Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - December 4, 2006

TITLE:
Sun Java System Server Products HTTP Request Smuggling

SECUNIA ADVISORY ID:
SA23186

VERIFY ADVISORY:
http://secunia.com/advisories/23186/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data

WHERE:
From remote

SOFTWARE:
Sun Java System Web Server (Sun ONE/iPlanet) 6.x
http://secunia.com/product/92/
Sun Java System Web Proxy Server 3.x
http://secunia.com/product/2880/
Sun Java System Application Server 8.x
http://secunia.com/product/3509/
Sun Java System Application Server (Sun ONE) 7.x
http://secunia.com/product/1534/
Sun Java System Web Proxy Server 4.x
http://secunia.com/product/12788/

DESCRIPTION:
Sun has acknowledged a vulnerability in various Sun Java System
Server products, which can be exploited by malicious people to
conduct HTTP request smuggling attacks.

The vulnerability is caused due to an unspecified error within the
handling of HTTP requests when using Sun Java System Proxy Server in
conjunction with the Sun Java System Web Server or the Sun Java
System Application Server.

Successful exploitation allows poisoning of the web proxy cache,
bypass of certain web application firewall protections, or cross-site
scripting attacks.

SOLUTION:
Apply service packs and patches.

-- SPARC Platform --

* Sun Java System Proxy Server 3.6 Service Pack 8 or later
* Sun Java System Proxy Server 4.0 Service Pack 1 or later
* Sun Java System Web Server 6.0 Service Pack 10 or later
* Sun Java System Web Server 6.1 2005Q1 Service Pack 5 or later
* Sun ONE Application Server 7 Update 8 or later
* Sun Java System Application Server 7 2004Q2 Update 4 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
with (file-based) patch 119169-02 or (SVR4) patch 119166-09 or later
* Sun Java System Application Server Platform Edition 8.1 2005 Q1
with (file-based) patch 119173-01 or later

-- x86 Platform --

* Sun Java System Application Server Platform Edition 8.1 2005 Q1
with (file-based) patch 119174-01 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
with (file-based) patch 119170-02 or (SVR4) patch 119167-09 or later

-- Linux Platform --

* Sun Java System Application Server Platform Edition 8.1 2005 Q1
with (file-based) patch 119175-01 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
with (file-based) patch 119171-02 or (Pkg) patch 119168-09 or later

-- Windows Platform --

* Sun Java System Application Server Platform Edition 8.1 2005 Q1
with (file based) patch 119176-01 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
with (file based) patch 119172-07 or (native) patch 121528-01

Sun Java System Proxy Server 3.6 Service Pack 8 or later is available
at:

http://www.sun.com/download/products.xml?id=42fa5c49

Sun Java System Proxy Server 4.0 Service Pack 1 or later is available
at:

http://www.sun.com/download/products.xml?id=4384b5dd

Sun Java System Web Server 6.0 Service Pack 10 or later is available
at:

http://www.sun.com/download/products.xml?id=43a84f89

Sun Java System Web Server 6.1 2005Q1 Service Pack 5 or later is
available at:

http://www.sun.com/download/products.xml?id=434aec1d

http://www.sun.com/download/products.xml?id=43c43041 (International
Edition)

Sun ONE Application Server 7 Update 8 or later is available at:

http://www.sun.com/download/products.xml?id=438cfb75 (Platform
Edition)

http://www.sun.com/download/products.xml?id=438cf33d (Standard
Edition)

Sun Java System Application Server 7 2004Q2 Update 4 or later is
available at:

http://www.sun.com/download/products.xml?id=4331ff42 (Standard
Edition)

http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId=SJAS72004Q2U4-EE-OTH-G-ES
(Enterprise Edition)

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1

Discussion is locked
You are posting a reply to: VULNERABILITIES - December 4, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - December 4, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft Windows Print Spooler Denial of Service Vulnerabil

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Microsoft Windows Print Spooler Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA23196

VERIFY ADVISORY:
http://secunia.com/advisories/23196/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/

DESCRIPTION:
h07 has discovered a vulnerability in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the handling of
"RpcGetPrinterData()" RPC requests within the Print Spooler service
(spoolsv.exe). This can be exploited to consume almost all available
memory via a specially crafted packet, which may result in a system
crash.

The vulnerability is confirmed on a fully patched Windows 2000 SP4
system. Other versions may also be affected.

SOLUTION:
Restrict access to the service or disable the Print Spooler service.

PROVIDED AND/OR DISCOVERED BY:
h07

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2879

Collapse -
Debian update for mozilla-thunderbird

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Debian update for mozilla-thunderbird

SECUNIA ADVISORY ID:
SA23235

VERIFY ADVISORY:
http://secunia.com/advisories/23235/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Cross Site Scripting, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/

DESCRIPTION:
Debian has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

For more information:
SA22770

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.us.debian.org/security/2006/dsa-1227

OTHER REFERENCES:
SA22770:
http://secunia.com/advisories/22770/

Collapse -
Debian update for mozilla-firefox

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Debian update for mozilla-firefox

SECUNIA ADVISORY ID:
SA23202

VERIFY ADVISORY:
http://secunia.com/advisories/23202/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/

DESCRIPTION:
Debian has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

For more information:
SA22722

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.us.debian.org/security/2006/dsa-1225

OTHER REFERENCES:
SA22722:
http://secunia.com/advisories/22722/

Collapse -
Slackware update for tar

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Slackware update for tar

SECUNIA ADVISORY ID:
SA23209

VERIFY ADVISORY:
http://secunia.com/advisories/23209/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

OPERATING SYSTEM:
Slackware Linux 10.0
http://secunia.com/product/4368/
Slackware Linux 8.x
http://secunia.com/product/146/
Slackware Linux 9.0
http://secunia.com/product/1336/
Slackware Linux 9.1
http://secunia.com/product/2265/

DESCRIPTION:
Slackware has issued an update for tar. This fixes a security issue,
which can be exploited by malicious people to overwrite arbitrary
files.

For more information:
SA23115

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379

OTHER REFERENCES:
SA23115:
http://secunia.com/advisories/23115/

Collapse -
Mandriva update for ImageMagick

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Mandriva update for ImageMagick

SECUNIA ADVISORY ID:
SA23219

VERIFY ADVISORY:
http://secunia.com/advisories/23219/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2006
http://secunia.com/product/9020/

DESCRIPTION:
Mandriva has issued an update for ImageMagick. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

For more information:
SA21462

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2006:223

OTHER REFERENCES:
SA21462:
http://secunia.com/advisories/21462/

Collapse -
SquirrelMail Multiple Cross-Site Scripting Vulnerabilities

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
SquirrelMail Multiple Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA23195

VERIFY ADVISORY:
http://secunia.com/advisories/23195/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
SquirrelMail 1.x
http://secunia.com/product/288/

DESCRIPTION:
Some vulnerabilities have been reported in SquirrelMail, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.

1) Input passed to certain parameters in webmail.php and compose.php
in the "draft", "compose", and "mailto" functionality is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

2) Input validation errors exist in the magicHTML filter when
sanitising HTML mails. This can be exploited to insert arbitrary HTML
and script code, which is executed in a user's browser session in
context of an affected site when the malicious data is viewed.

Successful exploitation of some of these errors require that the
target user runs Microsoft Internet Explorer.

The vulnerabilities are reported in versions before 1.4.9a.

SOLUTION:
Update to version 1.4.9a.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Martijn Brinkers

ORIGINAL ADVISORY:
http://squirrelmail.org/security/issue/2006-12-02
http://sourceforge.net/project/shownotes.php?release_id=468482

Collapse -
Mandriva update for koffice

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Mandriva update for koffice

SECUNIA ADVISORY ID:
SA23220

VERIFY ADVISORY:
http://secunia.com/advisories/23220/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/

DESCRIPTION:
Mandriva has issued an update for koffice. This fixes a
vulnerability, which can be exploited by malicious people to
potentially compromise a user's system.

For more information:
SA23143

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2006:222

OTHER REFERENCES:
SA23143:
http://secunia.com/advisories/23143/

Collapse -
Slackware update for libpng

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Slackware update for libpng

SECUNIA ADVISORY ID:
SA23208

VERIFY ADVISORY:
http://secunia.com/advisories/23208/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Slackware Linux 8.x
http://secunia.com/product/146/
Slackware Linux 9.0
http://secunia.com/product/1336/
Slackware Linux 9.1
http://secunia.com/product/2265/
Slackware Linux 10.0
http://secunia.com/product/4368/

DESCRIPTION:
Slackware has issued an update for libpng. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

For more information:
SA22900

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.465035

OTHER REFERENCES:
SA22900:
http://secunia.com/advisories/22900/

Collapse -
Debian update for mozilla

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Debian update for mozilla

SECUNIA ADVISORY ID:
SA23197

VERIFY ADVISORY:
http://secunia.com/advisories/23197/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/

DESCRIPTION:
Debian has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

For more information:
SA22722

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.us.debian.org/security/2006/dsa-1224

OTHER REFERENCES:
SA22722:
http://secunia.com/advisories/22722/

Collapse -
Debian update for tar

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Debian update for tar

SECUNIA ADVISORY ID:
SA23163

VERIFY ADVISORY:
http://secunia.com/advisories/23163/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/

DESCRIPTION:
Debian has issued an update for tar. This fixes a security issue,
which can be exploited by malicious people to overwrite arbitrary
files.

For more information:
SA23115

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.us.debian.org/security/2006/dsa-1223

OTHER REFERENCES:
SA23115:
http://secunia.com/advisories/23115/

Collapse -
Novell Client for Windows "SRVLOC.SYS" Component Denial of

In reply to: VULNERABILITIES - December 4, 2006

Novell Client for Windows "SRVLOC.SYS" Component Denial of Service Vulnerability


Advisory ID : FrSIRT/ADV-2006-4840
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-04

A vulnerability has been identified in Novell Client for Windows, which could be exploited by attackers to cause a denial of service. This flaw is due to an error in the "srvloc.sys" component that does not properly handle malformed requests sent to port 427, which could be exploited by attackers to cause a vulnerable application to crash, creating a denial of service condition.

Affected Products

Novell Client for Windows version 4.91 Support Pack 2 and prior

Solution

Upgrade to Novell Client for Windows version 4.91 SP3 :
http://download.novell.com/index.jsp

References

http://www.frsirt.com/english/advisories/2006/4840
https://secure-support.novell.com/KanisaPlatform/Publishing/859/3480790_f.SAL_Public.html

Credits

Vulnerability reported by Tyler Krpata

Collapse -
Debian Security Update Fixes Links SMB Protocol File Manipul

In reply to: VULNERABILITIES - December 4, 2006

Debian Security Update Fixes Links SMB Protocol File Manipulation Vulnerability

Advisory ID : FrSIRT/ADV-2006-4833
CVE ID : CVE-2006-5925
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-04

Debian has released updated packages to address a vulnerability identified in links. This flaw could be exploited by remote attackers to download, overwrite, or upload arbitrary files by tricking a user into visiting a specially crafted web page. For additional information, see : FrSIRT/ADV-2006-4554

Affected Products

Debian GNU/Linux stable (sarge)
Debian GNU/Linux unstable (sid)
Debian GNU/Linux testing (etch)

Solution

Debian GNU/Linux stable (sarge) - Upgrade to version 0.99+1.00pre12-1sarge1
Debian GNU/Linux unstable (sid) - Upgrade to version 0.99+1.00pre12-1.1
Debian GNU/Linux testing (etch) - Upgrade to version 0.99+1.00pre12-1.1

References

http://www.frsirt.com/english/advisories/2006/4833
http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00327.html

Collapse -
SUSE update for mono

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
SUSE update for mono

SECUNIA ADVISORY ID:
SA23213

VERIFY ADVISORY:
http://secunia.com/advisories/23213/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
SUSE Linux 10.1
http://secunia.com/product/10796/
SUSE Linux 10
http://secunia.com/product/6221/
SUSE Linux 9.3
http://secunia.com/product/4933/
SUSE Linux Enterprise Server 10
http://secunia.com/product/12192/

SOFTWARE:
Novell Open Enterprise Server
http://secunia.com/product/4664/

DESCRIPTION:
SUSE has issued an update for mono. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
with escalated privileges.

For more information:
SA22237

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0001.html

OTHER REFERENCES:
SA22237:
http://secunia.com/advisories/22237/

Collapse -
Slackware update for proftpd

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Slackware update for proftpd

SECUNIA ADVISORY ID:
SA23207

VERIFY ADVISORY:
http://secunia.com/advisories/23207/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Slackware Linux 10.0
http://secunia.com/product/4368/
Slackware Linux 8.x
http://secunia.com/product/146/
Slackware Linux 9.0
http://secunia.com/product/1336/
Slackware Linux 9.1
http://secunia.com/product/2265/

DESCRIPTION:
Slackware has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious users and
malicious people to potentially compromise a vulnerable system.

For more information:
SA22803
SA23141

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491

OTHER REFERENCES:
SA22803:
http://secunia.com/advisories/22803/

SA23141:
http://secunia.com/advisories/23141/

Collapse -
Novell ZENworks Asset Management Buffer Overflow Vulnerabili

In reply to: VULNERABILITIES - December 4, 2006

TITLE:
Novell ZENworks Asset Management Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA23157

VERIFY ADVISORY:
http://secunia.com/advisories/23157/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From local network

SOFTWARE:
Novell ZENWorks Asset Management 7.x
http://secunia.com/product/12791/

DESCRIPTION:
Eric Detoisien has reported a vulnerability in Novell ZENWorks Asset
Management, which potentially can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is cause due to an integer overflow error within
the MSG.DLL component and can be exploited to cause a heap-based
buffer overflow by sending specially crafted packets to the Task
Server, Collection Server, and Collection Client daemons.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 7.0 SP1. Other versions may
also be affected.

SOLUTION:
Update to SP1 IR11:
http://support.novell.com/servlet/filedownload/sec/pub/zam700sp1ir11.exe

PROVIDED AND/OR DISCOVERED BY:
Eric Detoisien

ORIGINAL ADVISORY:
Novell:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974824.htm

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=447
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=448

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.