Security Patches for 602Pro LAN SUITE 2002, Squirrel Mail 1.2.7 and BRU Workstation 17.0

Some of the vulnerabilities we add to our list don’t have vendor replies inside them. These are some of the patches released after the vulnerability was disclosed to the BugTraq mailing list.

Multiple 602Pro LAN SUITE 2002 Denial of Service Vulnerabilities

Date: August 3, 2002 (Updated August 20, 2002)
Author: Stan Bubrouski
Product: 602Pro LAN SUITE 2002
Summary: Denial of Service attacks in webserver and telnet proxy

Solution:

Both problems have been resolved in the latest build of 602Pro LAN SUITE 2002 (2002.0.02.0912). )

Squirrel Mail 1.2.7 Cross Site Scripting Vulnerabilities

Date: September 1, 2002
Author: DarC KonQuesT
Product: Squirrel Mail 1.2.7
Summary: Multiple XSS vulnerabilities

All the listed exploits have been fixed in the recently released 1.2.8 version of SquirrelMail. These fixes have also been applied to the current development and stable CVS, 1.3.2 and 1.2.9 respectively. (http://www.squirrelmail.org)

BRU Workstation 17.0 Race Condition

Date: September 4, 2002
Author: advisory@prophecy.net.nz
Product: BRU Workstation 17.0
Summary: Race condition in xbru component

support@tolisgroup.com : “The /tmp file exploit in the previous setlicense was fixed the day after it was mentioned and posted. All new version of the setlicense program (since BRU 17.0.0.0.5) no longer require any /tmp file access. As for the other one, we are working on a new release of XBRU that will resolve it. ETA Late September.” (http://www.tolisgroup.com)