2004 November

Three prominent open source software developers, including Linus Torvalds, the creator of Linux, have issued a statement urging the European Union Council to reject proposed legislation that would codify the practice of granting software patents in the E.U.
In the statement, issued Tuesday, the three developers argued that the legislation, called the software patent directive, would [...]

CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Star Wars Battlefront 1.x
DESCRIPTION:
Luigi Auriemma has reported two vulnerabilities in Star Wars
Battlefront, which can be exploited by malicious people to cause a
DoS (Denial of Service).
1) A boundary error in the handling of nicknames can be exploited to
crash a vulnerable game server by joining with an overly long
nickname.
2) An error in the debug output [...]

That’s what the companies say - IT analysts have a more pessimistic view…
Kmart Holding Corp. and Sears, Roebuck and Co. claimed that the planned merger they announced last week will broaden their U.S. retail presence and make their procurement, marketing, IT and supply chain management operations more efficient.
But the marriage could require a daunting amount [...]

Richard Walstrom said this week that he sensed something was wrong during a job fair in May, when he saw some of his IT co-workers, who had also been told by Best Buy Co. Inc. that they were losing their jobs. “There were a high percentage of people with grey hair,” said Walstrom, who’s 57. [...]

CRITICAL:
Not critical
IMPACT:
Exposure of system information
WHERE:
From remote
SOFTWARE:
Opera 7.x
DESCRIPTION:
Marc Schoenefeld has reported a weakness in Opera, which can be
exploited by malicious people to disclose some system information.
Opera accesses the JRE (Java Runtime Environment) directly instead of
using the Java plugin. The problem is that the “accessClassInPackage”
permission is improperly given to the “sun.*” packages, which can be
exploited by a [...]

CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
ZoneAlarm Security Suite 5.x, ZoneAlarm Pro 5.x, ZoneAlarm Pro 4.x, ZoneAlarm Pro 3.x
DESCRIPTION:
Nicolas Robillard has reported a vulnerability in ZoneAlarm Pro and
ZoneAlarm Security Suite, which can be exploited by malicious people
to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the Ad-Blocking
feature (disabled by default) when processing JavaScript [...]

CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
From remote
A vulnerability has been reported in various F-Secure products, which
can be exploited by malware to bypass certain scanning functionality.
The vulnerability is caused due to an error when parsing “.zip”
archives and can be exploited via a specially crafted “.zip” archive,
which the scanner incorrectly calculates be of zero length.
Successful exploitation causes malware in a [...]

Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: CoffeeCup Direct FTP 6.x
CoffeeCup Free FTP 3.x
Komrade has reported a vulnerability in the third-party wodFtpDLX ActiveX component included in CoffeeCup Direct and CoffeeCup Free FTP, which can be exploited by malicious people to compromise a user’s system.
For more information:
SA13270
The vulnerability has been reported in CoffeeCup Direct FTP [...]

Critical: Moderately critical Impact: DoS Where: From remote Solution Status: Unpatched Software: Soldier of Fortune II 1.x
Luigi Auriemma has reported a vulnerability in Soldier of Fortune II, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to some boundary errors in the [...]

Critical: Less critical Impact: DoS Where: From remote Solution Status: Vendor Patch Software: Halo 1.x
Luigi Auriemma has reported a vulnerability in Halo, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error in the handling of server [...]

Critical: Extremely critical Impact: System access Where: From remote Solution Status: Unpatched Software: Winamp 5.x
Brett Moore has reported a vulnerability in Winamp, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error in the “IN_CDDA.dll” file. This can be exploited in [...]

Critical: Moderately critical Impact: System access
Where: From remote Solution Status: Vendor Patch Software: Apple iCal 1.x
Aaron has reported a vulnerability in iCal, which potentially can be exploited by malicious people to compromise a user’s system.
The problem is that it is possible to execute arbitrary programs or send e-mails via alarms by tricking [...]

Critical: Less critical Impact: Security Bypass Where: Local system Solution Status: Vendor Patch Software: Prevx Home 1.x
Tan Chew Keong has reported a vulnerability in Prevx Home, which can be exploited certain malicious processes to bypass security features provided by the product.
Prevx Home includes registry and buffer overflow protection features, which protect against manipulation [...]

A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet.
Sun acknowledges, with thanks, Jouko Pynnonen for bringing this issue to our attention, and iDEFENSE Inc. for coordinating the release of this [...]

Critical: Less critical Impact: Security Bypass, Exposure of sensitive information Where: Local system Solution Status: Vendor Patch Software: eTrust Antivirus 7.x
Cengiz Aykanat has reported a security issue in eTrust Antivirus, which can be exploited by malicious people to bypass certain security features.
The problem is that it is possible to bypass the password [...]

Matthew Prince writes:
I wanted to let you know about a service we just launched at Unspam.
It’s distributed a way to track and stop spam harvesters from stealing
e-mail addresses from Web sites. Called Project Honey Pot, you can get
more information about it here:
http://www.projecthoneypot.org/
The Project is already growing by leaps and bounds. Mike Wendland, a
technology reporter at [...]

These days, there are three sure things in life. Death, taxes and Internet Phishing. According to the Anti-Phishing Working Group (APWG), Phishing schemes continue to rise even with people becoming more aware of them.
To me, this proves that the education is simply not there. There needs to be a pamphlet taped to all new PCs [...]

Voice over IP (VoIP) is everywhere. Vonage, various Internet based software packages, plus other options are helping to bring this sort of technology to the masses. With SBC getting ready to roll out their VoIP packages to the surrounding LA area, there are going to be a number of businesses that will be wanting to [...]

Nothing worse than jerking the chain of the Porn industry it would appear. Apparently, ‘Perfect 10‘ is suing Google for displaying pictures that normally are only viewable by buying a ‘Perfect 10′ membership.
Looks like they did not do such a great job hiding the directory from the Google-bot. Personally, I don’t think that this is [...]

People still use VCRs? You bet they do! And with the way digital rights management is going now a days, we may be stuck using them instead of taking DVRs to the next level.
According to Ars Technica, we shouldn’t be worrying ourselves all that much anyway. VCRs still have their place in the entertainment centers [...]