Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - April 14, 2008

by Marianna Schmudlach / April 14, 2008 12:59 AM PDT

CcMail "this_cookie" Security Bypass Vulnerability



Secunia Advisory: SA29812
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Unpatched


Software: CcMail 1.x


Description:
t0pP8uZz has discovered a vulnerability in CcMail, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction of the administrator page (admin.php) and potentially other pages. This can be exploited to bypass the authentication mechanism and gain access to administrative pages by setting a specially crafted "this_cookie" cookie.

The vulnerability is confirmed in version 1.0.1. Other versions may also be affected.

Solution:
Edit the source code to ensure proper authentication or restrict access to affected pages (e.g. via ".htaccess").

Provided and/or discovered by:
t0pP8uZz

Original Advisory:
http://milw0rm.com/exploits/5433

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - April 14, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - April 14, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
1024 CMS SQL Injection and File Inclusion
by Marianna Schmudlach / April 14, 2008 1:00 AM PDT

Secunia Advisory: SA29810
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: 1024 CMS 1.x



Description:
__GiReX__ has discovered some vulnerabilities in 1024 CMS, which can be exploited by malicious people to conduct SQL injection attacks or to disclose sensitive information.

1) Input passed via the "cookpass" cookie parameter is not properly sanitised before being used in an SQL query in includes/system.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving the administrator's password hash, but requires that "magic_quotes_gpc" is disabled.

2) Input passed to the "lang" parameter in pages/print/default/ops/news.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled.

The vulnerabilities are confirmed in version 1.4.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Provided and/or discovered by:
__GiReX__

Original Advisory:
http://milw0rm.com/exploits/5434

Collapse -
Nero MediaHome Denial of Service Vulnerability
by Marianna Schmudlach / April 14, 2008 1:02 AM PDT

Secunia Advisory: SA29808
Release Date: 2008-04-14


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Unpatched


Software: Nero MediaHome 3.x



Description:
Luigi Auriemma has discovered a vulnerability in Nero MediaHome, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error in NMMediaServer.exe and can be exploited to cause the process to crash via e.g. sending an overly long string to default port 54444/TCP.

The vulnerability is confirmed in version 3.3.3.0 included in Nero version 8.3.2.1. Other versions may also be affected.

Solution:
Use in a trusted network environment only.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/neromedia-adv.txt

Collapse -
cpCommerce Multiple Vulnerabilities
by Marianna Schmudlach / April 14, 2008 1:03 AM PDT

Secunia Advisory: SA29807
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: cpCommerce 1.x

Description:
AmnPardaz Security Research Team have discovered some vulnerabilities in cpCommerce, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to disclose sensitive information.

1) Input passed to the "year" parameter in calendar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed to the "id_product", "id_manufacturer", and "id_category" parameters in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) Input passed to the "language" parameter in index.php and "action" in category.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation of the category.php vulnerability requires that "magic_quotes_gpc" is disabled.

The vulnerabilities are confirmed in version 1.1.0 with the CPCchanges patch applied. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Use another product.

Provided and/or discovered by:
AmnPardaz Security Research Team

Original Advisory:
http://milw0rm.com/exploits/5437

Collapse -
IBM HTTP Server mod_imap and mod_status Cross-Site Scripting
by Marianna Schmudlach / April 14, 2008 1:05 AM PDT

Secunia Advisory: SA29806
Release Date: 2008-04-14


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: IBM HTTP Server 1.x



Description:
IBM has acknowledged some vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

The vulnerabilities are reported in IBM HTTP Server 1.3.28.1. Prior versions may also be affected.

Solution:
Apply APARs (PK58024, PK59667):
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273

Other References:
SA28073:
http://secunia.com/advisories/28073/

Collapse -
Novell eDirectory "Connection" HTTP Header Processing Denial
by Marianna Schmudlach / April 14, 2008 1:07 AM PDT

Secunia Advisory: SA29805
Release Date: 2008-04-14


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


Software: Novell eDirectory 8.x

Description:
A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within dhost.exe when processing "Connection" headers in a HTTP request. This can be exploited to cause dhost.exe to consume large amounts of CPU resource via e.g. sending multiple HTTP requests containing specially crafted "Connection" headers.

The vulnerability affects the following versions on Windows 2000/2003 systems:
* Novell eDirectory 8.8.1 and prior
* Novell eDirectory 8.7.3.9 and prior

Solution:
Update to version 8.8.2 or apply eDirectory 8.7.3 sp10.
http://download.novell.com/

Provided and/or discovered by:
The vendor credits Nicholas Gregorie.

Original Advisory:
Novell (3829452):
http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1

Collapse -
SD Korn Shell TTY Attachment Privilege Escalation
by Marianna Schmudlach / April 14, 2008 1:08 AM PDT

Secunia Advisory: SA29803
Release Date: 2008-04-14


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


Software: MirBSD Korn Shell 3.x

Description:
A vulnerability has been reported in MirBSD Korn Shell, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error when attaching to a TTY via the "-T" command line switch. This can be exploited to execute arbitrary commands with the privileges of the user running mksh via characters previously written to the attached virtual console.

The vulnerability is reported in versions prior to R33d.

Solution:
Update to version R33d.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.mirbsd.org/mksh.htm#clog

Collapse -
OmniPCX Office Information Disclosure Vulnerability
by Marianna Schmudlach / April 14, 2008 1:10 AM PDT

Secunia Advisory: SA29798
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


OS: OmniPCX Office

Description:
A vulnerability has been reported in OmniPCX Office, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is cause due to the improper filtering of parameters passed to unspecified CGI scripts. This can be exploited to obtain sensitive information and potentially gain administrative access to the system.

Solution:
Update to a fixed version.

OXO210:
Update to 210/091.001.

OXO310:
Update to 310/056.001.

OXO410:
Update to 410/057.001.

OXO510:
Update to 510/037.001.

OXO600:
Update to 610/014.001.

Provided and/or discovered by:
The vendor credits Digital Security.

Original Advisory:
Alcatel-Lucent:
http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm

Collapse -
NewsOffice "newsoffice_directory" File Inclusion Vulnerabili
by Marianna Schmudlach / April 14, 2008 1:12 AM PDT

Secunia Advisory: SA29797
Release Date: 2008-04-14


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: NewsOffice 1.x

Description:
RoMaNcYxHaCkEr has discovered a vulnerability in NewsOffice, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "newsoffice_directory" parameter in news_show.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in version 1.1. Prior versions may also be affected.

Solution:
Update to version 1.1.1.

Provided and/or discovered by:
RoMaNcYxHaCkEr

Original Advisory:
http://milw0rm.com/exploits/5429

Collapse -
HP OpenView Network Node Manager Multiple Vulnerabilities
by Marianna Schmudlach / April 14, 2008 1:13 AM PDT

Secunia Advisory: SA29796
Release Date: 2008-04-14


Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information
DoS

Where: From local network

Solution Status: Unpatched


Software: HP OpenView Network Node Manager (NNM) 7.x

Description:
Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to disclose certain information or cause a DoS (Denial of Service).

1) An error in the ovtopmd.exe service can be exploited to cause the service to terminate via a type 0x36 request sent to default port 2532/TCP.

2) An input validation error in the ovalarmsrv.exe service can be exploited to cause the service to consume large amounts of CPU resources by sending specially crafted requests (e.g. type 25, 45, 46, 47 and 81) to default port 2954/TCP.

3) A NULL-pointer dereference error within ovalarmsrv.exe can be exploited via a specially crafted request sent to default port 2954/TCP.

4) It is possible to download or view arbitrary files by sending an HTTP request to the OpenView5.exe CGI application and passing strings containing directory traversal sequences to the "Action" parameter.

The vulnerabilities are reported in version 7.53. Other versions may also be affected.

Solution:
Restrict network access to the services. Filter malicious characters and character sequences using a web proxy.

Provided and/or discovered by:
1-3) Luigi Auriemma
4) Independently discovered by:
* Luigi Auriemma
* JJ Reyes, Secunia Research

Original Advisory:
Luigi Auriemma:
http://aluigi.altervista.org/adv/closedviewx-adv.txt

Secunia Research:
http://secunia.com/secunia_research/2008-4/

Collapse -
Coppermine Photo Gallery "upload.php" SQL Injection
by Marianna Schmudlach / April 14, 2008 1:20 AM PDT

Secunia Advisory: SA29795
Release Date: 2008-04-14


Critical:
Less critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Coppermine Photo Gallery 1.x

Description:
A vulnerability has been discovered in Coppermine Photo Gallery, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed as MIME media types from remote HTTP servers when performing URI/URL Uploads in upload.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires valid user credentials.

The vulnerability is confirmed in version 1.4.16. Prior versions may also be affected.

