Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - February 24, 2007

by Marianna Schmudlach / February 23, 2007 2:48 PM PST

Updated spamassassin packages fix DoS vulnerability Feb 23 2007

A bug in the way that SpamAssassin processes HTML emails containing
URIs was discovered in versions 3.1.x. A carefully crafted mail
message could make SpamAssassin consume significant amounts of CPU
resources that could delay or prevent the delivery of mail if a
number of these messages were sent at once.

SpamAssassin has been upgraded to version 3.1.8 to correct this
problem, and other upstream bugs. In addition, an invalid path setting
in local.cf for the auto_whitelist_path has been fixed for Mandriva
2007.0.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451
http://qa.mandriva.com/show_bug.cgi?id=27424


To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

Discussion is locked
You are posting a reply to: VULNERABILITIES - February 24, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - February 24, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Network Security Services SSLv2 Processing Buffer Overflows
by Marianna Schmudlach / February 24, 2007 6:34 AM PST

SECUNIA ADVISORY ID:
SA24253

VERIFY ADVISORY:
http://secunia.com/advisories/24253/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Network Security Services (NSS) 3.x
http://secunia.com/product/3173/

DESCRIPTION:
Two vulnerabilities have been reported in Network Security Services
(NSS), which potentially can be exploited by malicious people to
compromise a vulnerable system.

1) An integer underflow error when processing SSLv2 server messages
can be exploited to cause a heap-based buffer overflow via a
certificate with a public key too small to encrypt the "Master
Secret".

2) An integer underflow error when processing SSLv2 client master
keys can be exploited to cause a stack-based buffer overflow via
specially crafted parameters during an SSLv2 handshake.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.

The vulnerabilities are reported in versions 3.10 and 3.11.3. Other
versions may also be affected.

SOLUTION:
The vulnerabilities will be fixed in version 3.11.5.

PROVIDED AND/OR DISCOVERED BY:
Discovered by regenrecht and reported via iDefense Labs.

ORIGINAL ADVISORY:
Mozilla Foundation:
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483

Collapse -
Mozilla Thunderbird Multiple Vulnerabilities
by Marianna Schmudlach / February 24, 2007 6:35 AM PST

TITLE:
Mozilla Thunderbird Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24252

VERIFY ADVISORY:
http://secunia.com/advisories/24252/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Mozilla Thunderbird 1.5.x
http://secunia.com/product/4652/

DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Thunderbird, which
potentially can be exploited by malicious people to compromise a
user's system.

See vulnerabilities #2 and #9 for more information:
SA24205

SOLUTION:
The vulnerabilities will be fixed in version 1.5.0.10.

OTHER REFERENCES:
SA24205:
http://secunia.com/advisories/24205/

Collapse -
Mozilla Firefox Multiple Vulnerabilities
by Marianna Schmudlach / February 24, 2007 6:37 AM PST

TITLE:
Mozilla Firefox Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24205

VERIFY ADVISORY:
http://secunia.com/advisories/24205/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, System access

WHERE:
From remote

SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/product/4227/
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/

DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla Firefox, which
can be exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting and spoofing attacks, gain
knowledge of sensitive information, and potentially compromise a
user's system.

1) An error in the handling of the "locations.hostname" DOM property
can be exploited to bypass certain security restrictions.

For more information:
SA24175

2) An integer underflow error in the Network Security Services (NSS)
code when processing SSLv2 server messages can be exploited to cause
a heap-based buffer overflow via a certificate with a public key too
small to encrypt the "Master Secret".

Successful exploitation may allow execution of arbitrary code.

NOTE: Support for SSLv2 is disabled in Firefox 2.x. This version is
only vulnerable if user has modified hidden internal NSS settings to
re-enable SSLv2 support.

3) It is possible to conduct cross-site scripting attacks against
sites containing a frame with a "data:" URI as source.

Successful exploitation requires that a user is tricked into visiting
a malicious website and opening a blocked popup.

4) It is possible to open windows containing local files thereby
stealing the contents when the full path of a locally saved file
containing malicious script code is known. This can be exploited in
combination with a flaw in the seeding of the pseudo-random number
generator causing downloaded files to be saved to temporary files
with a somewhat predictable name.

Successful exploitation requires that a user is tricked into visiting
a malicious website and opening a blocked popup.

5) Browser UI elements like the host name and security indicators can
be spoofed using a specially crafted custom cursor and manipulating
the CSS3 hotspot property.

