AOH :: ISNQ4457.HTM

Secunia Weekly Summary - Issue: 2007-34




Secunia Weekly Summary - Issue: 2007-34
Secunia Weekly Summary - Issue: 2007-34



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2007-08-16 - 2007-08-23                        

                       This week: 49 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.

Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/

=======================================================================2) This Week in Brief:

Yahoo! confirmed two vulnerabilities in Yahoo! Messenger this week,
which can be exploited by malicious people to compromise a vulnerable
system.

The vulnerabilities are caused by input validation errors in ywcvwr.dll
and kdu_v32m.dll when processing JPEG 2000 streams sent via the webcam
stream, which may lead to a heap-based buffer overflow. An attack
scenario is possible if a user is tricked into viewing a malicious
webcam stream by a remote attacker.

Successful exploitation may cause a Denial of Service or execution of
arbitrary code.

Yahoo! has released a security update to solve these vulnerabilities.
Users are urged to download and install the updated Yahoo! Messenger
version.

For more information refer to:
http://secunia.com/advisories/26501/ 

--

Several vulnerabilities in various Trend Micro products were disclosed
this week.

Trend Micro ServerProtect has an integer overflow error and a number of
boundary errors that can be used by malicious people within the network
to compromise a vulnerable system.

Users of Trend Micro ServerProtect for Windows are urged to install the
patches available from the vendor.

For more information refer to:
http://secunia.com/advisories/26523/ 

Trend Micro Anti-Spyware and Pc-cillin have a vulnerability caused by a
boundary error within the SSAPI module in vstlib32.dll when processing
path names. This can cause a stack-based buffer overflow by e.g.
creating a file with an overly long path name. 

Successful exploitation allows execution of arbitrary code with SYSTEM
privileges, but requires that the Venus Spy Trap (VST) functionality of
SSAPI is enabled.

Users of Trend Micro Anti-Spyware and PC-cillin 2007 are advised to
install the patches available from the vendor.

For more information refer to:
http://secunia.com/advisories/26557/ 

--

ClamAV has acknowledged two vulnerabilities this week as well, which
can potentially be exploited by malicious people to crash the ClamAV
service.

A NULL-pointer dereference error within the "cli_scanrtf()" function in
libclamav/rtf.c  can potentially be exploited to crash ClamAV by
scanning a specially crafted RTF file.

A NULL-pointer dereference error within the "cli_html_normalise()"
function in libclamav/htmlnorm.c can potentially be exploited to crash
ClamAV by scanning a specially crafted HTML file containing a "data"
URL scheme.

The vendor has released an updated version of the software.

For more information refer to:
http://secunia.com/advisories/26530/ 

 --

VIRUS ALERTS:

During the past week Secunia collected 155 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA26477] Opera JavaScript Invalid Pointer Vulnerability
2.  [SA26402] Sun JRE Font Parsing Vulnerability
3.  [SA26495] BlueCat Networks Adonis CLI Privilege Escalation
              Vulnerability
4.  [SA26493] rsync "f_name()" Off-By-One Vulnerability
5.  [SA26494] Sun Solaris RBAC Rules Privilege Escalation Vulnerability
6.  [SA26511] Symantec Enterprise Firewall User Enumeration Weakness
7.  [SA26471] IBM DB2 Multiple Vulnerabilities
8.  [SA26443] Ubuntu update for apache
9.  [SA26459] Cisco VPN Client Privilege Escalation Vulnerabilities
10. [SA26450] Debian update for kernel