Solution:
Update to version 1.4.17.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://forum.coppermine-gallery.net/index.php/topic,51787,0.html

Collapse -
libpng Unknown Chunk Processing Uninitialized Memory Access
by Marianna Schmudlach / April 14, 2008 1:21 AM PDT

Secunia Advisory: SA29792
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Workaround


Software: libpng 1.x



Description:
Tavis Ormandy has reported a vulnerability in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.

The vulnerability is caused due to the improper handling of PNG chunks unknown to the library. This can be exploited to trigger the use of uninitialized memory in e.g. a "free()" call via unknown PNG chunks having a length of zero.

Successful exploitation may allow execution of arbitrary code, but requires that the application calls the "png_set_read_user_chunk_fn()" function or the "png_set_keep_unknown_chunks()" function under specific conditions.

The vulnerability is reported in versions 1.0.6 through 1.0.32 and 1.2.0 through 1.2.26.

Solution:
Fixed in version 1.2.27beta01.

Do not process untrusted PNG data with applications using libpng.

Provided and/or discovered by:
Tavis Ormandy, oCERT Team.

Original Advisory:
libpng:
http://libpng.sourceforge.net/Advisory-1.2.26.txt

oCERT:
http://www.ocert.org/advisories/ocert-2008-003.html

Collapse -
phpkb Knowledge Base "ID" SQL Injection Vulnerability
by Marianna Schmudlach / April 14, 2008 1:23 AM PDT

Secunia Advisory: SA29791
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: phpkb Knowledge Base 1.x
phpkb Knowledge Base 2.x



Description:
parad0x has reported a vulnerability in phpkb Knowledge Base, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ID" parameter in comment.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions 1.5 and 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
parad0x

Original Advisory:
http://milw0rm.com/exploits/5428

Collapse -
cwRsync "xattr" Integer Overflow Vulnerability
by Marianna Schmudlach / April 14, 2008 1:24 AM PDT

Secunia Advisory: SA29788
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: cwRsync 2.x

Description:
A vulnerability has been reported in cwRsync, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.

For more information:
SA29668

Solution:
Update to version 2.1.3.

Original Advisory:
http://sourceforge.net/project/showno...?release_id=591462&group_id=69227

Other References:
SA29668:
http://secunia.com/advisories/29668/

Collapse -
Mandriva update for rsync
by Marianna Schmudlach / April 14, 2008 1:26 AM PDT

Secunia Advisory: SA29770
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007.0

Description:
Mandriva has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.

For more information:
SA29668

Solution:
Apply updated packages.

Mandriva Linux 2007

015dee0e8b724a60a702aac81194128b 2007.0/i586/rsync-2.6.9-5.2mdv2007.0.i586.rpm
da32538186f22095454d5fd905c43f18 2007.0/SRPMS/rsync-2.6.9-5.2mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

6c40f172781c4b6e8e29afea66eceda5 2007.0/x86_64/rsync-2.6.9-5.2mdv2007.0.x86_64.rpm
da32538186f22095454d5fd905c43f18 2007.0/SRPMS/rsync-2.6.9-5.2mdv2007.0.src.rpm

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:084

Other References:
SA29668:
http://secunia.com/advisories/29668/

Collapse -
SUSE update for flash-player
by Marianna Schmudlach / April 14, 2008 1:27 AM PDT

Secunia Advisory: SA29763
Release Date: 2008-04-14


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10.1

Description:
SUSE has issued an update for flash-player. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.

For more information:
SA28083

Solution:
Apply updated packages.


Original Advisory:
http://www.novell.com/linux/security/advisories/2008_22_flashplayer.html

Other References:
SA28083:
http://secunia.com/advisories/28083/

Collapse -
Gentoo update for gnome-screensaver
by Marianna Schmudlach / April 14, 2008 1:29 AM PDT

Secunia Advisory: SA29759
Release Date: 2008-04-14


Critical:
Not critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for gnome-screensaver. This fixes a security issue, which can be exploited by malicious people with physical access to bypass certain security restrictions.

For more information:
SA29595

Solution:
Update to "gnome-extra/gnome-screensaver-2.20.0-r3" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200804-12.xml

Other References:
SA29595:
http://secunia.com/advisories/29595/

Collapse -
Coppermine Photo Gallery "bridge/coppermine.inc.php" SQL Inj
by Marianna Schmudlach / April 14, 2008 1:30 AM PDT

Coppermine Photo Gallery "bridge/coppermine.inc.php" SQL Injection


Secunia Advisory: SA29741
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Coppermine Photo Gallery 1.x

Description:
A vulnerability has been reported in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to unspecified cookies in bridge/coppermine.inc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.4.17. Prior versions may also be affected.

Solution:
Update to version 1.4.18.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://forum.coppermine-gallery.net/index.php/topic,51882.0.html

Collapse -
Gentoo update for policyd-weight
by Marianna Schmudlach / April 14, 2008 1:31 AM PDT

Secunia Advisory: SA29738
Release Date: 2008-04-14


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for policyd-weight. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

For more information:
SA29553

Solution:
Update to "mail-filter/policyd-weight-0.1.14.17" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200804-11.xml

Other References:
SA29553:
http://secunia.com/advisories/29553/

Collapse -
SUSE update for openssh and opera
by Marianna Schmudlach / April 14, 2008 1:32 AM PDT

Secunia Advisory: SA29735
Release Date: 2008-04-14


Critical:
Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10.1
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9

Description:
SUSE has issued an update for openssh and opera. This fixes some vulnerabilities and a weakness, which can be exploited by malicious, local users to disclose potentially sensitive information and bypass certain security restrictions, and potentially by malicious people to compromise a user's system.

Solution:
Apply updated packages via YaST Online Update or the SUSE FTP server.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html

Other References:
SA29522:
http://secunia.com/advisories/29522/

SA29602:
http://secunia.com/advisories/29602/

SA29662:
http://secunia.com/advisories/29662/

Collapse -
KwsPHP JeuxFlash Module "cat" SQL Injection
by Marianna Schmudlach / April 14, 2008 1:33 AM PDT

Secunia Advisory: SA29625
Release Date: 2008-04-14


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: JeuxFlash 1.x (module for KwsPHP)

Description:
HouSSamix has reported a vulnerability in the JeuxFlash module for KwsPHP, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat" parameter in the KwsPHP installation's index.php script (when "mod" is set to "jeuxflash") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.3 downloaded before 2008-04-05. Other versions may also be affected.

Solution:
Update to version 1.3 downloaded on 2008-04-05 or after.

Provided and/or discovered by:
HouSSamix

Original Advisory:
KwsPHP:
http://koogar.alorys-hebergement.com/...od=news&ac=commentaires&id=47

HouSSamix:
http://milw0rm.com/exploits/5352

Collapse -
ClamAV Upack Processing Buffer Overflow Vulnerability
by Marianna Schmudlach / April 14, 2008 1:34 AM PDT

Secunia Advisory: SA29000
Release Date: 2008-04-14


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Workaround


Software: Clam AntiVirus (clamav) 0.x



Description:
Secunia Research has discovered a vulnerability in ClamAV, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "cli_scanpe()" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Upack" executable.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in versions 0.92 and 0.92.1. Prior versions may also be affected.

Solution:
An updated version should be available shortly. The PE scanning module has been remotely switched off after 10/03/2008.

Do not scan untrusted PE files.

Provided and/or discovered by:
Alin Rad Pop, Secunia Research.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2008-11/

Collapse -
Vulnerability in Google spreadsheets allows cookie stealing
by Marianna Schmudlach / April 14, 2008 1:46 AM PDT

Security researcher Billy Rios has discovered a vulnerability in Google Spreadsheets which attackers can exploit using links to crafted tables to steal a user's cookie. According to Rios, the victim has to follow such a link in Internet Explorer. The stolen cookie can be used to access all Google services with the victim's identity, including reading the victim's Google Mail.

Rios explains on his blog that the security vulnerability results from incorrect content-type headers or the browser ignoring these headers in HTTP responses returned by the server. The problem is not confined to Internet Explorer: according to Rios, Firefox, Safari and Opera can also ignore the [code]content-type header and attempt to determine the server response content type themselves.

More: http://www.heise-online.co.uk/security/Vulnerability-in-Google-spreadsheets-allows-cookie-stealing--/news/110527

Collapse -
Oracle announces patches for 41 holes
by Marianna Schmudlach / April 14, 2008 1:47 AM PDT

Database vendor Oracle has announced patches for 41 security holes in a number of products for the Critical Patch Update (CPU) patch day scheduled for Tuesday. The updates affect the vast majority of the vendor's products:

Oracle Database 11g (11.1.0.6); 10g Release 2 (10.2.0.2, 10.2.0.3); 10g (10.1.0.5); 9i Release 2 (9.2.0.8, 9.2.0.8DV)
Oracle Application Server 10g Release 3 (10.1.3); 10g Release 2 (10.1.2); 10g (9.0.4)
Oracle Collaboration Suite 10g (10.1.2)
Oracle E-Business Suite Release 12 (12.0.0 - 12.0.4); Release 11i (11.5.9 - 11.5.10 CU2)
Oracle PeopleSoft Enterprise PeopleTools (8.22.19, 8.48.16, 8.49.09)
Oracle PeopleSoft Enterprise HCM (8.8 SP1, 8.9, 9.0)
Oracle Siebel SimBuilder (7.8.2, 7.8.5)
No further details about the vulnerabilities have been released so far. But according to the patch day pre-release announcement, two of the holes in the Oracle database can be exploited remotely over a network without the need for prior authentication, as can all three vulnerabilities in the Application Server, seven of the holes in the E-Business suite and three in Siebel SimBuilder.

More: http://www.heise-online.co.uk/security/Oracle-announces-patches-for-41-holes--/news/110525

Collapse -
ClamAV PE Scanning Vulnerability
by Marianna Schmudlach / April 14, 2008 5:51 AM PDT

added April 14, 2008 at 03:32 pm | updated April 14, 2008 at 03:42 pm

US-CERT is aware of reports of a vulnerability in the Clam AntiVirus ClamAV product. This vulnerability occurs because ClamAV fails to properly process executables that were compressed with the Upack compressor. This vulnerabilty is due to a buffer overflow condition that exists in the code responsible for scanning PE (Portable Executable) files. This vulnerability might allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

To help mitigate the impact of this vulnerability in the ClamAV scanning engine, users are encouraged to run ClamAV using a limited user account.

http://www.us-cert.gov/current/current_activity.html#clamav_pe_scanning_vulnerability

Collapse -
Oracle Issues Pre-Release Announcement for April Critical Pa
by Marianna Schmudlach / April 14, 2008 5:52 AM PDT

Oracle Issues Pre-Release Announcement for April Critical Patch Update

added April 14, 2008 at 03:17 pm

Oracle has issued a Pre-Release Announcement indicating that its April Critical Patch Update (CPU) will contain 41 new security fixes across hundreds of products.

The announcement further states that there are:


17 updates for Oracle Database
3 updates for Oracle Enterprise Manager
11 updates for Oracle E-Business Suite
1 update for the Oracle Enterprise Manager
3 updates for Oracle PeopleSoft Enterprise products
6 updates for Oracle Siebel SimBuilder products
The release is scheduled for Tuesday, April 15, 2008.

We will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#oracle_issues_pre_release_announcement1

Collapse -
EMC DiskXtender Vulnerabilities
by Marianna Schmudlach / April 14, 2008 5:54 AM PDT

added April 14, 2008 at 03:17 pm

US-CERT is aware of reports of vulnerabilities in EMC DiskXtender. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions on an affected system.

US-CERT encourages registered EMC Powerlink users to visit EMC's website for additional information regarding these vulnerabilities.


http://www.us-cert.gov/current/current_activity.html#emc_diskxtender_vulnerabilities

Collapse -
Nortel Networks Communication Server Multiple Vulnerabilitie
by Marianna Schmudlach / April 14, 2008 11:44 AM PDT

TITLE:
Nortel Networks Communication Server Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA29747

VERIFY ADVISORY:
http://secunia.com/advisories/29747/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, DoS, System access

WHERE:
From local network

OPERATING SYSTEM:
Nortel Communication Server 1000
http://secunia.com/product/2823/

DESCRIPTION:
Some security issues and vulnerabilities have been reported in Nortel
Communication Server, which can be exploited by malicious people to
bypass certain security restrictions, disclose sensitive information,
cause a DoS (Denial of Service), or potentially compromise a
vulnerable system.

SOLUTION:
The vendor recommends to install patch MPLR24368 and use SMC2450 to
enable signaling security, which fixes vulnerability #1, and to
restrict network access to affected systems (see vendor advisory for
more information).

PROVIDED AND/OR DISCOVERED BY:
VoIPshield

ORIGINAL ADVISORY:
Nortel:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/14/023588-01.pdf

VoIPshield:
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,11/_cursor,5/_total,44/tableid,1/
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,27/_cursor,15/_total,44/tableid,1/
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,28/_cursor,16/_total,44/tableid,1/
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,29/_cursor,17/_total,44/tableid,1/
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,14/_cursor,3/_total,44/tableid,1/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?