Secunia Advisories

July 27, 2005

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from July 27, 2005.

• Secunia Advisory 16173
  MDaemon Content Filter Directory Traversal Vulnerability
  • Criticality: High
  • Description: Secunia Research has discovered a vulnerability in MDaemon, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input validation error in MDaemon's content filter. This can be exploited to write files to arbitrary directories via e.g. a specially crafted email containing a virus-infected attachment with directory traversal sequences in its filename (e.g. "../../../../../file.exe").
  • Secunia Advisory: http://secunia.com/advisories/16173/

• Secunia Advisory 16218
  FtpLocate Arbitrary Code Execution Vulnerability
  • Criticality: High
  • Description: newbug has reported a vulnerability in FtpLocate, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "fsite" parameter in flsearch.pl and flmodule.pl is not properly sanitised before it is used as command line argument. This can be exploited to inject arbitrary shell commands by injecting "|" or ";" characters. Successful exploitation allows execution of commands with privileges of the web server.
  • Secunia Advisory: http://secunia.com/advisories/16218/

• Secunia Advisory 16225
  Ethereal Multiple Protocol Dissector and zlib Vulnerabilities
  • Criticality: High
  • Description: Multiple vulnerabilities have been reported in Ethereal, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
    1. Various types of errors including NULL pointer dereference errors, format string errors, infinite loop errors, and boundary errors exists in a multitude of protocol dissectors.
    2. Ethereal Windows installer ships with a vulnerable version of zlib library.
  • Secunia Advisory: http://secunia.com/advisories/16225/

• Secunia Advisory 16229
  Gentoo Update For clamav
  • Criticality: High
  • Description: Gentoo has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
  • Secunia Advisory: http://secunia.com/advisories/16229/

• Secunia Advisory 16230
  Gentoo Update For Mozilla
  • Criticality: High
  • Description: Gentoo has issued an update for mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, and compromise a user's system.
  • Secunia Advisory: http://secunia.com/advisories/16230/

• Secunia Advisory 16238
  Kadu libgadu Integer Overflow Vulnerability
  • Criticality: High
  • Description: A vulnerability has been reported in Kadu, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
  • Secunia Advisory: http://secunia.com/advisories/16238/

• Secunia Advisory 16240
  Centericq libgadu Integer Overflow Vulnerability
  • Criticality: High
  • Description: A vulnerability has been reported in Centericq, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
  • Secunia Advisory: http://secunia.com/advisories/16240/

• Secunia Advisory 16241
  GNU Gadu libgadu Integer Overflow Vulnerability
  • Criticality: High
  • Description: A vulnerability has been reported in GNU Gadu, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
  • Secunia Advisory: http://secunia.com/advisories/16241/

• Secunia Advisory 16242
  Gentoo update for gnugadu/kadu/ekg/libgadu/centericq
  • Criticality: High
  • Description: Gentoo has issued updates for gnugadu, kadu, ekg, libgadu and centericq. These fix a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
  • Secunia Advisory: http://secunia.com/advisories/16242/