Security Corporation Newsletter - Issue #33


Help - Search - Member List - Calendar Full Version: Security Corporation Newsletter - Issue #33 GovernmentSecurity.org > The Archives > Exploit Articles GaLiaRePt Jan 18 2004, 08:04 PM ================================================= Security Corporation Newsletter - Issue #33 - 2004-01-18 http://www.security-corporation.com ================================================= This free weekly newsletter is delivered to you by Security-Corporation. Visit Security-Corporation for the latest security news. http://www.security-corporation.com Read newsletter archive : http://www.security-corporation.com/newsletter.html Put Security-Corporation Vulnerability Alerts on Your Web Site for Free! For more information: http://www.security-corporation.com/backend/ ADVISORIES ================================================= As always, if you've found a vulnerability, let us know by e-mail at: vuln@security-corporation.com Security advisories of the week (32 advisories) : ------------- 2004-01-18 ------------- - Seg fault of Tcpdump 3.8.1 with malformed L2TP packets » http://www.security-corporation.com/articl...040118-002.html - The Bat! 2.01 memory corruption vulnerability » http://www.security-corporation.com/articl...040118-001.html - Ultr@VNC local SYSTEM access vulnerability » http://www.security-corporation.com/articl...040118-000.html ------------- 2004-01-17 ------------- - Xtreme ASP Photo Gallery 2.0 SQL Injection Vulnerability » http://www.security-corporation.com/articl...040117-004.html - OpenCA certificate spoofing vulnerability » http://www.security-corporation.com/articl...040117-003.html - Destinyd-Book v1.4 Cross Site Scripting and Command Execution Vulnerability » http://www.security-corporation.com/articl...040117-002.html - phpShop Project Multiple vulnerabilities » http://www.security-corporation.com/articl...040117-001.html - MetaDot Portal Multiple vulnerabilities » http://www.security-corporation.com/articl...040117-000.html ------------- 2004-01-16 ------------- - FishCart Integer Overflow Vulnerability » http://www.security-corporation.com/articl...040116-001.html - WWW Fileshare Pro 2.42 Multiple vulnerabilities » http://www.security-corporation.com/articl...040116-000.html ------------- 2004-01-15 ------------- - Linux kernel do_mremap local privilege escalation vulnerability » http://www.security-corporation.com/articl...040115-002.html - RapidCache Multiple Vulnerabilities » http://www.security-corporation.com/articl...040115-001.html - PhpDig 1.6.x Remote Command Execution » http://www.security-corporation.com/articl...040115-000.html ------------- 2004-01-14 ------------- - phpGedView Multiple vulnerabilities » http://www.security-corporation.com/articl...040114-002.html - WWW File share Pro 2.46 Multiple vulnerabilities » http://www.security-corporation.com/articl...040114-001.html - Multiple H.323 Message Vulnerabilities » http://www.security-corporation.com/articl...040114-000.html ------------- 2004-01-13 ------------- - Buffer Overrun in Microsoft Data Access Components Could Allow Code Execution » http://www.security-corporation.com/articl...040113-005.html - Privilege Escalation Vulnerability in Exchange Server 2003 » http://www.security-corporation.com/articl...040113-004.html - Remote Code Execution Vulnerability in Microsoft Internet Security and Acceleration Server 2000 » http://www.security-corporation.com/articl...040113-003.html - Vulnerability Issues in Implementations of the H.323 Protocol » http://www.security-corporation.com/articl...040113-002.html - PHP Manpage lookup directory transversal / file disclosing » http://www.security-corporation.com/articl...040113-001.html - Remote Code Execution in ezContents » http://www.security-corporation.com/articl...040113-000.html ------------- 2004-01-12 ------------- - SnapStream PVS LITE Cross Site Scripting Vulnerabillity » http://www.security-corporation.com/articl...040112-009.html - ZyXEL10 OF ZyWALL Series Router Cross Site Scripting Vulnerabillity » http://www.security-corporation.com/articl...040112-008.html - Windows FTP Server Format String Vulnerability » http://www.security-corporation.com/articl...040112-007.html - EDIMAX AR-6004 Full Rate ADSL Router Cross Site Scripting Vulnerabillity » http://www.security-corporation.com/articl...040112-006.html - Cisco Personal Assistant User Password Bypass Vulnerability » http://www.security-corporation.com/articl...040112-005.html - Linux Lotus Notes Domino 6.0.2 faulty default permissions » http://www.security-corporation.com/articl...040112-004.html - Yahoo Instant Messenger Long Filename Downloading Buffer Overflow » http://www.security-corporation.com/articl...040112-003.html - INN 2.4.1 Buffer overflow in control message handling » http://www.security-corporation.com/articl...040112-002.html - Directory Traversal in Accipiter Direct Server 6.0 » http://www.security-corporation.com/articl...040112-001.html - Symantec LiveUpdate allows local users to become SYSTEM » http://www.security-corporation.com/articl...040112-000.html ADVERTISEMENT ================================================= OBTENEZ LE NOUVEAU GUIDE SSL POUR SERVEUR APACHE Dans ce guide, vous découvrirez comment tester, acheter, installer et utiliser un certificate numérique de thawte sur vorte serveur Apache. Les mellieures pratiques de mise en place sont mises en évidence tout au long de ce document pour vous aider à assurer une gestion suivie et efficace de vos clés de cryptage et de vos certificates numériques. Obtenez votre copie de ce nouveau guide maintenant : http://ad.doubleclick.net/clk;6759362;8670236;v EXPLOITS ================================================= Security exploits of the week (10 exploits) : ------------- 2004-01-15 ------------- - Linux kernel mremap() bound checking bug exploit » http://www.security-corporation.com/exploi...040115-000.html ------------- 2004-01-14 ------------- - SuSE 9.0 YaST script SuSEconfig.gnome-filesystem 0day exploit » http://www.security-corporation.com/exploi...040114-001.html - Antivir 2.0.9-9 exploit » http://www.security-corporation.com/exploi...040114-000.html ------------- 2004-01-13 ------------- - Switch Off 2.3 remote exploit » http://www.security-corporation.com/exploi...040113-003.html - DameWare Mini Remote Control < v3.73 remote exploit » http://www.security-corporation.com/exploi...040113-002.html - Windows Ftp Server v1.6 PoC exploit » http://www.security-corporation.com/exploi...040113-001.html - lftp < 2.6.10 remote stack-based overflow exploit » http://www.security-corporation.com/exploi...040113-000.html ------------- 2004-01-12 ------------- - ProFTPD remote exploit for CAN-2003-0831 » http://www.security-corporation.com/exploi...040112-002.html - KpyM Telnet Server v1.05 remote Denial of Service Exploit » http://www.security-corporation.com/exploi...040112-001.html - Linux kernel do_mremap() proof-of-concept exploit code » http://www.security-corporation.com/exploi...040112-000.html SECURITY NEWS ================================================= - Security news of the week : ------------- 2004-01-18 ------------- - Network Associates readies appliances, analyzer » http://www.infoworld.com/article/04/01/16/...sociates_1.html - Adobe Anti-Counterfeiting: Feature or Bug? » http://www.eweek.com/article2/0,4149,1440683,00.asp - The Year Ahead in Security » http://www.newsfactor.com/story.xhtml?stor...ead_in_Security &story_id=23012&category=netsecurity - New malware package targets PayPal » http://zdnet.com.com/2100-1105_2-5142556.html ------------- 2004-01-17 ------------- - Agency computers hit by 'Trojan horse' » http://www.krqe.com/technology/expanded1.a...Local%5D=ID&ID% 5BBigLocal%5D=2820 - Cisco security goes prime time » http://rss.com.com/2110-7355_3-5142767.html - Latest Trojan 'Phishes' For Personal Data » http://www.securitypipeline.com/news/showA...icleId=17301946 - Lie-detector glasses offer peek at future of security » http://www.eetimes.com/at/news/OEG20040116S0046 ------------- 2004-01-16 ------------- - Trojan spreading that downloads Mimail worm » http://searchsecurity.techtarget.com/origi...,sid14_gci94470 9,00.html - More MiMail Worms Spotted; More To Come » http://www.techweb.com/wire/story/TWB20040115S0008 - Microsoft Readies Internet Explorer Patch » http://www.securitypipeline.com/news/showA...icleId=17301587 - FBI's CyberSecurity Program Examines Wireless LAN Security » http://www.eetimes.com/pressreleases/prnewswire/122531 ------------- 2004-01-15 ------------- - Opteron, Athlon 64 add technology to... » http://www.pcworld.com/news/article/0,aid,114328,00.asp - Hacker Breaks Into UMKC Computer System » http://www.thekansascitychannel.com/techno...780/detail.html - Pointing at consumer firewalls and laughing » http://www.broadbandreports.com/shownews/37259 - Anti-Virus Software Found Vulnerable to bzip2 Bombs » http://www.techweb.com/wire/story/TWB20040114S0008 ------------- 2004-01-14 ------------- - Symantec slams the door on LiveUpdate flaw » http://zdnet.com.com/2100-1105_2-5140165.html - Microsoft Patches Fail To Fix Dangerous Security Flaw » http://story.news.yahoo.com/news?tmpl=stor...washpost/200401 13/tc_washpost/a13587_2004jan13&sid=96168965 - Navy agrees to let others use security tool » http://www.gcn.com/vol1_no1/daily-updates/24623-1.html - 5 years ago... Schoolgirl stuns IT security world » http://www.silicon.com/software/security/0...39117750,00.htm ------------- 2004-01-13 ------------- - Radio hackers hurl drive by abuse at Burger King customers » http://www.theregister.co.uk/content/69/34825.html - Is the Tide Turning in Battle Against Hackers? » http://itmanagement.earthweb.com/secu/article.php/3298191 - "Homeless Hacker" Cuts Deal With Feds » http://www.extremetech.com/article2/0,3973,1434489,00.asp - Older Windows versions win renewed support » http://news.com.com/2100-1016_3-5139644.html ------------- 2004-01-12 ------------- - Virus-like computer infection spreading on the Web » http://www.startribune.com/stories/789/4036740.html - Pranksters Hacking Fast Food Drive Through » http://www.hacktivismo.com/news/modules.ph...rticle&sid=2180 - Mikerosoft schedules January security bulletin » http://www.theinquirer.net/?article=13559 - Routers, phones dialing in VoIP » http://zdnet.com.com/2100-1105_2-5138963.html UNSUBSCRIBE ================================================= If you want to unsubscribe from Security Corporation's Newsletter, then go to the following link : » http://www.security-corporation.com/unsubscribe.html DISLAIMER ================================================= The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. FEEDBACK ================================================= Please send suggestions, updates, and comments to: Security Corporation http://www.security-corporation.com info@security-corporation.com This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.

Invision Power Board © 2001-2005 Invision Power Services, Inc.