Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - February 28, 2007

by Marianna Schmudlach / February 27, 2007 10:11 AM PST

TCPDump LDP Decoding Routines Denial Of Service Vulnerability

Bugtraq ID: 13389
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2005-1279


The tcpdump utility is prone to a vulnerability that may allow a remote attacker to cause a denial-of-service condition in the software. The issue occurs due to the way tcpdump decodes Label Distribution Protocol (LDP) datagrams. A remote attacker may cause the software to enter an infinite loop by sending malformed LDP datagrams, resulting in the software hanging.

Versions up to and including 3.8.3 of tcpdump are reported prone to this issue.

Updated: Feb 28 2007 12:26AM
Credit: Discovery of this issue is credited to Vade 79 <v9@fakehalo.us>.

http://www.securityfocus.com/bid/13389/info

Discussion is locked
You are posting a reply to: VULNERABILITIES - February 28, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - February 28, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
TCPDump RSVP Decoding Routines Denial Of Service Vulnerabili
by Marianna Schmudlach / February 27, 2007 10:13 AM PST

TCPDump RSVP Decoding Routines Denial Of Service Vulnerability

Bugtraq ID: 13390
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2005-1280

The tcpdump utility is prone to a vulnerability that may allow a remote attacker to cause a denial-of-service condition in the software. The issue occurs due to the way tcpdump decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed RSVP packets, resulting in the software hanging.

Versions up to and including 3.9.x/CVS of tcpdump are reported prone to this issue.

Updated: Feb 28 2007 12:26AM
Credit: Discovery of this issue is credited to Vade 79 <v9@fakehalo.us>.

http://www.securityfocus.com/bid/13390/info

Collapse -
Wordpress Post.PHP Cross-Site Scripting Vulnerability
by Marianna Schmudlach / February 27, 2007 10:18 AM PST

Bugtraq ID: 22735
Class: Input Validation Error

Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Wordpress 2.1.1 is vulnerable to this issue; other versions may also be affected.

Updated: Feb 28 2007 12:26AM
Credit: Samenspender is credited with the discovery of this vulnerability.

http://www.securityfocus.com/bid/22735/info

Collapse -
Mozilla GIF Image Processing Library Remote Heap Overflow Vu
by Marianna Schmudlach / February 27, 2007 10:21 AM PST

Mozilla GIF Image Processing Library Remote Heap Overflow Vulnerability

Bugtraq ID: 12881
Class: Boundary Condition Error
CVE: CVE-2005-0399

Multiple Mozilla products are affected by a remote heap-overflow vulnerability. This issue affects the GIF image processing library used by Mozilla Firefox, Mozilla Browser, and Mozilla Thunderbird Mail client.

A successful attack can result in arbitrary code execution and in unauthorized access to the affected computer. Arbitrary code execution will take place in the context of a user running a vulnerable application.

*Update: K-Meleon, which is based on the Mozilla Gecko-code base, is also prone to this issue.

Updated: Feb 28 2007 12:46AM
Credit: Discovery is credited to Mark Dowd of ISS X-Force. Juha-Matti Laurio confirmed that this vulnerability also affects Netscape 7.2 and 6.2.3 and the K-Meleon browser.

http://www.securityfocus.com/bid/12881/info

Collapse -
GNUCash Insecure Temporary File Creation Vulnerability
by Marianna Schmudlach / February 27, 2007 10:23 AM PST

Bugtraq ID: 22610
Class: Race Condition Error
CVE: CVE-2007-0007

GNUCash creates temporary files in an insecure way.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully exploiting a symlink attack may allow an attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.

GNUCash 2.0.5 and prior versions are vulnerable to this issue.

Updated: Feb 28 2007 12:26AM
Credit: The vendor reported this vulnerability.
Vulnerable: RedHat Fedora Core6
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
GNU GNUCash 2.0.4

http://www.securityfocus.com/bid/22610/info

Collapse -
GNUTLS Padding Denial of Service Vulnerability
by Marianna Schmudlach / February 27, 2007 10:25 AM PST

Bugtraq ID: 13477
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2005-1431

GnuTLS is prone to a denial-of-service vulnerability. A remote attacker can send specifically designed data to cause a flaw in the parsing, leading to denial-of-service conditions.

This issue has been addressed in GnuTLS versions 1.0.25 and 1.2.3; earlier versions are vulnerable.

Updated: Feb 28 2007 12:46AM
Credit: The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.

http://www.securityfocus.com/bid/13477/info

Collapse -
McAfee Virex for Mac Insecure File Permissions Local Privil
by Marianna Schmudlach / February 27, 2007 11:28 PM PST

McAfee Virex for Mac Insecure File Permissions Local Privilege Escalation Vulnerability

Advisory ID : FrSIRT/ADV-2007-0777
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability has been identified in McAfee Virex for Mac, which could be exploited by local attackers to bypass security restrictions or obtain elevated privileges. This issue is due to insecure permissions being set on the "Library/Application/Sypport/Virex/VShieldExecute.txt" file, which could be exploited by malicious users to execute arbitrary commands with "root" privileges via a symlink attack.

Note : Insecure permissions set on the scan exclusion file "Library/Application Support" could be exploited by malicious users to disable or bypass the scanning feature.

Affected Products

McAfee Virex for Mac OS X versions 7.x

Solution

Apply patch 1 for McAfee Virex version 7.7 :
https://mysupport.mcafee.com/eservice_enu/

References

http://www.frsirt.com/english/advisories/2007/0777
https://knowledge.mcafee.com/article/283/518722_f.SAL_Public.html
http://www.netragard.com/pdfs/research/NETRAGARD-20070220.txt

Credits

Vulnerability reported by Kevin Finisterre and Netragard

Collapse -
CA eTrust Intrusion Detection Authentication Key Handling D
by Marianna Schmudlach / February 27, 2007 11:29 PM PST

CA eTrust Intrusion Detection Authentication Key Handling Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0776
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability has been identified in CA eTrust Intrusion Detection, which could be exploited by remote attackers to cause a denial of service. This issue is due to an error in the Engine service that fails to properly validate the key length value during authentication, which could be exploited by attackers to cause a vulnerable application to unexpectedly terminate by sending a specially crafted request to port 9191/TCP.

Affected Products

CA eTrust Intrusion Detection version 3.0 SP1
CA eTrust Intrusion Detection version 3.0
CA eTrust Intrusion Detection version 2.0 SP1

Solution

Apply patch for eTrust Intrusion Detection 3.0 SP1 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO85469

Apply patch for eTrust Intrusion Detection 3.0 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO85472

Apply patch for eTrust Intrusion Detection 2.0 SP1 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO85488

References

http://www.frsirt.com/english/advisories/2007/0776
http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484

Credits

Vulnerability reported by iDefense Labs

Collapse -
Nullsoft SHOUTcast Administrative Interface Logfile Cross Si
by Marianna Schmudlach / February 27, 2007 11:30 PM PST

Nullsoft SHOUTcast Administrative Interface Logfile Cross Site Scripting Vulnerability

Advisory ID : FrSIRT/ADV-2007-0775
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability has been identified in Nullsoft SHOUTcast, which could be exploited by attackers to execute arbitrary scripting code. This issue is due to an input validation error in the administrative interface when displaying log files, which could be exploited by attackers to cause arbitrary scripting code injected via a specially crafted URL to be executed by the administrator's browser in the security context of an affected application.

Affected Products

Nullsoft SHOUTcast version 1.9.7 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0775

Credits

Vulnerability reported by Muschiemann

Collapse -
Sun Solaris PostgreSQL Information Disclosure and Denial of
by Marianna Schmudlach / February 27, 2007 11:31 PM PST

Sun Solaris PostgreSQL Information Disclosure and Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0774
CVE ID : CVE-2007-0555 - CVE-2007-0556
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Two vulnerabilities have been identified in PostgreSQL for Sun Solaris. These issues could be exploited by attackers to cause a denial of service and disclose sensitive information. For additional information, see : FrSIRT/ADV-2007-0478

Affected Products

Sun Solaris 10

Solution

The first issue can be fixed by removing permissions to create or alter objects in the database schema via the command : REVOKE CREATE ON SCHEMA public FROM PUBLIC CASCADE;

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0774
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1

Collapse -
Fedora Security Update Fixes GnuCash Insecure Temporary File
by Marianna Schmudlach / February 27, 2007 11:33 PM PST

Fedora Security Update Fixes GnuCash Insecure Temporary File Creation Vulnerability

Advisory ID : FrSIRT/ADV-2007-0773
CVE ID : CVE-2007-0007
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Fedora has released security updates to address a vulnerability has been identified in GnuCash. This issue could be exploited by malicious users to conduct symlink attacks. For additional information, see : FrSIRT/ADV-2007-0653

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0773
https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00157.html

Collapse -
Redhat Security Update Fixes Kernel Multiple Local Denial of
by Marianna Schmudlach / February 27, 2007 11:34 PM PST

Redhat Security Update Fixes Kernel Multiple Local Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0772
CVE ID : CVE-2007-0001 - CVE-2007-0006
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Redhat has released updated packages to address multiple vulnerabilities identified in Kernel.

The first issue is due to an error in the file watch implementation of the audit subsystems, which could allow malicious users to cause a denial of service.

The second vulnerability is due to an error in the "key_alloc_serial()" [security/keys/key.c] function. For additional information, see : FrSIRT/ADV-2007-0612

Affected Products

Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)

Solution

Upgrade the affected packages :
http://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/0772
http://rhn.redhat.com/errata/RHSA-2007-0085.html

Collapse -
Ubuntu Security Update Fixes Mozilla Firefox Multiple Comma
by Marianna Schmudlach / February 27, 2007 11:35 PM PST

Ubuntu Security Update Fixes Mozilla Firefox Multiple Command Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0771
CVE ID : CVE-2006-6077 - CVE-2007-0008 - CVE-2007-0009 - CVE-2007-0775 - CVE-2007-0777 - CVE-2007-0778 - CVE-2007-0779 - CVE-2007-0780 - CVE-2007-0800 - CVE-2007-0981 - CVE-2007-0995 - CVE-2007-0996
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Ubuntu has released security updates to address multiple vulnerabilities identified in Mozilla Firefox. These issues could be exploited by remote attackers to execute arbitrary commands or bypass security restrictions. For additional information, see : FrSIRT/ADV-2007-0718

Affected Products

Ubuntu 5.10
Ubuntu 6.10

Solution

Upgrade the affected packages :
http://www.ubuntu.com/usn/usn-428-1

References

http://www.frsirt.com/english/advisories/2007/0771
http://www.ubuntu.com/usn/usn-428-1

Collapse -
Ubuntu Security Update Fixes Enigmail Extension Remote Deni
by Marianna Schmudlach / February 27, 2007 11:36 PM PST

Ubuntu Security Update Fixes Enigmail Extension Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0770
CVE ID : CVE-2006-5877
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Ubuntu has released security updates to address a vulnerability identified in Enigmail. This issue is due to an error when handling overly large encrypted attachments, which could be exploited by attackers to crash an affected application (e.g. Thunderbird) via a specially crafted email.

Affected Products

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

Solution

Ubuntu 5.10 - Upgrade to mozilla-thunderbird-enigmail 2:0.94-0ubuntu0.5.10.1
Ubuntu 6.06 LTS - Upgrade to mozilla-thunderbird-enigmail 2:0.94-0ubuntu4.3
Ubuntu 6.10 - Upgrade to mozilla-thunderbird-enigmail 2:0.94-0ubuntu5.1

References

http://www.frsirt.com/english/advisories/2007/0770
http://www.ubuntu.com/usn/usn-427-1

Collapse -
rPath Security Update Fixes PHP Buffer Overflow and Security
by Marianna Schmudlach / February 27, 2007 11:37 PM PST

rPath Security Update Fixes PHP Buffer Overflow and Security Bypass Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0769
CVE ID : CVE-2007-0906 - CVE-2007-0907 - CVE-2007-0908 - CVE-2007-0909 - CVE-2007-0910 - CVE-2007-0988
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

rPath has released security updates to address multiple vulnerabilities identified in PHP. These issues could be exploited by attackers to bypass security restrictions or execute arbitrary commands. For additional information, see : FrSIRT/ADV-2007-0546

Affected Products

rPath Linux 1

Solution

Upgrade to :
php=/conary.rpath.com at rpl:devel//1/4.3.11-15.9-1
php-mysql=/conary.rpath.com at rpl:devel//1/4.3.11-15.9-1
php-pgsql=/conary.rpath.com at rpl:devel//1/4.3.11-15.9-1

References

http://www.frsirt.com/english/advisories/2007/0769
http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html

Collapse -
Turbolinux Security Update Fixes PostgreSQL Multiple Inform
by Marianna Schmudlach / February 27, 2007 11:38 PM PST

Turbolinux Security Update Fixes PostgreSQL Multiple Information Disclosure Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0768
CVE ID : CVE-2007-0555 - CVE-2007-0556
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Turbolinux has released security updates to address two vulnerabilities identified in PostgreSQL. These issues could be exploited by attackers to cause a denial of service and disclose sensitive information. For additional information, see : FrSIRT/ADV-2007-0478

Affected Products

Turbolinux Appliance Server 2.0
Turbolinux 10 Server x64 Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux 10 Server
Turbolinux Home
Turbolinux 10 F...
Turbolinux 10 Desktop
Turbolinux Multimedia
Turbolinux Personal
Turbolinux 8 Server

Solution

Upgrade the affected packages :
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/

References

http://www.frsirt.com/english/advisories/2007/0768
http://www.turbolinux.com/security/2007/TLSA-2007-10.txt

Collapse -
Turbolinux Security Update Fixes PHP GD Library Remote Buffe
by Marianna Schmudlach / February 27, 2007 11:39 PM PST

Turbolinux Security Update Fixes PHP GD Library Remote Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-0767
CVE ID : CVE-2007-0455
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Turbolinux has released security updates to address a vulnerability identified in PHP GD. This issue could be exploited by attackers to execute arbitrary commands or cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0400

Affected Products

Turbolinux Appliance Server 2.0
Turbolinux 10 Server x64 Edition
Turbolinux 10 Server
Turbolinux Home
Turbolinux 10 F...
Turbolinux 10 Desktop
Turbolinux Multimedia
Turbolinux Personal

Solution

Upgrade the affected packages :
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/

References

http://www.frsirt.com/english/advisories/2007/0767
http://www.turbolinux.com/security/2007/TLSA-2007-11.txt

Collapse -
Turbolinux Security Update Fixes Bind Multiple Remote Denial
by Marianna Schmudlach / February 27, 2007 11:40 PM PST

Turbolinux Security Update Fixes Bind Multiple Remote Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0766
CVE ID : CVE-2007-0493 - CVE-2007-0494
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Turbolinux has released security updates to address multiple vulnerabilities identified in Bind. These issues could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0349

Affected Products

Turbolinux Appliance Server 2.0
Turbolinux FUJI
Turbolinux 10 Server x64 Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux 10 Server
Turbolinux Home
Turbolinux 10 F...
Turbolinux 10 Desktop
Turbolinux Multimedia
Turbolinux Personal
Turbolinux 8 Server

Solution

Upgrade the affected packages :
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/

References

http://www.frsirt.com/english/advisories/2007/0766
http://www.turbolinux.com/security/2007/TLSA-2007-9.txt

Collapse -
SHOUTcast Logfile Script Insertion Vulnerability
by Marianna Schmudlach / February 27, 2007 11:42 PM PST

TITLE:
SHOUTcast Logfile Script Insertion Vulnerability

SECUNIA ADVISORY ID:
SA24323

VERIFY ADVISORY:
http://secunia.com/advisories/24323/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
SHOUTcast 1.x
http://secunia.com/product/1223/

DESCRIPTION:
Muschiemann has discovered a vulnerability in SHOUTcast, which can be
exploited by malicious people to conduct script insertion attacks.

Input passed via the URL to the "incoming interface" is not properly
sanitised before being used. This can be exploited to insert
arbitrary HTML and script code, which is executed in an
administrative user's browser session in context of an affected site
when the logfiles are viewed.

The vulnerability is related to:
SA8243

The vulnerability is confirmed in version 1.9.7. Other versions may
also be affected.

SOLUTION:
Filter malicious characters and character sequences in a web proxy.

PROVIDED AND/OR DISCOVERED BY:
Muschiemann

OTHER REFERENCES:
SA8243:
http://secunia.com/advisories/8243/

Collapse -
Gentoo update for chmlib
by Marianna Schmudlach / February 27, 2007 11:43 PM PST

TITLE:
Gentoo update for chmlib

SECUNIA ADVISORY ID:
SA24335

VERIFY ADVISORY:
http://secunia.com/advisories/24335/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for chmlib. This fixes some
vulnerabilities, which potentially can be exploited by malicious
people to compromise an application using the library.

For more information:
SA23975

SOLUTION:
Update to "app-doc/chmlib-0.39" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200702-12.xml

OTHER REFERENCES:
SA23975:
http://secunia.com/advisories/23975/

Collapse -
Fedora update for firefox
by Marianna Schmudlach / February 27, 2007 11:46 PM PST

TITLE:
Fedora update for firefox

SECUNIA ADVISORY ID:
SA24320

VERIFY ADVISORY:
http://secunia.com/advisories/24320/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, System access

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/

DESCRIPTION:
Fedora has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and
spoofing attacks, gain knowledge of sensitive information, and
potentially compromise a user's system.

For more information:
SA24205

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2728

OTHER REFERENCES:
SA24205:
http://secunia.com/advisories/24205/

Collapse -
Gentoo Security Update Fixes MPlayer Real Media Plugin Buffe
by Marianna Schmudlach / February 28, 2007 12:02 AM PST

Gentoo Security Update Fixes MPlayer Real Media Plugin Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-0764
CVE ID : CVE-2006-6172
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28
Technical Description

Gentoo has released security updates to address a vulnerability identified in MPlayer. This issue could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2006-4824

Affected Products

media-video/mplayer versions prior to 1.0_rc1-r2

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=media-video/mplayer-1.0_rc1-r2"

References

http://www.frsirt.com/english/advisories/2007/0764
http://www.gentoo.org/security/en/glsa/glsa-200702-11.xml

Collapse -
Gentoo Security Update Fixes UFO2000 Multiple Remote Code Ex
by Marianna Schmudlach / February 28, 2007 12:03 AM PST

Gentoo Security Update Fixes UFO2000 Multiple Remote Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0763
CVE ID : CVE-2006-3788 - CVE-2006-3789 - CVE-2006-3790 - CVE-2006-3791 - CVE-2006-3792
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28
Technical Description

Gentoo has released security updates to address multiple vulnerabilities identified in UFO2000. These issues could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2006-4992

Affected Products

games-strategy/ufo2000 versions prior to 0.7.1062

Solution

Unmerge the affected package :
# emerge --ask --verbose --unmerge ufo2000

References

http://www.frsirt.com/english/advisories/2007/0763
http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml

Collapse -
Gentoo Security Update Fixes Nexuiz Multiple Remote Code Exe
by Marianna Schmudlach / February 28, 2007 12:04 AM PST

Gentoo Security Update Fixes Nexuiz Multiple Remote Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0762
CVE ID : CVE-2006-6609 - CVE-2006-6610
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-28
Technical Description

Gentoo has released security updates to address multiple vulnerabilities identified in Nexuiz. These issues could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2006-4992

Affected Products

games-fps/nexuiz versions prior to 2.2.1

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=games-fps/nexuiz-2.2.1"

References

http://www.frsirt.com/english/advisories/2007/0762
http://www.gentoo.org/security/en/glsa/glsa-200702-09.xml

Collapse -
SQLiteManager "SQLiteManager_currentTheme" Directory Travers
by Marianna Schmudlach / February 28, 2007 2:05 AM PST

TITLE:
SQLiteManager "SQLiteManager_currentTheme" Directory Traversal

SECUNIA ADVISORY ID:
SA24296

VERIFY ADVISORY:
http://secunia.com/advisories/24296/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
SQLiteManager 1.x
http://secunia.com/product/13586/

DESCRIPTION:
Simon Bonnard has discovered a vulnerability in SQLiteManager, which
can be exploited by malicious people to disclose sensitive data.

Input passed to the "SQLiteManager_currentTheme" cookie in index.php
is not properly sanitised before being used to display files. This
can be exploited to download arbitrary files via directory traversal
attacks.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerability is confirmed in version 1.2.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Simon Bonnard

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.