CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 934
Comments: 25
block bottom
spacer spacer
image Advisories!: Latest Advisories (9/27/03) image
Cyber Security
Latest Advisories
2003-09-27
Secunia
Security Tracker
Security Focus
Symantec

Secunia
2003-09-26


Cfengine Remotely Exploitable Buffer Overflow
A vulnerability has been identified in Cfengine allowing malicious people to execute arbitrary code on the master server. [Full Advisory]


sbox Path Disclosure Vulnerability
A vulnerability has been reported in sbox, which can be exploited by malicious people to see path information. [Full Advisory]


MPlayer ASX Streaming Buffer Overflow Vulnerability
A vulnerability has been reported in MPlayer, which can be exploited by malicious people to compromise a user's system. [Full Advisory]


Savant Web Server Infinite Loop Denial of Service
A vulnerability has been reported in Savant Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service). [Full Advisory]


OpenPKG update for ProFTPD
OpenPKG has issued updated packages for ProFTPD. These fix a vulnerability, which can be exploited by some malicious users to compromise a vulnerable system. [Full Advisory]


wzdftpd Login Denial of Service Vulnerability
A vulnerability has been reported in wzdftpd allowing malicious people to cause a Denial of Service. [Full Advisory]


Tcl Web Server Directory Traversal and Cross Site Scripting
Multiple vulnerabilities have been reported in Tcl Web Server, which can be exploited by malicious people to see the contents of directories and conduct Cross Site Scripting. [Full Advisory]


Debian Marbles Privilege Escalation Vulnerability
Debian has issued updated packages for marbles. These fix a vulnerability, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system. [Full Advisory]


BRS WebWeaver IP Logging Bypass
A security issue has been identified in BRS WebWeaver allowing malicious people to make HTTP requests where the IP isn't logged. [Full Advisory]

Security Tracker
Marbles Game HOME Environment Variable Buffer Overflow Lets Local Users Gain Elevated Privileges

A buffer overflow vulnerability was reported in the Marbles game software. A local user may be able to obtain elevated privileges on the target system.

Impact: Execution of arbitrary code via local system, User access via local system



Sambar Server Contains Multiple Unspecified Vulnerabilities

Several vulnerabilities were reported in Sambar Server. The specific nature of these flaws was not disclosed, but one is reported to be a significant vulnerability.

Impact: Not specified



sbox May Disclose Installation Path and User Account Paths to Remote Users

A vulnerability was reported in 'sbox'. A remote user can determine the installation path and the path to various user cgi scripts.

Impact: Disclosure of system information, Disclosure of user information



Cfengine Buffer Overflow in 'cfservd' Lets Remote Users Execute Arbitrary Code

A stack overflow vulnerability was reported in Cfengine in the 'cfservd' daemon. A remote user can execute arbitrary code on the target system.

Impact: Execution of arbitrary code via network, User access via network



myServer Input Validation Flaw Discloses Files on the System to Remote Users

Arnaud Jacques (aka scrap) reported a directory traversal vulnerability in myServer. A remote user can view arbitrary files on the system with the privileges of the web service.