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA26571] Rogue Trooper Asura Engine Packet Handling Buffer Overflow
[SA26532] Lhaz Archive Processing Unspecified Code Execution
[SA26526] rFactor Multiple Vulnerabilities
[SA26525] eCentrex VOIP Client Component ActiveX Control Buffer
Overflow
[SA26519] Mercury Mail Transport System SMTP AUTH CRAM-MD5 Buffer
Overflow
[SA26557] Trend Micro Products SSAPI Module Long Path Processing Buffer
Overflow
[SA26523] Trend Micro ServerProtect Multiple Buffer Overflow
Vulnerabilities
[SA26560] Search Engine Builder "searWords" Cross-Site Scripting
[SA26506] Unreal Engine Web Server Logging Denial of Service
[SA26513] ZoneAlarm Products Insecure Directory Permissions and IOCTL
Handler Privilege Escalation

UNIX/Linux:
[SA26545] Gentoo update for opera
[SA26521] Slackware update for tcpdump
[SA26505] Gentoo update for lighttpd
[SA26553] Asterisk SIP Channel Driver Dialog History Memory Exhaustion
[SA26548] rPath update for rsync
[SA26543] SUSE Update for Multiple Packages
[SA26537] Mandriva update for rsync
[SA26535] Mandriva update for libvorbis
[SA26531] IBM AIX BIND Predictable DNS Query IDs Vulnerability
[SA26518] Ubuntu update for rsync
[SA26514] Debian update for koffice
[SA26509] Gentoo update for bind
[SA26546] NuFW Time Based Filtering Rules Security Bypass
[SA26542] Ampache Session Fixation and SQL Injection
[SA26522] Mandriva update for vim
[SA26516] Ubuntu update for jasper
[SA26512] Gentoo update for mod_jk
[SA26508] Avaya Products Perl Net::DNS and Apache Vulnerabilities
[SA26527] Sysstat systat.in Insecure Temporary Files
[SA26558] Sun Solaris ATA Disk Driver IOCTLs Denial of Service
[SA26540] Sudo Kerberos 5 Security Bypass Vulnerability
[SA26520] Mandriva update for gdm

Other:
[SA26547] Cisco IP Phone 7940/7960 SIP Message Sequence Denial of
Service

Cross Platform:
[SA26533] OlateDownload Multiple Vulnerabilities
[SA26507] Toribash Multiple Vulnerabilities
[SA26556] Joomla SimpleFAQ Component "aid" SQL Injection
[SA26552] Kolab Server ClamAV Multiple Denial of Service
Vulnerabilities
[SA26544] TT4XBT Multiple SQL Injection Vulnerabilities
[SA26530] ClamAV Multiple Denial of Service Vulnerabilities
[SA26515] Nortel Products BIND Predictable DNS Query IDs Vulnerability
[SA26504] TorrentTrader Multiple SQL Injection Vulnerabilities
[SA26517] EMC NetWorker Remote Exec Service Buffer Overflow
[SA26565] OlateDownload files.php URL Cross-Site Scripting
[SA26563] WordPress Pool Theme URL Cross-Site Scripting Vulnerability
[SA26541] Cach Unspecified Data Manipulation Vulnerability
[SA26510] Drupal Project and Project Issue Tracking Modules Insecure
Permissions
[SA26555] Novell Identity Manager Client Login Extension Information
Disclosure
[SA26536] id3lib Insecure Temporary File Privilege Escalation

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA26571] Rogue Trooper Asura Engine Packet Handling Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-23

Luigi Auriemma has reported a vulnerability in Rogue Trooper, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26571/ 

 --

[SA26532] Lhaz Archive Processing Unspecified Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-20

A vulnerability has been reported in Lhaz, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26532/ 

 --

[SA26526] rFactor Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-20

Luigi Auriemma has reported some vulnerabilities in rFactor, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26526/ 

 --

[SA26525] eCentrex VOIP Client Component ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-23

rgod has discovered a vulnerability in the eCentrex VOIP Client
Component ActiveX control, which can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26525/ 

 --

[SA26519] Mercury Mail Transport System SMTP AUTH CRAM-MD5 Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-20

eliteb0y has discovered a vulnerability in Mercury Mail Transport
System, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/26519/ 

 --

[SA26557] Trend Micro Products SSAPI Module Long Path Processing Buffer
Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2007-08-22

A vulnerability has been reported in Trend Micro products, which can be
exploited by malicious, local users to gain escalated privileges or
potentially by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26557/ 

 --

[SA26523] Trend Micro ServerProtect Multiple Buffer Overflow
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-08-22

Some vulnerabilities have been reported in Trend Micro ServerProtect,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/26523/ 

 --

[SA26560] Search Engine Builder "searWords" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-08-22

MustLive has discovered a vulnerability in Search Engine Builder, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/26560/ 

 --

[SA26506] Unreal Engine Web Server Logging Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-08-20

Luigi Auriemma has reported a vulnerability in the Unreal Engine, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/26506/ 

 --

[SA26513] ZoneAlarm Products Insecure Directory Permissions and IOCTL
Handler Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-21

Some vulnerabilities and a security issue have been reported in
ZoneAlarm products, which can be exploited by malicious, local users to
gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/26513/ 


UNIX/Linux:--

[SA26545] Gentoo update for opera

Critical:    Highly critical
Where:       From remote
Impact:      Spoofing, System access
Released:    2007-08-23

Gentoo has issued an update for opera. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct spoofing attacks
or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26545/ 

 --

[SA26521] Slackware update for tcpdump

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-20

Slackware has issued an update for tcpdump. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/26521/ 

 --

[SA26505] Gentoo update for lighttpd

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2007-08-17

Gentoo has issued an update for lighttpd. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, cause a DoS (Denial of Service), or
potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26505/ 

 --

[SA26553] Asterisk SIP Channel Driver Dialog History Memory Exhaustion

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-08-22

A vulnerability has been reported in Asterisk, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/26553/ 

 --

[SA26548] rPath update for rsync

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-23

rPath has issued an update for rsync. This fixes a vulnerability, which
can potentially be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/26548/ 

 --

[SA26543] SUSE Update for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, DoS, System access
Released:    2007-08-20

SUSE has issued an update for multiple packages. This fixes some
security issues, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), and some vulnerabilities, which can be
exploited by malicious people to poison the DNS cache, cause a DoS, or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26543/ 

 --

[SA26537] Mandriva update for rsync

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-21

Mandriva has issued an update for rsync. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/26537/ 

 --

[SA26535] Mandriva update for libvorbis

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-21

Mandriva has issued an update for libvorbis. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/26535/ 

 --

[SA26531] IBM AIX BIND Predictable DNS Query IDs Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2007-08-22

IBM has acknowledged a vulnerability in AIX, which can be exploited by
malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/26531/ 

 --

[SA26518] Ubuntu update for rsync

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-21

Ubuntu has issued an update for rsync. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/26518/ 

 --

[SA26514] Debian update for koffice

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-21

Debian has issued an update for koffice. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/26514/ 

 --

[SA26509] Gentoo update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2007-08-20

Gentoo has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/26509/ 

 --

[SA26546] NuFW Time Based Filtering Rules Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-21

A security issue has been reported in NuFW, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26546/ 

 --

[SA26542] Ampache Session Fixation and SQL Injection

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Manipulation of data
Released:    2007-08-20

Some vulnerabilities have been reported in Ampache, which can be
exploited by malicious users to conduct SQL injection attacks and by
malicious people to conduct session fixation attacks.

Full Advisory:
http://secunia.com/advisories/26542/ 

 --

[SA26522] Mandriva update for vim

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2007-08-22

Mandriva has issued an update for vim. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/26522/ 

 --

[SA26516] Ubuntu update for jasper

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-08-21

Ubuntu has issued an update for jasper. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/26516/ 

 --

[SA26512] Gentoo update for mod_jk

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-20

Gentoo has issued an update for mod_jk. This fixes a security issue,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26512/ 

 --

[SA26508] Avaya Products Perl Net::DNS and Apache Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing, DoS
Released:    2007-08-17

Avaya has acknowledged some vulnerabilities in Avaya products, which
can be exploited by malicious people to conduct cross-site scripting
attacks, or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/26508/ 

 --

[SA26527] Sysstat systat.in Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2007-08-21

A vulnerability has been reported in Sysstat, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/26527/ 

 --

[SA26558] Sun Solaris ATA Disk Driver IOCTLs Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2007-08-22

Some security issues have been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/26558/ 

 --

[SA26540] Sudo Kerberos 5 Security Bypass Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2007-08-20

A vulnerability has been reported in Sudo, which can be exploited by
malicious, local users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26540/ 

 --

[SA26520] Mandriva update for gdm

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2007-08-22

Mandriva has issued an update for gdm. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/26520/ 


Other:--

[SA26547] Cisco IP Phone 7940/7960 SIP Message Sequence Denial of
Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-08-21

The Madynes research team at INRIA Lorraine has reported some
vulnerabilities in Cisco IP Phone 7940 and 7960, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/26547/ 


Cross Platform:--

[SA26533] OlateDownload Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, System access
Released:    2007-08-21

imei addmimistrator has reported some vulnerabilities in OlateDownload,
which can be exploited by malicious people to bypass certain security
restrictions, conduct SQL injection attacks, and compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/26533/ 

 --

[SA26507] Toribash Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-20

Luigi Auriemma has reported some vulnerabilities in Toribash, which can
be exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26507/ 

 --

[SA26556] Joomla SimpleFAQ Component "aid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2007-08-22

k1tk4t has discovered a vulnerability in the SimpleFAQ component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/26556/ 

 --

[SA26552] Kolab Server ClamAV Multiple Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-08-22

Some vulnerabilities have been reported in Kolab Server, which can
potentially be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/26552/ 

 --

[SA26544] TT4XBT Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-08-20

Some vulnerabilities have been reported in TT4XBT, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/26544/ 

 --

[SA26530] ClamAV Multiple Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-08-22

Some vulnerabilities have been reported in ClamAV, which can
potentially be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/26530/ 

 --

[SA26515] Nortel Products BIND Predictable DNS Query IDs Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2007-08-17

Nortel has acknowledged a vulnerability in BIND included in various
Nortel products, which can be exploited by malicious people to poison
the DNS cache.

Full Advisory:
http://secunia.com/advisories/26515/ 

 --

[SA26504] TorrentTrader Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-08-20

Some vulnerabilities have been reported in Torrent Trader, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/26504/ 

 --

[SA26517] EMC NetWorker Remote Exec Service Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-08-21

A vulnerability has been reported in EMC NetWorker, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26517/ 

 --

[SA26565] OlateDownload files.php URL Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-08-23

imei addmimistrator has discovered a vulnerability in OlateDownload,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/26565/ 

 --

[SA26563] WordPress Pool Theme URL Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-08-22

MustLive has discovered a vulnerability in the Pool theme for
WordPress, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/26563/ 

 --

[SA26541] Cach Unspecified Data Manipulation Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-08-22

A vulnerability has been reported in Cach, which can be exploited by
malicious users to manipulate data.

Full Advisory:
http://secunia.com/advisories/26541/ 

 --

[SA26510] Drupal Project and Project Issue Tracking Modules Insecure
Permissions

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2007-08-20

Some security issues have been reported in the Drupal Project and
Project issue tracking modules, which can be exploited by malicious
users to disclose sensitive information and bypass certain access
restrictions.

Full Advisory:
http://secunia.com/advisories/26510/ 

 --

[SA26555] Novell Identity Manager Client Login Extension Information
Disclosure

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2007-08-23

A security issue has been reported in the Client Login Extension for
Novell Identity Manager, which can be exploited by malicious, local
users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/26555/ 

 --

[SA26536] id3lib Insecure Temporary File Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-20

Nikolaus Schulz has reported a security issue in id3lib, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/26536/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/ 

Site design & layout copyright © 1986-2014 CodeGods