Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64
High Nessus Plugin ID 60194
SynopsisThe remote Scientific Linux host is missing one or more security updates.
A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall.
Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869)
A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)
A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
SolutionUpdate the affected packages.