpdate mechanism and other channels.

System: Some
Topic: Vulnerability in libpng
Links: CVE-2007-2445, VU#684664, Secunia #25292, RHSA-2007-0356, ESB-2007.0334
ID: ae-200705-048

The libpng library can be used to allow other applications to render PNG images. It contains a Denial-of-Service vulnerability, so if a malformed PNG file is viewed with a browser, it will crash. The libpng team has released a patch for libpng 1.0.25 and 1.2.17 to address this vulnerability.

System: Debian GNU/Linux
Topic: Vulnerability in qt4-x11
Links: DSA-1292, CVE-2007-0242, ESB-2007.0322
ID: ae-200705-047

A bug was discovered in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. Fixed packages are available now.

System: Red Hat Enterprise Linux 4
Topic: Vulnerability in bluez-utils
Links: RHSA-2007-0065, CVE-2006-6899, ESB-2007.0320
ID: ae-200705-046

The bluez-utils package contains Bluetooth daemons and utilities. A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker would have been able to inject keyboard and mouse events via a Bluetooth connection without any authorization. Fixed packages are available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in tomcat
Links: RHSA-2007-0327, CVE-2005-2090, CVE-2006-7195, CVE-2007-0450, R-243, ESB-2007.0319, ESB-2007.0339
ID: ae-200705-045

There are several vulnerabilities in Tomcat that could allow a remote attacker to perform cross-site scripting attacks.. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Samba
Links: CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, VU#268336, VU#773720, iDefense, R-240, AL-2007.0064, AL-2007.0065, RHSA-2007-0346, ESB-2007.0318, MDKSA-2007:104, DSA-1291, ESB-2007.0321, SUSE-SA:2007:031, ISS Alert
ID: ae-200705-044

A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server.
A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh.
Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in linux-2.6 and squirrelmail
Links: DSA-1289, CVE-2007-1496, CVE-2007-1497, CVE-2007-1861, ESB-2007.0315
DSA-1290, CVE-2007-1262, ESB-2007.0316
ID: ae-200705-043

Several local and remote vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to a denial of service or the execution of arbitrary code.
It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.
Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in postgresql, pptpd, freeradius, and xfsdump
Links: SUSE-SR:2007:010, CVE-2007-0244, CVE-2007-0555, CVE-2007-0556, CVE-2007-2028
ID: ae-200705-042

The weekly SUSE Security Summary reports vulnerabilities in the packages postgresql, pptpd, freeradius, and xfsdump. Updated packages are available now and should be installed on vulnerable systems.

System: SGI Advanced Linux Environment
Topic: Vulnerabilities in cups, freetype, openoffice.org, php, postgresql, and xscreensaver
Links: SGI_20070501-01
ID: ae-200705-041

SGI has released the Security Update #74 for SGI Advanced Linux Environment 3. These updates fix an already known security related problems in cups, freetype, openoffice.org, php, postgresql, and screensaver.
So it's recommended to install this update.

System: Some
Topic: Vulnerabilities in Apple Darwin Streaming Proxy
Links: iDEFENSE #533, CVE-2007-0749
ID: ae-200705-040

Darwin Streaming Server is a server technology that facilitates streaming of QuickTime data to clients across the Internet using the industry standard RTP and RTSP protocols. Remote exploitation of multiple buffer overflow vulnerabilities in Apple Inc.'s Darwin Streaming Proxy allows attackers to execute arbitrary code with the privileges of running service, usually root. Due to insufficient sanity checking, a stack-based buffer overflow could occur while trying to extract commands from the request buffer. The "is_command" function, located in proxy.c, lacks bounds checking when filling the 'cmd' and 'server' buffers. Additionally, a heap-based buffer overflow could occur while processing the "trackID" values contained within a "SETUP" request. If a request with more than 32 values is encountered, memory corruption will occur. Apple has addressed this vulnerability by releasing version 5.5.5 of Darwin Streaming Server.

System: Netware, Windows, Linux
Topic: Vulnerability in Novell NetMail NMDMC
Links: iDEFENSE #532, ESB-2007.0314
ID: ae-200705-039

NetMail is an E-Mail and calendar system. A vulnerability exists within the SSL version of the "NMDMC.EXE" service. The application does not perform sufficient input validation when copying data into a fixed size stack buffer. When processing a specially crafted request made to this service, a stack-based buffer overflow occurs leading to corruption of program control registers saved on the stack. So attackers might be able to execute own code with the privileges of the service. Novell has addressed this vulnerability in the beta release of Novell NetMail 3.52f.

System: Sun Solaris
Topic: Vulnerability in SRS Proxy Core
Links: Sun Alert 102891, iDefense, ESB-2007.0313, ESB-2007.0317, R-242
ID: ae-200705-038

Local exploitation of a design error vulnerability in the srsexec binary optionally included in Sun Microsystems Inc., Solaris 10 allows attackers to gain access to sensitive information, such as the root password hash. A patch is available now.

System: Microsoft Windows
Topic: Vulnerability in Computer Associates eTrust Antivirus
Links: CA, iDEFENSE #530, VU#788416, VU#680616, CVE-2007-2522, CVE-2007-2523, ESB-2007.0312, R-241, AL-2007.0063
ID: ae-200705-037

Local exploitation of a buffer overflow vulnerability in Computer Associates International Inc.'s (CA) eTrust Antivirus allows attackers to execute arbitrary code with SYSTEM privileges. A patch is available now.

System: Microsoft Windows
Topic: Vulnerability in Symantec Norton Internet Security
Links: iDefense, ESB-2007.0308
ID: ae-200705-036

Remote exploitation of a design error vulnerability in an ActiveX control installed by Symantec Norton Internet Security 2006 could allow for the execution of arbitrary code. A patch is available now.

System: Microsoft Windows
Topic: Vulnerability in Trend Micro ServerProtect
Links: R-237, ESB-2007.0305
ID: ae-200705-035

Trend Micro ServerProtect contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. A patch is available now.

System: SUSE Linux
Topic: Several vulnerabilities in kernel fixed
Links: SUSE-SA:2007:030
ID: ae-200705-034

Updated kernel packages that fix several security issues in the Linux kernel are available now.

System: Cisco IOS
Topic: Vulnerabilities in Cisco IOS FTP Server
Links: Cisco, AL-2007.0061, R-239
ID: ae-200705-033

The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's safed configuration. This configuration file may include passwords or other sensitive information. Cisco has made free software available to address these vulnerability.

System: Red Hat Enterprise Linux
Topic: Vulnerability in freeradius
Links: RHSA-2007-0338, CVE-2007-2028, ESB-2007.0311
ID: ae-200705-032

A format string bug was found in the way Evolution parsed the category field memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. Fixed packages are available now.

System: Sun Solaris
Topic: Vulnerability in acl System Call
Links: Sun Alert #102869, ESB-2007.0302
ID: ae-200705-031

A security vulnerability in Solaris 10 related to the acl(2) system call may allow a local unprivileged user to cause the system to panic, resulting in a denial of service (DoS) to the system. A patch is available now.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows DNS Services
Links: ae-200704-041, MS07-029, CVE-2007-1748, AL-2007.0047, AU-2007.0015, R-229
ID: ae-200705-030

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in CAPICOM
Links: MS07-028, CVE-2007-0940, ESB-2007.0301, R-234
ID: ae-200705-029

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Internet Explorer
Links: MS07-027, CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0946, CVE-2007-0947, CVE-2007-2221, AL-2007.0060, R-233
ID: ae-200705-028

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Exchange
Links: MS07-026, CVE-2007-0039, CVE-2007-0213, CVE-2007-0220, CVE-2007-0221, AL-2007.0059, R-228
ID: ae-200705-027

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Office
Links: MS07-025, CVE-2007-1747, AL-2007.0058, R-232
ID: ae-200705-026

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Word
Links: MS07-024, CVE-2007-0035, CVE-2007-0870, CVE-2007-1202, AL-2007.0057, R-231
ID: ae-200705-025

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Excel
Links: MS07-023, CVE-2007-0215, CVE-2007-1203, CVE-2007-1214, AL-2007.0056, R-230
ID: ae-200705-024

No further comment due to legal reasons

System: Various
Topic: Vulnerability in vim
Links: CVE-2007-2438, RHSA-2007-0346, ESB-2007.0303, ESB-2007.0309, R-238, MDKSA-2007:101
ID: ae-200705-023

A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim. Fixed software is available now.

System: Various
Topic: Vulnerabilities in VMware Workstation, Player, Server, and ACE
Links: CVE-2007-1069, CVE-2007-1337, CVE-2007-1744, CVE-2007-1876, CVE-2007-1877, ESB-2007.0303
ID: ae-200705-022

Several Denial-of-Service vulnerabilities were found in multiple VMware products. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerability in pptpd
Links: DSA-1288, CVE-2007-0244, ESB-2007.0304
ID: ae-200705-021

It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in php
Links: CVE-2007-1864, CVE-2007-2509, CVE-2007-2510, RHSA-2007-0348, RHSA-2007-0349, ESB-2007.0310, R-235, MDKSA-2007:102, MDKSA-2007:103, DSA-1295, DSA-1296, ESB-2007.0337, ESB-2007.0341
ID: ae-200705-020

Several security vulenrabilities were found in the PHP packages. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in ldap-account-manager
Links: DSA-1287, CVE-2006-7191, CVE-2007-1840, ESB-2007.0300, R-236
ID: ae-200705-019

Two vulnerabilities have been identified in ldap-account-manager. An untrusted PATH vulnerability could allow a local attacker to execute arbitrary code with elevated privileges by providing a malicious rm executable and specifying a PATH environment variable referencing this executable. Improper escaping of HTML content could allow an attacker to execute a cross-site scripting attack (XSS) and execute arbitrary code in the victim's browser in the security context of the affected web site. Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in ekiga, gnomemeeting, xscreensaver, cups, and quagga
Links: SUSE-SR:2007:009, CVE-2007-0720, CVE-2007-1006, CVE-2007-1007, CVE-2007-1859, CVE-2007-1995
ID: ae-200705-018

The weekly SUSE Security Summary reports vulnerabilities in the packages ekiga, gnomemeeting, xscreensaver, cups, and quagga. Updated packages are available now and should be installed on vulnerable systems.

System: Microsoft Windows
Topic: Vulnerability in LiveData Protocol Server
Links: iDEFENSE #523, R-226, AL-2007.0055
ID: ae-200705-017

LiveData Protocol Server is used in SCADA environments to record and transmit data to other control points in process control networks. The LiveData server includes a HTTP server that offers a SOAP interface to the product. The Protocol Server shows a remotely exploitable heap overflow, which leads to a Denial-of-Service or even the execution of arbitrary code with the privileges of SYSTEM. It is triggered by specially crafted requests to the service on port 8080. An update is available now.

System: Microsoft Windows
Topic: Vulnerability in Axis CamImage ActiveX Control
Links: VU#355809, R-227
ID: ae-200705-016

Axis Communications provides an ActiveX control for viewing motion JPEG streams in Microsoft development tools and Microsoft Internet Explorer. The ActiveX control, provided by AxisCamControl.ocx, is known as "CamImage" or "Axis Camera Control". The SaveBMP() method of this control contains a stack buffer overflow. So an attacker may be able to achieve a Denial-of-Service or even execute arbitrary code with the privileges of the user. An update addresses this issue.

System: HP ProCurve 9300m Switches
Topic: Vulnerability in HP ProCurve 9300m Switches
Links: HPSBMI02210, SSRT071396, ESB-2007.0297
ID: ae-200705-015

A security vulnerability has been identified in the ProCurve Series 9300m Switches. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS). Fixed firmware is available now.

System: HP Tru64
Topic: Vulnerability in ps
Links: HPSBTU02179, SSRT061256, ESB-2007.0298
ID: ae-200705-014

A security vulnerability has been identified with the HP Tru64 UNIX Operating System running the ps command. The ps command could be used to disclose information about a process's arguments and environmental variables that might be exploited by a local, authorized user. A patch is available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerability in evolution
Links: RHSA-2007-0158, CVE-2007-1002, ESB-2007.0295
ID: ae-200705-013

A format string bug was found in the way Evolution parsed the category field in a memo. If a user tried to save and then view a carefully crafted memo, arbitrary code may be executed as the user running Evolution. Fixed packages are available now.

System: Cisco PIX, ASA
Topic: Vulnerabilities in Cisco PIX and ASA Appliances
Links: Cisco, Cisco, VU#210876, VU#337508, VU#530057, ESB-2007.0290, R-223
ID: ae-200705-012

Multiple vulnerabilities exist in the Cisco Adaptive Security Appliance (ASA) and PIX security appliances. Cisco has made free software available to address these vulnerability.

System: Microsoft Windows
Topic: Vulnerabilities in Cerulean Studios Trillian
Links: iDefense, ESB-2007.0289
ID: ae-200705-011

Remote exploitation of multiple vulnerabilities in the Internet Relay Chat (IRC) module of Cerulean Studios' Trillian could allow for the interception of private conversations or execution of code as the currently logged on user. Fixed software version is available now.

