Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - April 20, 2007

by Marianna Schmudlach / April 20, 2007 12:40 AM PDT

HP Oracle for OpenView Multiple Vulnerabilities

TITLE:
HP Oracle for OpenView Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24969

VERIFY ADVISORY:
http://secunia.com/advisories/24969/

CRITICAL:
Highly critical

IMPACT:
Unknown, Security Bypass, Cross Site Scripting, Manipulation of data,
Exposure of sensitive information, Privilege escalation, DoS, System
access

WHERE:
From remote

SOFTWARE:
HP Oracle for OpenView (OfO) 8.x
http://secunia.com/product/5976/
HP Oracle for OpenView (OfO) 9.x
http://secunia.com/product/5977/

DESCRIPTION:
HP has acknowledged some vulnerabilities in HP OfO (Oracle for
Openview). Some of these vulnerabilities have unknown impacts, while
others can be exploited to bypass certain security restrictions, gain
knowledge of sensitive information, gain escalated privileges, cause a
DoS (Denial of Service), conduct cross-site scripting and SQL
injection attacks, or potentially compromise a vulnerable system.

For more information:
SA24929

The vulnerabilities are reported in Oracle for OpenView (OfO) v8.1.7
or v9.1.01 or v9.2 running on HP-UX, Tru64 UNIX, Linux, Solaris, and
Windows.

SOLUTION:
Install the Critical Patch Update - April 2007.

ORIGINAL ADVISORY:
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143

OTHER REFERENCES:
SA24929:
http://secunia.com/advisories/24929/

Discussion is locked
You are posting a reply to: VULNERABILITIES - April 20, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - April 20, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Redhat Security Update Fixes PHP Buffer Overflow and Securit
by Marianna Schmudlach / April 20, 2007 12:43 AM PDT

Redhat Security Update Fixes PHP Buffer Overflow and Security Bypass Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-1481
CVE ID : CVE-2007-0455 - CVE-2007-1001 - CVE-2007-1583 - CVE-2007-1718
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-20
Technical Description

Multiple vulnerabilities have been identified in Redhat, which could be exploited by attackers to bypass security restrictions, cause a denial of service or execute arbitrary code. These issues are caused by errors in PHP. For additional information, see : FrSIRT/ADV-2007-0400 - FrSIRT/ADV-2007-1269 - FrSIRT/ADV-2007-0791

Affected Products

RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)

Solution

Upgrade the affected packages :
http://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/1481
http://rhn.redhat.com/errata/RHSA-2007-0153.html

Collapse -
Slackware Security Update Fixes Xine-lib "DMO_VideoDecoder()
by Marianna Schmudlach / April 20, 2007 12:45 AM PDT

Slackware Security Update Fixes Xine-lib "DMO_VideoDecoder()" Buffer Overflow

Advisory ID : FrSIRT/ADV-2007-1474
CVE ID : CVE-2007-1246
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-20
Technical Description

A vulnerability has been identified in Slackware, which could be exploited by attackers execute arbitrary code. This issue is caused by an error in xine-lib. For additional information, see : FrSIRT/ADV-2007-0794

Affected Products

Slackware 10.0
Slackware 10.1
Slackware 10.2
Slackware 11.0

Solution

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xine-lib-1.1.6-i686-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xine-lib-1.1.6-i686-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xine-lib-1.1.6-i686-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xine-lib-1.1.6-i686-1_slack11.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xine-lib-1.1.6-i686-2.tgz

References

http://www.frsirt.com/english/advisories/2007/1474
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449141

Collapse -
Slackware Security Update Fixes FreeType BDF Font Integer Ov
by Marianna Schmudlach / April 20, 2007 12:46 AM PDT

Slackware Security Update Fixes FreeType BDF Font Integer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-1473
CVE ID : CVE-2007-1351
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-20
Technical Description

A vulnerability has been identified in Slackware, which could be exploited by attackers execute arbitrary code. This issue is caused by an error in FreeType. For additional information, see : FrSIRT/ADV-2007-1264

Affected Products

Slackware 10.1
Slackware 10.2
Slackware 11.0


Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.3.4-i486-1.tgz

References

http://www.frsirt.com/english/advisories/2007/1473
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733

Collapse -
Ubuntu Security Update Fixes libx11 "XGetPixel()" Function C
by Marianna Schmudlach / April 20, 2007 12:48 AM PDT

Ubuntu Security Update Fixes libx11 "XGetPixel()" Function Code Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-1472
CVE ID : CVE-2007-1667
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-20
Technical Description

A vulnerability has been identified in Ubuntu, which could be exploited by attackers execute arbitrary code. This issue is caused by an error in libx11. For additional information, see : FrSIRT/ADV-2007-1217

Affected Products

Ubuntu 6.06 LTS
Ubuntu 6.10

Solution

Ubuntu 6.06 LTS - Upgrade to libx11-6 2:1.0.0-0ubuntu9.1
Ubuntu 6.10 - Upgrade to libx11-6 2:1.0.3-0ubuntu4.1

References

http://www.frsirt.com/english/advisories/2007/1472
http://www.ubuntu.com/usn/usn-453-1

Collapse -
SuSE Security Update Fixes ClamAV Code Execution and Denial
by Marianna Schmudlach / April 20, 2007 12:49 AM PDT

SuSE Security Update Fixes ClamAV Code Execution and Denial of Service Issues

Advisory ID : FrSIRT/ADV-2007-1471
CVE ID : CVE-2007-1745 - CVE-2007-1997
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-20
Technical Description

Multiple vulnerabilities have been identified in SuSE, which could be exploited by remote attackers or malware to execute arbitrary code or cause a denial of service. These issues are caused by errors in ClamAV. For additional information, see : FrSIRT/ADV-2007-1378

Affected Products

Novell Linux POS 9
Open Enterprise Server
SUSE Linux Enterprise Server 9
SUSE SLES 10

Solution

Upgrade the affected packages :
http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html

References

http://www.frsirt.com/english/advisories/2007/1471
http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html

Collapse -
Nortel VPN Router Default User Accounts and Missing Authenti
by Marianna Schmudlach / April 20, 2007 1:00 AM PDT

TITLE:
Nortel VPN Router Default User Accounts and Missing Authentication
Checks

SECUNIA ADVISORY ID:
SA24962

VERIFY ADVISORY:
http://secunia.com/advisories/24962/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Manipulation of data

WHERE:
From remote

OPERATING SYSTEM:
Nortel Contivity VPN Switches
http://secunia.com/product/2425/
Nortel VPN Routers
http://secunia.com/product/2426/

DESCRIPTION:
A vulnerability and a security issue have been reported in Nortel VPN
Routers, which can be exploited by malicious people to bypass certain
security restrictions or manipulate certain data.

1) Two default user accounts ("FIPSecryptedtest1219" and
"FIPSunecryptedtest1219") are configured on the VPN Router, which are
not readily visible to the system manager. These can be exploited to
gain unauthorized access to the private network.

2) Missing authentication checks within two template files of the web
management tool can be exploited to e.g. modify certain router
configurations.

An issue regarding same DES keys used to encrypt user's passwords has
also been reported, which can facilitate brute-force attacks on user's
passwords if the attacker were to gain access to the LDAP store.

The vulnerability and security issue reportedly affect the following
products:
* Contivity 1000 VPN Switch
* Contivity 2000 VPN Switch
* Contivity 4000 VPN Switch
* VPN Router 5000
*VPN Router Portfolio

SOLUTION:
Update to versions 6_05.140, 5_05.304, or 5_05.149.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Detack GmbH.

ORIGINAL ADVISORY:
Nortel:
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null

Collapse -
Red Hat Stronghold update for php
by Marianna Schmudlach / April 20, 2007 1:01 AM PDT

TITLE:
Red Hat Stronghold update for php

SECUNIA ADVISORY ID:
SA24941

VERIFY ADVISORY:
http://secunia.com/advisories/24941/

CRITICAL:
Moderately critical

IMPACT:
System access, DoS, Security Bypass

WHERE:
From remote

SOFTWARE:
Red Hat Stronghold 4 for Enterprise Linux
http://secunia.com/product/1456/

DESCRIPTION:
Red Hat has issued an update for php. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions or by malicious people to
potentially compromise a vulnerable system.

For more information:
SA24089
SA24440

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0163.html

OTHER REFERENCES:
SA24089:
http://secunia.com/advisories/24089/

SA24440:
http://secunia.com/advisories/24440/

Collapse -
Mac OS X Security Update Fixes Multiple Vulnerabilities
by Marianna Schmudlach / April 20, 2007 7:42 AM PDT

TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24966

VERIFY ADVISORY:
http://secunia.com/advisories/24966/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Manipulation of data, Exposure of sensitive
information, Privilege escalation, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

1) An error in the AFP Client can be exploited by malicious, local
users to create files or execute commands with system privileges.

2) A boundary error exists in the AirPortDriver module, which can be
exploited by malicious, local users to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code with
escalated privileges.

NOTE: This does not affect systems with the AirPort Extreme card.

3) An error in the CoreServices daemon can be exploited by malicious,
local users to obtain a send right to its Mach task port.

Successful exploitation may allow execution of arbitrary code with
escalated privileges.

4) An error in fsck can be exploited to cause memory corruption via a
specially crafted UFS file system.

Successful exploitation may allow execution of arbitrary code, when a
malicious UFS file system is opened.

5) An error in fetchmail can be exploited by malicious people to gain
knowledge of sensitive information.

For more information:
SA23631

6) An error in lukemftpd within the handling of commands with
globbing characters can be exploited by malicious users to cause a
buffer overflow.

Successful exploitation may allow execution of arbitrary code.

7) A boundary error in GNU Tar can be exploited by malicious people
to cause a DoS (Denial of Service) or to compromise a user's system.

For more information:
SA18973

Cool A format string error in the Help Viewer application can be
exploited by malicious people to execute arbitrary code.

Successful exploitation requires that a user is tricked into
downloading and opening a help file with a specially crafted name.

9) An error in the IOKit HID interface can be exploited by malicious,
local users to capture console keystrokes from other users.

NOTE: This fix was originally distributed via the Mac OS X v10.4.9
update. However, due to a packaging issue it may not have been
delivered to all systems.

10) A format string error in the Installer application can be
exploited by malicious people to execute arbitrary code.

Successful exploitation requires that a user is tricked into
downloading and opening an installer package with a specially crafted
name.

11) An error in Kerberos can be exploited by malicious people to
cause an DoS (Denial of Service) or to compromise a vulnerable
system.

For more information:
SA23696

12) Some errors in Kerberos can be exploited by malicious users to
cause a DoS or to compromise a vulnerable system.

For more information see vulnerabilities #2 and #3 in:
SA24740

13) An error in Libinfo can cause a previously deallocated object to
be accessed when a specially crafted web page is viewed.

Successful exploitation may allow execution of arbitrary code.

14) An integer overflow exists in the RPC library. This can be
exploited by malicious people to cause a DoS or to execute arbitrary
code as the user "daemon" by sending a specially crafted packet to
the portmap service.

15) An error in Login Window in the processing of environment
variables can be exploited by malicious, local users to execute
arbitrary code with system privileges.

16) Under certain conditions it is possible to bypass the screen
saver authentication dialog.

17) Under certain conditions it is possible for a person with
physical access to the system to log in without authentication when
the software update window appears beneath the Login Window.

18) An error in natd within the handling of RTSP packets can be
exploited by malicious people to cause a buffer overflow by sending a
specially crafted packet to an affected system.

Successful exploitation may allow execution of arbitrary code, but
requires that Internet Sharing is enabled.

19) An error in SMB can be exploited by malicious, local users to
create files or execute commands with system privileges.

20) A weakness in the System Configuration can be exploited by
malicious, local users to gain escalated privileges.

For more information:
SA23793

21) The username and password used to mount remote file systems via
SMB are passed to the mount_smb command as command line arguments.
This can be exploited by malicious, local users to gain knowledge of
other users' credentials.

22) An error in the VideoConference framework can be exploited by
malicious people to cause a heap-based buffer overflow by sending a
specially crafted SIP packet when initialising a conference.

Successful exploitation may allow execution of arbitrary code.

23) An error in the load_webdav program when mounting a WebDAV
filesystem can be exploited by malicious, local users to create files
or to execute commands with system privileges.

24) An error in WebFoundation allows cookies set by subdomains to be
accessible to the parent domain.

NOTE: This does not affect systems running Mac OS X v10.4.

SOLUTION:
Apply Security Update 2007-004.

Security Update 2007-004 (Universal):
http://www.apple.com/support/downloads/securityupdate2007004universal.html

Security Update 2007-004 (PPC):
http://www.apple.com/support/downloads/securityupdate2007004ppc.html

Security Update 2007-004 (10.3.9 Client):
http://www.apple.com/support/downloads/securityupdate20070041039client.html

Security Update 2007-004 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070041039server.html

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:

6) Kevin Finisterre, DigitalMunition
Cool KF and LMH
9) Andrew Garber of University of Victoria, Alex Harper, and Michael
Evans
10) LMH
13) Landon Fuller of Three Rings Design
14) Mu Security Research Team
21) Daniel Ball of Pittsburgh Technical Institute, Geoff Franks of
Hauptman Woodward Medical Research Institute, and Jamie Cox of Sophos
Plc
24) Bradley Schwoerer of University of Wisconsin-Madison

ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305391

MoAB:
Coolhttp://projects.info-pull.com/moab/MOAB-30-01-2007.html
10) http://projects.info-pull.com/moab/MOAB-26-01-2007.html

OTHER REFERENCES:
SA18973:
http://secunia.com/advisories/18973/

SA23631:
http://secunia.com/advisories/23631/

SA23696:
http://secunia.com/advisories/23696/

SA23793:
http://secunia.com/advisories/23793/

SA24740:
http://secunia.com/advisories/24740/

US-CERT VU#312424:
http://www.kb.cert.org/vuls/id/312424

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?