6) It may be possible to gain knowledge of sensitive information from
a website due to an error resulting in two web pages colliding in the
disk cache thereby potentially appending part of one document to the
other.

Successful exploitation requires that a user is tricked into visiting
a malicious website while visiting the target website.

7) Various errors in the Mozilla parser when handling invalid
trailing characters in HTML tag attribute names and during processing
of UTF-7 content when child frames inherit the character set of its
parent window can be exploited to conduct cross-site scripting
attacks.

Cool A vulnerability in the Password Manager may be exploited to
conduct phishing attacks.

For more information:
SA23046

9) Multiple memory corruption errors exist in the layout engine,
JavaScript engine, and in SVG. Some of these may be exploited to
execute arbitrary code on a user's system.

SOLUTION:
Update to version 2.0.0.2 or 1.5.0.10.

PROVIDED AND/OR DISCOVERED BY:
1) Michal Zalewski
2) Discovered by regenrecht and reported via iDefense Labs.
3) shutdown
4) Michal Zalewski
5) David Eckel
6) Aad
7) RSnake and Stefan Esser.
Cool Robert Chapin
9) Jesse Ruderman, Martijn Wargers, Olli Pettay, Tom Ferris, Brian
Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4, and shutdown.

ORIGINAL ADVISORY:
Mozilla Foundation:
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482

OTHER REFERENCES:
SA24175:
http://secunia.com/advisories/24175/

SA23046:
http://secunia.com/advisories/23046/

Collapse -
Mozilla SeaMonkey Multiple Vulnerabilities
by Marianna Schmudlach / February 24, 2007 6:39 AM PST

TITLE:
Mozilla SeaMonkey Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24238

VERIFY ADVISORY:
http://secunia.com/advisories/24238/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, System access

WHERE:
From remote

SOFTWARE:
Mozilla SeaMonkey 1.0.x
http://secunia.com/product/9126/

DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla SeaMonkey,
which can be exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting and spoofing attacks, gain
knowledge of sensitive information, and potentially compromise a
user's system.

For more information:
SA24205

SOLUTION:
The vulnerabilities will be fixed in version 1.0.8.

OTHER REFERENCES:
SA24205:
http://secunia.com/advisories/24205/

Collapse -
SupportSoft Active X fixed
by Marianna Schmudlach / February 24, 2007 6:42 AM PST

Published: 2007-02-24,
Last Updated: 2007-02-24 20:27:15 UTC
by Swa Frantzen (Version: 3)
SupportSoft's ActiveX control that allows a.o. remote assistance has been update fixing a security issue leading to remote code execution.

Vendor info
CERT coordination
CVE-2006-6490

Security products affected:
Symantec
But do note there are many more sources for these controls to sneak in through.

As for workarounds, consider disabling ActiveX and/or the list of killbits:

More: http://isc.sans.org/

Collapse -
Windows Shell User Logon ActiveX Control Create Method Unaut
by Marianna Schmudlach / February 24, 2007 6:44 AM PST

Windows Shell User Logon ActiveX Control Create Method Unauthorized User Creation Vulnerability


Bugtraq ID: 22710
Class: Boundary Condition Error

The Windows Shell User Logon ActiveX control is prone to a vulnerability which allows attackers to create user accounts on victim computers.

Exploiting this issue can aid in further attacks and may result in the compromise of affected computers.

Version 6.0.2900.2180 is vulnerable; other versions may also be affected.

Published: Feb 24 2007 12:00AM
Updated: Feb 24 2007 12:00AM
Credit: shinnai <shinnaibushi@hotmail.com> is credited with the discovery of this issue.

http://www.securityfocus.com/bid/22710/info

Collapse -
Microsoft HTML Help ActiveX Control Remote Code Execution Vu
by Marianna Schmudlach / February 24, 2007 6:46 AM PST

Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability

Bugtraq ID: 22478
Class: Design Error
CVE: CVE-2007-0214

The Microsoft HTML Help ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

Updated: Feb 24 2007 09:56PM
Credit: HD Moore of the Metasploit Project is credited with discover of this issue.

http://www.securityfocus.com/bid/22478/info

Collapse -
PHP-Nuke Multiple SQL Injection Vulnerabilities
by Marianna Schmudlach / February 24, 2007 6:48 AM PST

Bugtraq ID: 22638
Class: Input Validation Error

PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

PHP-Nuke 8.0 Final and prior versions are vulnerable.

Updated: Feb 24 2007 05:26PM
Credit: krasza is credited with the discovery of these vulnerabilities.

http://www.securityfocus.com/bid/22638/info

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.