Internet / Network Security
  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Secunia Advisories
September 8, 2006

From Tony Bradley, CISSP-ISSAP, for About.com

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from September 8, 2006.

  • Secunia Advisory 21768
    Ubuntu update for PHP
    • Criticality: High
    • Description: Ubuntu has issued an update for PHP. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security issues and by malicious people to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21768/

  • Secunia Advisory 21771
    dsocks "_tor_resolve" Buffer Overflow Vulnerability
    • Criticality: High
    • Description: Michael Adams has reported a vulnerability in dsocks, which potentially can be exploited by malicious people to compromise a user's system.

      The vulnerability is due to a boundary error in the "_tor_resolve()" function in dsocks.c. This can be exploited to cause a stack-based buffer overflow when resolving an overly long host name (e.g. supplied by a malicious website when using dsocks with a browser).

    • Secunia Advisory: http://secunia.com/advisories/21771/

  • Secunia Advisory 21794
    avast! LHA Archive Processing Buffer Overflow Vulnerability
    • Criticality: High
    • Description: Ryan Smith has reported a vulnerability in avast!, which can be exploited by malicious people to compromise a vulnerable system.

      The vulnerability is caused due to a boundary error in the anti-virus engine when processing LHA archives. This can be exploited to cause a heap-based buffer overflow via a specially crafted LHA archive with overly long filename and directory name extended-header fields.

    • Secunia Advisory: http://secunia.com/advisories/21794/

  • Secunia Advisory 21796
    photokorn "dir_path" File Inclusion Vulnerabilities
    • Criticality: High
    • Description: Some vulnerabilities have been reported in photokorn, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "dir_path" parameter in includes/cart.inc.php and extras/ext_cat.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources.

    • Secunia Advisory: http://secunia.com/advisories/21796/

  • Secunia Advisory 21807
    Fantastic News "CONFIG[script_path]" File Inclusion Vulnerabilities
    • Criticality: High
    • Description: Two vulnerabilities have been discovered in Fantastic News, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "CONFIG[script_path]" parameter in archive.php and headlines.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

    • Secunia Advisory: http://secunia.com/advisories/21807/

  • Secunia Advisory 21813
    Debian update for ethereal
    • Criticality: High
    • Description: Debian has issued an update for ethereal. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
    • Secunia Advisory: http://secunia.com/advisories/21813/

  • Secunia Advisory 21819
    DokuWiki "TARGET_FN" Directory Traversal Vulnerability
    • Criticality: High
    • Description: rgod has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "TARGET_FN" parameter in bin/dwpage.php is not properly sanitised before being used to copy files. This can be exploited via directory traversal attacks in combination with DokuWiki's file upload feature to execute arbitrary PHP code.

    • Secunia Advisory: http://secunia.com/advisories/21819/

  • Secunia Advisory 21825
    Somery "skindir" File Inclusion Vulnerability
    • Criticality: High
    • Description: basher13 has reported a vulnerability in Somery, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "skindir" parameter in admin/system/include.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21825/

  • Secunia Advisory 21834
    ICQ Pro 2003b "MCRegEx__Search" Buffer Overflow Vulnerability
    • Criticality: High
    • Description: Core Security Technologies has reported a vulnerability in ICQ Pro 2003b, which can be exploited by malicious people to compromise a user's system.

      The vulnerability is caused due to a boundary error in the "MCRegEx__Search()" function in the processing of messages with a certain type. This can be exploited to cause a heap-based buffer overflow by specifying an incorrect length value in a message sent to the client.

    • Secunia Advisory: http://secunia.com/advisories/21834/

Explore Internet / Network Security
About.com Special Features
Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Internet / Network Security
  1. Home
  2. Computing & Technology
  3. Internet / Network Security
  4. Security Bulletins
  5. Secunia Advisories
  6. Secunia Advisories - September 8, 2006

©2009 About.com, a part of The New York Times Company.

All rights reserved.