Impact: Disclosure of system information, Disclosure of user information




SecurityFocus BugTraq
SecurityFocus Vulnerabilities
09/26/2003 Re: ICMP pokes holes in firewalls... Darren Reed
09/26/2003 MDKSA-2003:096 - Updated apache2 packages fix CGI scripting deadlock Mandrake Linux Security Team
09/26/2003 MDKSA-2003:095 - Updated proftpd packages fix remote root vulnerability Mandrake Linux Security Team
09/26/2003 Re: Packetstorm started a try2crack of A.R.C.S. Algorithm mhw netris org (Mark H Weaver)
09/26/2003 Re: base64 Steven M. Christey
09/26/2003 Re: base64 Earl Hood
09/26/2003 Re: Packetstorm started a try2crack of A.R.C.S. Algorithm der Mouse
09/26/2003 RE: base64 Rainer Gerhards
09/26/2003 RE: Ruh-Roh SOBIG.G? James C. Slora, Jr.
09/26/2003 RE: base64 Michael Wojcik
09/26/2003 Packetstorm started a try2crack of A.R.C.S. Algorithm Angelo Rosiello
09/26/2003 Re: base64 Bennett Todd
09/26/2003 Re: base64 Bennett Todd
09/26/2003 Re[2]: base64 3APA3A
09/26/2003 RE: CyberInsecurity: The cost of Monopoly emacdona edmacdonald net
09/26/2003 RE: base64 Louis Erickson
09/26/2003 Re: base64 Bennett Todd
09/26/2003 DCE 1.2.2c Denial of Service Vulnerability on IRIX SGI Security Coordinator
09/26/2003 Re: Does VeriSign's SiteFinder service violate the ECPA? Bob Johnson
09/26/2003 Re: Sanctum AppScan 4 misses potential vulnerabilities in wrapped links Valdis Kletnieks vt edu
09/26/2003 @Stake pulls pin on Geer: Effect on research and publication Patrick J. Kobly
09/26/2003 Re: ICMP pokes holes in firewalls... H D Moore hdm@digitaloffense.net,(by way of Lucio )
09/26/2003 RE: Ruh-Roh SOBIG.G? Larry Seltzer
09/26/2003 Re: ICMP pokes holes in firewalls... Lucio
09/26/2003 McNews 1.3 : File Disclosure Vulnerability Sebastien Lelarge
09/26/2003 RE: Sanctum AppScan 4 misses potential vulnerabilities in wrapped links Dawes, Rogan (ZA - Johannesburg)
09/26/2003 SMC Router Denial of Service exploit res076cf alltel net
09/26/2003 Re: [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh) Ralf S. Engelschall
09/26/2003 Re: LanSuite 2003 - Multiple Vulnerabilities Stan Bubrouski
09/26/2003 Re: LanSuite 2003 - Multiple Vulnerabilities Stan Bubrouski
09/26/2003 [SECURITY] [DSA-390-1] New marbles packages fix buffer overflow Matt Zimmerman
09/26/2003 Re: Ruh-Roh SOBIG.G? Valdis Kletnieks vt edu
09/26/2003 Re: LanSuite 2003 - Multiple Vulnerabilities Phuong Nguyen
09/26/2003 RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly Richard M. Smith
09/26/2003 RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly Marc Maiffret
09/26/2003 CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski
09/26/2003 Mplayer Buffer Overflow Otero, Hernan
09/26/2003 Re: ICMP pokes holes in firewalls... Darren Reed
2003-09-23: wzdftpd Login Remote Denial of Service Vulnerability
2003-09-23: Escapade Scripting Engine PAGE Parameter Path Disclosure Vulnerability
2003-09-23: Ntpd Remote Buffer Overflow Vulnerability
2003-09-23: XFree86 XLOCALEDIR Buffer Overflow Variant Vulnerability
2003-09-23: Ingate Firewall/SIParator Packet Filter Rule Bypass Vulnerability
2003-09-23: MPG123 Remote File Play Heap Corruption Vulnerability
2003-09-23: Linux Netfilter NAT Remote Denial of Service Vulnerability
2003-09-23: ColdFusionMX Error Handler Pages Cross-Site Scripting Vulnerability



Symantec SSR
W32.Smibag.Worm September 26, 2003 September 26, 2003
PWSteal.Lemir.F
Trojan.PSW>Legendmir.aa[AVP] September 26, 2003 September 26, 2003
Backdoor.Zombam.B
Backdoor.Zombam.i[AVP] September 26, 2003 September 26, 2003
Backdoor.Semes September 25, 2003 September 26, 2003
Posted on Saturday, 27 September 2003 @ 06:20:25 UTC by phoenix22 (708 reads)
[ Trackback ]		image

"Advisories!: Latest Advisories (9/27/03)" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· Linux.com
· MandrakeSoft
· Debian GNU/Linux
· HotScripts
· Apache Web Server
· W3 Consortium
· X-Free86 Project
· More about Cyber Security
· News by phoenix22

Most read story about Cyber Security:
Booby Trapped software!
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
192ppm 1.273s (0.012s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer