Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - December 5, 2006

TITLE:
IBM Tivoli Storage Manager Buffer Overflow Vulnerabilities

SECUNIA ADVISORY ID:
SA23177

VERIFY ADVISORY:
http://secunia.com/advisories/23177/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From local network

SOFTWARE:
IBM Tivoli Storage Manager 5.x
http://secunia.com/product/12799/

DESCRIPTION:
TippingPoint Security Research Team has reported some vulnerabilities
in Tivoli Storage Manager, which can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.

SOLUTION:
Apply vendor patch.

PROVIDED AND/OR DISCOVERED BY:
TippingPoint Security Research Team

ORIGINAL ADVISORY:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21250261

TippingPoint:
http://www.tippingpoint.com/security/advisories/TSRT-06-14.html

Discussion is locked
You are posting a reply to: VULNERABILITIES - December 5, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - December 5, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Ubuntu update for xine-lib

In reply to: VULNERABILITIES - December 5, 2006

TITLE:
Ubuntu update for xine-lib

SECUNIA ADVISORY ID:
SA23249

VERIFY ADVISORY:
http://secunia.com/advisories/23249/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 5.10
http://secunia.com/product/6606/
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 6.10
http://secunia.com/product/12470/

DESCRIPTION:
Ubuntu has issued an update for xine-lib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

For more information:
SA23218

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-392-1

OTHER REFERENCES:
SA23218:
http://secunia.com/advisories/23218/

Collapse -
Ubuntu update for libgsf

In reply to: VULNERABILITIES - December 5, 2006

TITLE:
Ubuntu update for libgsf

SECUNIA ADVISORY ID:
SA23227

VERIFY ADVISORY:
http://secunia.com/advisories/23227/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 5.10
http://secunia.com/product/6606/
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 6.06
http://secunia.com/product/10611/

DESCRIPTION:
Ubuntu has issued an update for libgsf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise
an application using the library.

For more information:
SA23164

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-391-1

OTHER REFERENCES:
SA23164:
http://secunia.com/advisories/23164/

Collapse -
Debian update for links

In reply to: VULNERABILITIES - December 5, 2006

TITLE:
Debian update for links

SECUNIA ADVISORY ID:
SA23188

VERIFY ADVISORY:
http://secunia.com/advisories/23188/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, Exposure of system information, Exposure of
sensitive information

WHERE:
From local network

OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/

DESCRIPTION:
Debian has issued an update for links. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.

For more information:
SA22905

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00327.html

OTHER REFERENCES:
SA22905:
http://secunia.com/advisories/22905/

Collapse -
Google Search Appliances UTF-7 Cross-Site Scripting

In reply to: VULNERABILITIES - December 5, 2006

TITLE:
Google Search Appliances UTF-7 Cross-Site Scripting

SECUNIA ADVISORY ID:
SA23239

VERIFY ADVISORY:
http://secunia.com/advisories/23239/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

OPERATING SYSTEM:
Google Search Appliance
http://secunia.com/product/11157/
Google Mini Search Appliance
http://secunia.com/product/6166/

DESCRIPTION:
maluc has reported a vulnerability in Google Mini Search Appliance
and Google Search Appliance, which can be exploited by malicious
people to conduct cross-site scripting attacks.

The vulnerability is caused due to an error within the handling of
UTF-7 encoded URIs. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

SOLUTION:
Filter malicious characters and character sequences in a proxy.

PROVIDED AND/OR DISCOVERED BY:
maluc

ORIGINAL ADVISORY:
http://sla.ckers.org/forum/read.php?3,3109

Collapse -
Mac OS X ftpd Buffer Overflow Vulnerability

In reply to: VULNERABILITIES - December 5, 2006

TITLE:
Mac OS X ftpd Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA23178

VERIFY ADVISORY:
http://secunia.com/advisories/23178/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
kcope has reported a vulnerability in Mac OS X, which potentially can
be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in ftpd when
handling commands with globbing characters (e.g. "*") and can be
exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in Mac OS X 10.3.9 and 10.4.8. Other
versions may also be affected.

SOLUTION:
Grant only trusted users access to the service.

PROVIDED AND/OR DISCOVERED BY:
kcope

Collapse -
Trend Micro OfficeScan "Wizard" and "CgiRemoteInstall" Buffe

In reply to: VULNERABILITIES - December 5, 2006

Trend Micro OfficeScan "Wizard" and "CgiRemoteInstall" Buffer Overflow Vulnerabilities


Advisory ID : FrSIRT/ADV-2006-4852
CVE ID : CVE-2006-6179 - CVE-2006-6180
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-05

Multiple vulnerabilities have been identified in Trend Micro OfficeScan, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are due to buffer overflow errors in the "PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe" and "PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe" components when processing malformed arguments, which could be exploited by remote attackers to execute arbitrary commands on a vulnerable OfficeScan server.

Affected Products

Trend Micro OfficeScan version 6.5 and prior
Trend Micro OfficeScan version 7.3 and prior

Solution

Patch for OfficeScan 6.5 :
http://www.trendmicro.com/ftp/products/patches/OSCE_6.5_win_en_patch8.exe

Patch for OfficeScan 7.3 :
http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_patch1.1.exe

References

http://www.frsirt.com/english/advisories/2006/4852
http://www.trendmicro.com/ftp/documentation/readme/osce_73_win_en_patch1.1_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_6.5_win_en_patch8_Readme.txt

Credits

Vulnerabilities reported by the vendor

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.