den4
先輩
- 15 Nov 2002
- 1,799
- 63
- 58
taken from network computing:
for the past two weeks:
I was going to stick it into the humor and entertainment section, but thought some of the advisors may frown upon that
--- New Vulnerabilities -----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Applied Watch IDS <1.4.5: admin authentication not required to add users/rules
BIND 8.3.7, 8.4.3: negative cache poision fix
OpenCA 0.9.1.3: incorrect signature verification
Stunnel: file descriptor leak allows local service hijacking
**** Newly announced vulnerabilities this week ****
____Windows____
Eudora 6.0.1: bypass of LaunchProtect/auto-execution of e-mail attachments
http://archives.neohapsis.com/archives/bugtraq/2003-11/0296.html
IE 6.x: MHTML download/auto-execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0307.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0315.html
IE 6.x: cache location can be divulged/recovered
http://archives.neohapsis.com/archives/bugtraq/2003-11/0298.html
IE 6.x: cross-frame JavaScripting via subframe
http://archives.neohapsis.com/archives/bugtraq/2003-11/0297.html
IE 6.x: invalid content-type header JavaScript cache execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0309.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0302.html
IE 6.x: window.moveBy JavaScript attack
http://archives.neohapsis.com/archives/bugtraq/2003-11/0305.html
MSN messenger 6.0.0602: file transfer may leak user's IP address
http://archives.neohapsis.com/archives/bugtraq/2003-11/0250.html
____BSD____
OpenBSD kernel: uvm_vslock() and semop() local DoS
http://archives.neohapsis.com/archives/openbsd/2003-11/1645.html
____IRIX____
rpc.mountd: DoS, connections from unprivileged ports
http://archives.neohapsis.com/archives/vendor/2003-q4/0022.html
____Network Devices____
ProCurve 5300 series: RPC worms cause DoS (SSRT3647)
http://archives.neohapsis.com/archives/hp/2003-q4/0053.html
Speedtouch 510: network scan/probe causes reboot
http://archives.neohapsis.com/archives/bugtraq/2003-11/0310.html
Thomnson TCM315 cable modem: large HTTP request DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0265.html
____CGI____
CommerceSQL: remote file reading via page URL parameter
http://archives.neohapsis.com/archives/bugtraq/2003-11/0263.html
My_eGallery 3.1.1: arbitrary command execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0050.html
PieterPost 0.10.6: arbitrary account access
http://archives.neohapsis.com/archives/bugtraq/2003-11/0345.html
RNN's Guestbook 1.2: admin authentication bypass
http://archives.neohapsis.com/archives/bugtraq/2003-11/0324.html
phpBB 2.06: search.php SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2003-11/0327.html
vbPortal 2.0: friend.php anonymous e-mail/spamming
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0048.html
____Cross-Platform____
Applied Watch IDS <1.4.5: admin auth not required to add users/rules
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0052.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0335.html
BIND 8.3.7, 8.4.3: negative cache poision fix
http://archives.neohapsis.com/archives/bind/2003/0026.html
http://archives.neohapsis.com/archives/bind/2003/0027.html
FreeRADIUS 0.9.2: tunnel password attribute DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0251.html
FreeRADIUS 0.9.3: rlm_smb module user-password attribute overflow
http://archives.neohapsis.com/archives/bugtraq/2003-11/0314.html
GnuPG: ElGamal signing keys recoverable
http://archives.neohapsis.com/archives/bugtraq/2003-11/0323.html
Monit 4.1: long method overflow and DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0267.html
OpenCA 0.9.1.3: incorrect signature verification
http://archives.neohapsis.com/archives/bugtraq/2003-11/0332.html
PrimeBase SQL server 4.2: DB admin password local recovery
http://archives.neohapsis.com/archives/bugtraq/2003-11/0252.html
Stunnel: file descriptor leak allows local service hijacking
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0197.html
mod_python: malformed query string DoS
http://archives.neohapsis.com/archives/apache/2003/0009.html
screen: w_NumArgs signed integer overflow allows local code execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0322.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Windows____
Follow up to Exchange 2003 OWA authentication bypass
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0228.html
____Linux____
EnGarde > ESA-20031126-031: bind
http://archives.neohapsis.com/archives/linux/engarde/2003-q4/0004.html
Immunix > IMNX-2003-7+-024-01: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0321.html
Mandrake > MDKSA-2003:108: stunnel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0197.html
Mandrake > MDKSA-2003:109: gnupg
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0206.html
Red Hat > RHSA-2003:286-01: XFree86
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0020.html
Red Hat > RHSA-2003:287-01: XFree86
http://archives.neohapsis.com/archives/bugtraq/2003-11/0299.html
Red Hat > RHSA-2003:296-01: stunnel
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0018.html
Red Hat > RHSA-2003:311-01: Pan
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0019.html
Red Hat > RHSA-2003:316-01: iproute
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0017.html
Red Hat > RHSA-2003:342-01: EPIC
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0016.html
SGI > ProPack v2.3 security update
http://archives.neohapsis.com/archives/vendor/2003-q4/0024.html
SuSE > SuSE-SA:2003:047: bind
http://archives.neohapsis.com/archives/vendor/2003-q4/0025.html
Trustix > TSLSA-2003-0044: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0341.html
Trustix > TSLSA-2003-0045: stunnel
http://archives.neohapsis.com/archives/bugtraq/2003-11/0338.html
____BSD____
FreeBSD > FreeBSD-SA-03:19: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0344.html
____HP-UX____
SSRT3670: OpenSSH
http://archives.neohapsis.com/archives/hp/2003-q4/0052.html
**** Highlighted critical vulnerabilities ****
Linux 2.4.x kernel: do_brk() kernel memory reading
rsync 2.5.6: server daemon unspecified remote heap overflow
**** Newly announced vulnerabilities this week ****
____Windows____
IBM Directory Server 4.1: Web admin ldacgi.exe XSS vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-12/0015.html
Websense 5.1: blocked site URL XSS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0031.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0099.html
Yahoo Instant Messenger 5.6.0.1347: YAUTO.DLL open() overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0030.html
Yahoo Messenger 5.6: ymsgr handler arbitrary script injection
http://archives.neohapsis.com/archives/bugtraq/2003-12/0088.html
eZphotoshare: remote overflow in the handling of data to port 10101
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0057.html
____Linux____
Linux 2.4.x kernel: do_brk() kernel memory reading
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0054.html
____HP-UX____
shar: insecure temp file handling
http://archives.neohapsis.com/archives/hp/2003-q4/0060.html
____Tru64____
CDE libdthelp.so local privilege elevation and DoS (SSRT3657)
http://archives.neohapsis.com/archives/compaq/2003-q4/0012.html
____MacOS____
Appleshare IP FTP server 6.3.1: RMD command DoS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0082.html
____Network Devices____
Cisco wireless APs: SNMP trap reveals WEP key
http://archives.neohapsis.com/archives/bugtraq/2003-12/0017.html
Linksys WRT54G: admin Web server blank request DoS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0043.html
____CGI____
Alan Ward Acart: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-12/0046.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0047.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0050.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0060.html
Cutenews 1.3: debug/phpinfo() information disclosure
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0053.html
Jason Maloney's Guestbook: various XSS vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-12/0085.html
Virtual Programming VP-ASP 5.0: SQL tampering and XSS vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-11/0353.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0080.html
Xoops 2.0.5: banners.php SQL tampering
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0061.html
____Cross-Platform____
GnuPG 1.2.3, 1.3.3: external HKP format string vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-12/0026.html
Mathopd 1.5b13: prepare_reply() remote overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0076.html
PLDaniels Ebola: handle_PASS() remote overflow
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0059.html
Surfboard Web server 1.1.8: Web root escaping and DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0351.html
XBoard <4.2.7: pxboard insecure local temp file handling
http://archives.neohapsis.com/archives/bugtraq/2003-12/0033.html
rsync 2.5.6: server daemon unspecified remote heap overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0052.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Conectiva > CLA-2003:796: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0090.html
Debian > DSA 404-1: rsync
http://archives.neohapsis.com/archives/vendor/2003-q4/0030.html
Debian > DSA-403-1: kernel
http://archives.neohapsis.com/archives/vendor/2003-q4/0026.html
EnGarde > ESA-20031204-032: rsync
http://archives.neohapsis.com/archives/linux/engarde/2003-q4/0005.html
Mandrake > MDKSA-2003:110: kernel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0208.html
Mandrake > MDKSA-2003:111: rsync
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0246.html
Red Hat > RHSA-2003:335-01: Net-SNMP
http://archives.neohapsis.com/archives/bugtraq/2003-12/0016.html
Red Hat > RHSA-2003:392-00: kernel
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0022.html
Red Hat > RHSA-2003:398-01: rsync
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0024.html
Slackware > SSA:2003-336-01: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0019.html
Slackware > SSA:2003-337-01: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0051.html
SuSE > SuSE-SA:2003:048: gpg
http://archives.neohapsis.com/archives/bugtraq/2003-12/0027.html
SuSE > SuSE-SA:2003:049: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0056.html
SuSE > SuSE-SA:2003:050: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0066.html
Trustix > TSLSA-2003-0046: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0006.html
Trustix > TSLSA-2003-0048: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0053.html
____BSD____
OpenBSD > rsync
http://archives.neohapsis.com/archives/openbsd/2003-12/0211.html
____IRIX____
OpenSSH/OpenSSL updates
http://archives.neohapsis.com/archives/bugtraq/2003-12/0041.html
____SCO____
CSSA-2003-SCO.33: bind
http://archives.neohapsis.com/archives/linux/caldera/2003-q4/0022.html
____Tru64____
SSRT3653: bind
http://archives.neohapsis.com/archives/compaq/2003-q4/0011.html
____MacOS____
Safari 1.1 (v100): cookie theft update
http://archives.neohapsis.com/archives/bugtraq/2003-12/0093.html
_________________
for the past two weeks:
I was going to stick it into the humor and entertainment section, but thought some of the advisors may frown upon that
--- New Vulnerabilities -----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Applied Watch IDS <1.4.5: admin authentication not required to add users/rules
BIND 8.3.7, 8.4.3: negative cache poision fix
OpenCA 0.9.1.3: incorrect signature verification
Stunnel: file descriptor leak allows local service hijacking
**** Newly announced vulnerabilities this week ****
____Windows____
Eudora 6.0.1: bypass of LaunchProtect/auto-execution of e-mail attachments
http://archives.neohapsis.com/archives/bugtraq/2003-11/0296.html
IE 6.x: MHTML download/auto-execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0307.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0315.html
IE 6.x: cache location can be divulged/recovered
http://archives.neohapsis.com/archives/bugtraq/2003-11/0298.html
IE 6.x: cross-frame JavaScripting via subframe
http://archives.neohapsis.com/archives/bugtraq/2003-11/0297.html
IE 6.x: invalid content-type header JavaScript cache execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0309.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0302.html
IE 6.x: window.moveBy JavaScript attack
http://archives.neohapsis.com/archives/bugtraq/2003-11/0305.html
MSN messenger 6.0.0602: file transfer may leak user's IP address
http://archives.neohapsis.com/archives/bugtraq/2003-11/0250.html
____BSD____
OpenBSD kernel: uvm_vslock() and semop() local DoS
http://archives.neohapsis.com/archives/openbsd/2003-11/1645.html
____IRIX____
rpc.mountd: DoS, connections from unprivileged ports
http://archives.neohapsis.com/archives/vendor/2003-q4/0022.html
____Network Devices____
ProCurve 5300 series: RPC worms cause DoS (SSRT3647)
http://archives.neohapsis.com/archives/hp/2003-q4/0053.html
Speedtouch 510: network scan/probe causes reboot
http://archives.neohapsis.com/archives/bugtraq/2003-11/0310.html
Thomnson TCM315 cable modem: large HTTP request DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0265.html
____CGI____
CommerceSQL: remote file reading via page URL parameter
http://archives.neohapsis.com/archives/bugtraq/2003-11/0263.html
My_eGallery 3.1.1: arbitrary command execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0050.html
PieterPost 0.10.6: arbitrary account access
http://archives.neohapsis.com/archives/bugtraq/2003-11/0345.html
RNN's Guestbook 1.2: admin authentication bypass
http://archives.neohapsis.com/archives/bugtraq/2003-11/0324.html
phpBB 2.06: search.php SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2003-11/0327.html
vbPortal 2.0: friend.php anonymous e-mail/spamming
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0048.html
____Cross-Platform____
Applied Watch IDS <1.4.5: admin auth not required to add users/rules
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0052.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0335.html
BIND 8.3.7, 8.4.3: negative cache poision fix
http://archives.neohapsis.com/archives/bind/2003/0026.html
http://archives.neohapsis.com/archives/bind/2003/0027.html
FreeRADIUS 0.9.2: tunnel password attribute DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0251.html
FreeRADIUS 0.9.3: rlm_smb module user-password attribute overflow
http://archives.neohapsis.com/archives/bugtraq/2003-11/0314.html
GnuPG: ElGamal signing keys recoverable
http://archives.neohapsis.com/archives/bugtraq/2003-11/0323.html
Monit 4.1: long method overflow and DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0267.html
OpenCA 0.9.1.3: incorrect signature verification
http://archives.neohapsis.com/archives/bugtraq/2003-11/0332.html
PrimeBase SQL server 4.2: DB admin password local recovery
http://archives.neohapsis.com/archives/bugtraq/2003-11/0252.html
Stunnel: file descriptor leak allows local service hijacking
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0197.html
mod_python: malformed query string DoS
http://archives.neohapsis.com/archives/apache/2003/0009.html
screen: w_NumArgs signed integer overflow allows local code execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0322.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Windows____
Follow up to Exchange 2003 OWA authentication bypass
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0228.html
____Linux____
EnGarde > ESA-20031126-031: bind
http://archives.neohapsis.com/archives/linux/engarde/2003-q4/0004.html
Immunix > IMNX-2003-7+-024-01: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0321.html
Mandrake > MDKSA-2003:108: stunnel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0197.html
Mandrake > MDKSA-2003:109: gnupg
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0206.html
Red Hat > RHSA-2003:286-01: XFree86
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0020.html
Red Hat > RHSA-2003:287-01: XFree86
http://archives.neohapsis.com/archives/bugtraq/2003-11/0299.html
Red Hat > RHSA-2003:296-01: stunnel
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0018.html
Red Hat > RHSA-2003:311-01: Pan
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0019.html
Red Hat > RHSA-2003:316-01: iproute
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0017.html
Red Hat > RHSA-2003:342-01: EPIC
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0016.html
SGI > ProPack v2.3 security update
http://archives.neohapsis.com/archives/vendor/2003-q4/0024.html
SuSE > SuSE-SA:2003:047: bind
http://archives.neohapsis.com/archives/vendor/2003-q4/0025.html
Trustix > TSLSA-2003-0044: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0341.html
Trustix > TSLSA-2003-0045: stunnel
http://archives.neohapsis.com/archives/bugtraq/2003-11/0338.html
____BSD____
FreeBSD > FreeBSD-SA-03:19: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0344.html
____HP-UX____
SSRT3670: OpenSSH
http://archives.neohapsis.com/archives/hp/2003-q4/0052.html
**** Highlighted critical vulnerabilities ****
Linux 2.4.x kernel: do_brk() kernel memory reading
rsync 2.5.6: server daemon unspecified remote heap overflow
**** Newly announced vulnerabilities this week ****
____Windows____
IBM Directory Server 4.1: Web admin ldacgi.exe XSS vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-12/0015.html
Websense 5.1: blocked site URL XSS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0031.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0099.html
Yahoo Instant Messenger 5.6.0.1347: YAUTO.DLL open() overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0030.html
Yahoo Messenger 5.6: ymsgr handler arbitrary script injection
http://archives.neohapsis.com/archives/bugtraq/2003-12/0088.html
eZphotoshare: remote overflow in the handling of data to port 10101
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0057.html
____Linux____
Linux 2.4.x kernel: do_brk() kernel memory reading
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0054.html
____HP-UX____
shar: insecure temp file handling
http://archives.neohapsis.com/archives/hp/2003-q4/0060.html
____Tru64____
CDE libdthelp.so local privilege elevation and DoS (SSRT3657)
http://archives.neohapsis.com/archives/compaq/2003-q4/0012.html
____MacOS____
Appleshare IP FTP server 6.3.1: RMD command DoS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0082.html
____Network Devices____
Cisco wireless APs: SNMP trap reveals WEP key
http://archives.neohapsis.com/archives/bugtraq/2003-12/0017.html
Linksys WRT54G: admin Web server blank request DoS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0043.html
____CGI____
Alan Ward Acart: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-12/0046.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0047.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0050.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0060.html
Cutenews 1.3: debug/phpinfo() information disclosure
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0053.html
Jason Maloney's Guestbook: various XSS vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-12/0085.html
Virtual Programming VP-ASP 5.0: SQL tampering and XSS vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-11/0353.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0080.html
Xoops 2.0.5: banners.php SQL tampering
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0061.html
____Cross-Platform____
GnuPG 1.2.3, 1.3.3: external HKP format string vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-12/0026.html
Mathopd 1.5b13: prepare_reply() remote overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0076.html
PLDaniels Ebola: handle_PASS() remote overflow
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0059.html
Surfboard Web server 1.1.8: Web root escaping and DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0351.html
XBoard <4.2.7: pxboard insecure local temp file handling
http://archives.neohapsis.com/archives/bugtraq/2003-12/0033.html
rsync 2.5.6: server daemon unspecified remote heap overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0052.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Conectiva > CLA-2003:796: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0090.html
Debian > DSA 404-1: rsync
http://archives.neohapsis.com/archives/vendor/2003-q4/0030.html
Debian > DSA-403-1: kernel
http://archives.neohapsis.com/archives/vendor/2003-q4/0026.html
EnGarde > ESA-20031204-032: rsync
http://archives.neohapsis.com/archives/linux/engarde/2003-q4/0005.html
Mandrake > MDKSA-2003:110: kernel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0208.html
Mandrake > MDKSA-2003:111: rsync
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0246.html
Red Hat > RHSA-2003:335-01: Net-SNMP
http://archives.neohapsis.com/archives/bugtraq/2003-12/0016.html
Red Hat > RHSA-2003:392-00: kernel
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0022.html
Red Hat > RHSA-2003:398-01: rsync
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0024.html
Slackware > SSA:2003-336-01: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0019.html
Slackware > SSA:2003-337-01: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0051.html
SuSE > SuSE-SA:2003:048: gpg
http://archives.neohapsis.com/archives/bugtraq/2003-12/0027.html
SuSE > SuSE-SA:2003:049: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0056.html
SuSE > SuSE-SA:2003:050: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0066.html
Trustix > TSLSA-2003-0046: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0006.html
Trustix > TSLSA-2003-0048: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0053.html
____BSD____
OpenBSD > rsync
http://archives.neohapsis.com/archives/openbsd/2003-12/0211.html
____IRIX____
OpenSSH/OpenSSL updates
http://archives.neohapsis.com/archives/bugtraq/2003-12/0041.html
____SCO____
CSSA-2003-SCO.33: bind
http://archives.neohapsis.com/archives/linux/caldera/2003-q4/0022.html
____Tru64____
SSRT3653: bind
http://archives.neohapsis.com/archives/compaq/2003-q4/0011.html
____MacOS____
Safari 1.1 (v100): cookie theft update
http://archives.neohapsis.com/archives/bugtraq/2003-12/0093.html
_________________
