Multiple Unix applications bugs updated since 16.12.2004
Published:		17.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4277
Type:		remote
Level:		8/10
Description:		Different vulnerabilities in multiple applications.

Affected:		CUPS : cups 1.1
		MPG123 : mpg123 0.59
		MPLAYER : MPlayer 1.0
		XINELIB : xine-lib 1.0
		QWIKMAIL : qwik-smtpd 0.3
		A2FAX : a2fax 3.04
		ABC2MIDI : abc2midi
		ABC2MTEX : abc2mtex 1.6
		ABCM2PS : abcm2ps 3.7
		ABCPP : abcpp 1.3
		ABCTABS2PS : abctab2ps 1.6
		ASP2PHP : asp2php 0.76
		BSB2PPM : bsb2ppm 0.0
		CHANGEPASSWORD : ChangePassword 0.8
		CHBG : chbg 1.5
		CONVEX3D : Convex 3D 0.8
		CSV2XML : csv2xml 0.5
		DXFSCOPE : dxfscope 0.2
		ELMBOLTHOLE : elm/bolthole 2.6
		GREED : greed 0.81
		HTML2HDML : html2hdml 1.0
		IGLOOFTP : IglooFTP 0.6
		JCABC2PS : jcabc2ps
		JPEG2AVI : jpegtoavi 1.5
		JUNKIE : junkie 0.3
		LINPOPUP : LinPopUp 1.2
		MESHVIEWVER : Mesh Viewer 0.2
		NAPSHARE : NapShare 1.2
		NASM : NASM 0.98
		O3READ : o3read 0.0
		PCAL : pcal 4.7
		PGN2WEB : pgn2web 0.3
		RINGETONETOOLS : ringtonetools 2.22
		RTF2LATEX2E : rtf2latex2e 1.0
		TNFTP : tnftp 20030825
		UMLUTILITIES : uml-utilities 20030903
		UNRTF : unrtf 0.19
		VB2C : vb2c 0.02
		VILISTEXTUM : vilistextum 2.6
		XLREADER : xlreader 0.9
		YAMT : YAMT 0.5
		YANF : Yanf 0.4

Original document		IDEFENSE, iDEFENSE Security Advisory 12.16.04: MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability (17.12.2004)
		IDEFENSE, iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow Vulnerability (17.12.2004)
		IDEFENSE, iDEFENSE Security Advisory 12.16.04: MPlayer Remote RTSP HeapOverflow Vulnerability (17.12.2004)
		Thor Larholm, DJB's students release 44 *nix software vulnerability advisories (16.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

CA eTrust EZ weak permissions
Published:		17.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4278
Type:		local
Level:		5/10
Description:		Executables, including ones executed with System privileges are writable by users.

Affected:

CA : eTrust EZ 7.0

Original document

IDEFENSE, iDEFENSE Security Advisory 12.15.04: Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability (17.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Ethereal bugs
Published:		17.12.2004
Source:		SECUNIA
SecurityVulns ID:		4281
Type:		remote
Level:		5/10
Description:		Multiple protocol handling bugs leading to DoS.

Affected:

ETHEREAL : Ethereal 0.10

Original document

SECUNIA, [SA13468] Ethereal Multiple Vulnerabilities (17.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Sun ONE bugs
Published:		17.12.2004
Source:		SECUNIA
SecurityVulns ID:		4280
Type:		remote
Level:		5/10
Description:		Session ID disclosure, crossite scripting.

Affected:		SUN : Sun ONE 7.0
		SUN : Sun ONE 6.0

Original document		SECUNIA, [SA13497] Sun Java Messaging Server Webmail Script Insertion Vulnerability (17.12.2004)
		SECUNIA, [SA13437] Sun Java System Web Server / Application Server Session ID Disclosure (17.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

Samba integer overflow updated since 16.12.2004
Published:		17.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4275
Type:		remote
Level:		7/10

Affected:

SAMBA : Samba 3.0

Original document		IDEFENSE, iDEFENSE Security Advisory 12.16.04: Samba smbd Security Descriptor Integer Overflow Vulnerability (17.12.2004)
		SAMBA, [SAMBA] CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9 (16.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

ISAKMPd/KAME/Racoon multiple bugs updated since 05.11.2003
Published:		17.12.2004
Source:		SECURITEAM
SecurityVulns ID:		3233
Type:		remote
Level:		5/10
Description:		Multiple bugs in RFC 2407-2409 realization.

Affected:		NETBSD : NetBSD 1.6
		OPENBSD : OpenBSD 3.3
		FREEBSD : FreeBSD 4.9
		ISAKMPD : isakmpd 2.1
		ISAKMPD : isakmpd 2.2
		OPENBSD : OpenBSD 3.4
		IPSECTOOLS : ipsec-tools 0.2
		OPENBSD : OpenBSD 3.5
		IPSECTOOLS : ipsec-tools 0.3
		OPENBSD : OpenBSD 3.6

Original document		SECUNIA, [SA13443] OpenBSD isakmpd Denial of Service Vulnerability (17.12.2004)
		GENTOO, [ GLSA 200406-17 ] IPsec-Tools: authentication bug in racoon (23.06.2004)
		Thomas Walpuski, unauthorized deletion of IPsec SAs in isakmpd, still (09.06.2004)
		RAPID7, R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities (24.03.2004)
		Thomas Walpuski, unauthorized deletion of IPsec (and ISAKMP) SAs in racoon (14.01.2004)
		Thomas Walpuski, Re: multiple payload handling flaws in isakmpd, again (03.01.2004)
		Thomas Walpuski, multiple payload handling flaws in isakmpd, again (03.01.2004)
		SECURITEAM, [NEWS] Multiple Payload Handling Flaws in ISAKMPd (05.11.2003)

Discuss:

Read or add your comments to this news (0 comments)

Buffer overflow Novell Netmail updated since 15.07.2002
Published:		17.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		2158
Type:		remote
Level:		8/10
Description:		Multiple buffer overflows

Affected:		NOVELL : Netmail 3.0
		NOVELL : Netmail 3.1

Original document		SECUNIA, [SA13448] NetMail IMAPD Unspecified Buffer Overflow Vulnerability (17.12.2004)
		Patrik Karlsson, pwc.20020630.nims_3.0.3_imapd.a (15.07.2002)
		Patrik Karlsson, pwc.20020630.nims_modweb.b (15.07.2002)

Discuss:

Read or add your comments to this news (0 comments)

Veritas Backup Exec buffer overflow updated since 17.12.2004
Published:		11.01.2005
Source:		BUGTRAQ
SecurityVulns ID:		4279
Type:		remote
Level:		6/10
Description:		Buffer overflow during agent registration request processing.

Affected:

VERITAS : Backup Exec 9.1

Original document		class 101, [Full-Disclosure] VERITAS Backup Exec 8.x/9.x Remote Universal Exploit (11.01.2005)
		IDEFENSE, iDEFENSE Security Advisory 12.16.04: Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability (17.12.2004)

Files:		VERITAS Backup Exec Agent Browser Service, Remote Stack Overflow
Discuss:		Read or add your comments to this news (0 comments)