System: Various
Topic: Vulnerability in Sun Java System Directory Server
Links: Sun Alert 102895 ESB-2007.0291
ID: ae-200705-010

A local or remote unprivileged user may be able to cause the Sun Java System Directory Server to crash. This is a Denial of Service (DoS) due to a "Ber decoding" issue in the LDAP Software Development Kit (SDK) for C. A patch is available now.

System: Various
Topic: Vulnerability in Java Web Start
Links: Siun Alert 102881 ESB-2007.0286, R-222
ID: ae-200705-009

A security vulnerability in Java Web Start may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files that are accessible to the user running the Java Web Start application. Fixed software is available now.

System: Microsoft Windows
Topic: Vulnerability in VMware Workstation
Links: iDefense, CVE-2007-1744, ESB-2007.0283
ID: ae-200705-008

The "Shared Folders" feature of VMware Workstation allows folders on the physical "host" system to be shared with virtual "guest" systems. Due to a flaw in the code which validates that the filename is safe, an attacker or malicious code within the guest system can read or write files on the host system in the context of the user running Workstation. Fixed software version is available now.

System: Various
Topic: Vulnerability in Apple QuickTime
Links: Apple CVE-2007-2175, AL-2007.0052, ISS Alert, R-224
ID: ae-200705-007

A vulnerability was found in Apple QuickTime. Fixed software is available now.

System: Mandriva Linux
Topic: Vulnerability in quagga
Links: MDKSA-2007:096, CVE-2007-1995
ID: ae-200705-006

The BGP routing daemon in Quagga did not properly validate length values in NLRI attributes which could allow a remote attacker to cause a denial of service via a crafted UPDATE message that triggered an assertion error or out of bounds read. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in qemu, wordpress, and linux-2.6
Links: DSA-1284, CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1323, CVE-2007-1366, R-225,
DSA-1285, CVE-2007-1622, CVE-2007-1893, CVE-2007-1894, CVE-2007-1897, ESB-2007.0287,
DSA-1286, CVE-2007-0005, CVE-2007-0958, CVE-2007-1357, CVE-2007-1592, ESB-2007.0294
ID: ae-200705-005

Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service.
Several vulnerabilities have been discovered in wordpress.
Several local and remote vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to a denial of service or the execution of arbitrary code.
Fixed packages are available now.

System: Various
Topic: Vulnerability in xscreensaver
Links: CVE-2007-1859, RHSA-2007-0322 ESB-2007.0293, MDKSA-2007:097
ID: ae-200705-004

A flaw was discovered in the way XScreenSaver verifies user passwords. When a system is using a remote directory service for login credentials, a local attacker may be able to cause a network outage causing XScreenSaver to crash, unlocking the screen. Fixed software is available now.

System: Red Hat Enterprise Linux 4
Topic: Vulnerabilities in unzip, w3c-libwww, gcc, gdb, util-linux, util-linux, busybox, cpio, sendmail, openssh, shadow-utils, gdm, and openldap
Links: RHSA-2007-0203, RHSA-2007-0208, RHSA-2007-0220, RHSA-2007-0229, RHSA-2007-0235, RHSA-2007-0244, RHSA-2007-0245, RHSA-2007-0252, RHSA-2007-0257, RHSA-2007-0276, RHSA-2007-0286, RHSA-2007-0310, ESB-2007.0284
ID: ae-200705-003

Red Hat Enterprise Linux 4 Update 5 fixes several vulnerabilities in various packages. Affected are unzip, w3c-libwww, gcc, gdb, util-linux, util-linux, busybox, cpio, sendmail, openssh, shadow-utils, gdm, and openldap.

System: HP-UX
Topic: Vulnerability in HP Power Manager Remote Agent
Links: HPSBMA02197, SSRT061285, ESB-2007.0282, R-221
ID: ae-200705-002

A security vulnerability has been identified with HP-UX running HP Power Manager Remote Agent (RA). The vulnerability could be exploited by a local authorized user to execute arbitrary code with the privileges of the root user. A patch is available now.

System: Linux
Topic: Several vulnerabilities in kernel fixed
Links: CVE-2007-0771, CVE-2007-1000, CVE-2007-1357, CVE-2007-1388, CVE-2007-1592, RHSA-2007-0169, ESB-2007.0285, SUSE-SA:2007:029
ID: ae-200705-001

Updated kernel packages that fix several security issues in the Linux kernel are available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH