Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - February 1, 2007

Outlook Express MHTML URI Handler Information Disclosure Vulnerability

Bugtraq ID: 17717
Class: Origin Validation Error
CVE: CVE-2006-2111


This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's browser. Attackers could exploit this issue to gain access to sensitive information (such as cookies or passwords) that is associated with the external domain.

This issue was previously reported as an Internet Explorer vulnerability, but the affected component is found to be part of Outlook Express. Microsoft confirmed that this is an Outlook Express vulnerability that can also be exploited through Internet Explorer.

Updated: Feb 01 2007 04:28AM
Credit: codedreamer is credited with the discovery of this vulnerability. Secunia determined that this vulnerability affects Internet Explorer 7.

http://www.securityfocus.com/bid/17717/info

Discussion is locked
You are posting a reply to: VULNERABILITIES - February 1, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - February 1, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulner

In reply to: VULNERABILITIES - February 1, 2007

Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
Bugtraq ID: 21668
Class: Unknown


The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

Updated: Feb 01 2007 04:28AM
Credit: moz_bug_r_a4, Jared Breland, Steven Michaud, shutdown, Frederik Reiss, Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay, Igor Bukanov, Vladimir Vukicevic, Keith Victor, and additional researchers who wish to remain anonymous are cr

http://www.securityfocus.com/bid/21668/info

Collapse -
Note: Sea Monkey Ver. 1.1 Has Been Released...

In reply to: Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulner

Collapse -
Computer Associates BrightStor ARCServe BackUp LGServer Remo

In reply to: VULNERABILITIES - February 1, 2007

Computer Associates BrightStor ARCServe BackUp LGServer Remote Heap Buffer Overflow Vulnerability


Bugtraq ID: 22340
Class: Boundary Condition Error

A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.

Note that only applications on the Windows operating system are affected.

Credit: Mark Litchfield of NGS Software Insight Security Research is credited with the discovery of this issue.
Vulnerable: Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.0
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1 SP1

http://www.securityfocus.com/bid/22340/info

Collapse -
Microsoft Windows Mobile Multiple Remote Denial of Service V

In reply to: VULNERABILITIES - February 1, 2007

Microsoft Windows Mobile Multiple Remote Denial of Service Vulnerabilities

Bugtraq ID: 22343
Class: Failure to Handle Exceptional Conditions

Microsoft Windows Mobile is prone to two remote denial-of-service vulnerabilities because the software fails to properly handle malformed remote data.

Successfully exploiting these issues may allow an attacker to hang or crash the application, denying service to legitimate users.

Updated: Feb 01 2007 03:28AM
Credit: Trend Micro is credited with the discovery of these issues.
Vulnerable: Microsoft Windows Mobile Smartphone
Microsoft Windows Mobile for Pocket PC Phone 2003
Microsoft Windows Mobile 2003 SE 0
Microsoft Windows Mobile 5.0
Microsoft Windows Mobile 2003

http://www.securityfocus.com/bid/22343/info

Collapse -
Red Hat update for squirrelmail

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Red Hat update for squirrelmail

SECUNIA ADVISORY ID:
SA24004

VERIFY ADVISORY:
http://secunia.com/advisories/24004/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/

DESCRIPTION:
Red Hat has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting and script insertion attacks.

For more information:
SA23195

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0022.html

OTHER REFERENCES:
SA23195:
http://secunia.com/advisories/23195/

Collapse -
Red Hat update for fetchmail

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Red Hat update for fetchmail

SECUNIA ADVISORY ID:
SA24007

VERIFY ADVISORY:
http://secunia.com/advisories/24007/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information, DoS

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/

DESCRIPTION:
Red Hat has issued an update for fetchmail. This fixes a
vulnerability and a security issue, which can be exploited by
malicious people to gain knowledge of sensitive information and cause
a DoS (Denial of Service).

For more information:
SA17891
SA23631

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0018.html

OTHER REFERENCES:
SA17891:
http://secunia.com/advisories/17891/

SA23631:
http://secunia.com/advisories/23631/

Collapse -
Gentoo update for thttpd

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Gentoo update for thttpd

SECUNIA ADVISORY ID:
SA24018

VERIFY ADVISORY:
http://secunia.com/advisories/24018/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has acknowledged a security issue in the www-servers/thttpd
package, which can be exploited by malicious people to disclose
potentially sensitive information.

The security issue is caused due to an error within the start-stop
daemon in combination with new Gentoo baselayouts (version 1.12.6),
which causes the thttpd to start with the document root being set to
the system root "/".

SOLUTION:
Update to "www-servers/thttpd-2.25b-r5" or later.

PROVIDED AND/OR DISCOVERED BY:
Laurence Withers

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml

Collapse -
Wireshark Multiple Denial of Service Vulnerabilities

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Wireshark Multiple Denial of Service Vulnerabilities

SECUNIA ADVISORY ID:
SA24016

VERIFY ADVISORY:
http://secunia.com/advisories/24016/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Wireshark (formerly Ethereal) 0.x
http://secunia.com/product/1228/

DESCRIPTION:
Some vulnerabilities have been reported in Wireshark, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Errors within the TCP, HTTP, IEEE 802.11, and LLT parsers can be
exploited to cause a crash or consume large amounts of memory when
parsing a specially crafted packet that is either captured off the
wire or loaded via a capture file.

The vulnerabilities are reported in various versions prior to 0.99.5.

SOLUTION:
Update to version 0.99.5.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.wireshark.org/security/wnpa-sec-2007-01.html

Collapse -
Debian update for libgtop2

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Debian update for libgtop2

SECUNIA ADVISORY ID:
SA24015

VERIFY ADVISORY:
http://secunia.com/advisories/24015/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/

DESCRIPTION:
Debian has issued an update for libgtop2. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

For more information:
SA23736

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.debian.org/security/2007/dsa-1255

OTHER REFERENCES:
SA23736:
http://secunia.com/advisories/23736/

Collapse -
Gentoo update for elinks

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Gentoo update for elinks

SECUNIA ADVISORY ID:
SA24005

VERIFY ADVISORY:
http://secunia.com/advisories/24005/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, Exposure of system information, Exposure of
sensitive information

WHERE:
From local network

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for elinks. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.

For more information:
SA22920

SOLUTION:
Update to "www-client/elinks-0.11.2" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml

OTHER REFERENCES:
SA22920:
http://secunia.com/advisories/22920/

Collapse -
Fedora update for bind

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Fedora update for bind

SECUNIA ADVISORY ID:
SA24014

VERIFY ADVISORY:
http://secunia.com/advisories/24014/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for bind. This fixes some
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service).

For more information:
SA23904

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2537

OTHER REFERENCES:
SA23904:
http://secunia.com/advisories/23904/

Collapse -
Phpbb Tweaked "phpbb_root_path" File Inclusion

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Phpbb Tweaked "phpbb_root_path" File Inclusion

SECUNIA ADVISORY ID:
SA24001

VERIFY ADVISORY:
http://secunia.com/advisories/24001/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Phpbb Tweaked
http://secunia.com/product/13398/

DESCRIPTION:
xoron has discovered a vulnerability in Phpbb Tweaked, which can be
exploited by malicious people to compromise vulnerable systems.

Input passed to the "phpbb_root_path" parameter in
includes/functions.php is not properly verified before being used to
include files. This can be exploited to include arbitrary files from
local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in version 3. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
xoron

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/3235

Collapse -
Debian update for gtk+2.0

In reply to: VULNERABILITIES - February 1, 2007

TITLE:
Debian update for gtk+2.0

SECUNIA ADVISORY ID:
SA24006

VERIFY ADVISORY:
http://secunia.com/advisories/24006/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/

DESCRIPTION:
Debian has issued an update for gtk+2.0. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA23884

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00011.html

OTHER REFERENCES:
SA23884:
http://secunia.com/advisories/23884/

Collapse -
JV2 Folder Gallery "galleryfilesdir" File Inclusion Vulnerab

In reply to: VULNERABILITIES - February 1, 2007

JV2 Folder Gallery "galleryfilesdir" File Inclusion Vulnerability

Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: JV2 Folder Gallery 3.x

Description:
ThE dE@Th has reported a vulnerability in JV2 Folder Gallery, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "galleryfilesdir" parameter in gallery/theme/include_mode/template.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in version 3.0.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is



Provided and/or discovered by:
ThE dE@Th

Original Advisory:
http://milw0rm.com/exploits/3240

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!