Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - April 21, 2009

by Marianna Schmudlach / April 21, 2009 12:59 AM PDT

Ubuntu update for apt

Release Date: 2009-04-21

Critical:
Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch

OS: Ubuntu Linux 6.06
Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

http://secunia.com/advisories/34832/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - April 21, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - April 21, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Ubuntu update for php5
by Marianna Schmudlach / April 21, 2009 1:00 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Ubuntu Linux 6.06
Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/34830/

Collapse -
apt Package Signature Verification Security Bypass
by Marianna Schmudlach / April 21, 2009 1:01 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch

Software: apt 0.x

Description:
A security issue has been reported in apt, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to apt checking for the "GOODSIG" instead of the "VALIDSIG" return value when launching "gpgv" to verify packages, which results in apt accepting packages signed with expired or revoked keys.

Note: Additionally, an error exists within the daily apt cron script when handling certain dates. This can lead to automatic updates being stopped or disabled.

http://secunia.com/advisories/34829/

Collapse -
Ubuntu update for xine-lib
by Marianna Schmudlach / April 21, 2009 1:02 AM PDT

Release Date: 2009-04-21

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

OS: Ubuntu Linux 6.06
Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.


http://secunia.com/advisories/34828/

Collapse -
Online Contact Manager Cross-Site Scripting Vulnerabilities
by Marianna Schmudlach / April 21, 2009 1:03 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: Online Contact Manager 3.x

Description:
Vrs-hCk has reported some vulnerabilities in Online Contact Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "showGroup" parameter in index.php and to the "id" parameter in view.php, email.php, edit.php, and delete.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 3.0. Other versions may also be affected.

http://secunia.com/advisories/34826/

Collapse -
Online Photo Pro "section" Cross-Site Scripting Vulnerabilit
by Marianna Schmudlach / April 21, 2009 1:04 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: Online Photo Pro 2.x


Description:
Vrs-hCk has reported a vulnerability in Online Photo Pro, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "section" parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 2.0. Other versions may also be affected.

http://secunia.com/advisories/34825/

Collapse -
TotalCalendar "manage_users.php" Security Bypass Vulnerabili
by Marianna Schmudlach / April 21, 2009 1:05 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched

Software: TotalCalendar 2.x


Description:
ThE g0bL!N has reported a vulnerability in TotalCalendar, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application allowing unrestricted access to the admin/manage_users.php script. This can be exploited to change e.g. the password of an existing user via a specially crafted HTTP request to the affected script.

The vulnerability is reported in version 2.4. Other versions may also be affected.

http://secunia.com/advisories/34824/

Collapse -
e107 "hide" SQL Injection Vulnerability
by Marianna Schmudlach / April 21, 2009 1:07 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: e107 0.x

Description:
A vulnerability has been discovered in e107, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "hide" parameter in usersettings.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that "Extended User Fields" are used.

The vulnerability is confirmed in version 0.7.15. Other versions may also be affected.

http://secunia.com/advisories/34823/

Collapse -
WB News Insecure Cookie Handling Vulnerability
by Marianna Schmudlach / April 21, 2009 1:07 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched

Software: WB News 2.x

Description:
ThE g0bL!N has discovered a vulnerability in WB News, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restrictions when accessing the administrative interface. This can be exploited to bypass the authentication mechanism and gain access to the administrative interface by setting the "WBNEWS" cookie.

The vulnerability is confirmed in version 2.1.2. Other versions may also be affected.


http://secunia.com/advisories/34822/

Collapse -
MoinMoin "AttachFile.py" Cross-Site Scripting Vulnerabilitie
by Marianna Schmudlach / April 21, 2009 1:08 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Workaround

Software: MoinMoin 1.x

Description:
Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via multiple parameters to action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

The vulnerabilities are reported in version 1.8.2. Prior versions may also be affected.

http://secunia.com/advisories/34821/

Collapse -
EZ Webitor login.php SQL Injection Vulnerabilities
by Marianna Schmudlach / April 21, 2009 1:10 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: EZ Webitor

Description:
Snakespc has reported some vulnerabilities in EZ Webitor, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "txtUserId" and "txtPassword" parameters in login.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

http://secunia.com/advisories/34819/

Collapse -
CoolPlayer+ Portable Playlist File Parsing Buffer Overflows
by Marianna Schmudlach / April 21, 2009 1:10 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: CoolPlayer+ Portable 2.x

Description:
Two vulnerabilities has been discovered in CoolPlayer+ Portable, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors when parsing playlist files.

http://secunia.com/advisories/34816/

Collapse -
1by1 M3U Processing Buffer Overflow Vulnerability
by Marianna Schmudlach / April 21, 2009 1:11 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: 1by1 1.x

Description:
GoLd_M has discovered a vulnerability in 1by1, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a boundary error in the processing of M3U files. This can be exploited to cause a stack-based buffer overflow via an M3U file having an overly long entry.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 1.6.7.0. Other versions may also be affected.

http://secunia.com/advisories/34815/

Collapse -
Avaya CMS Solaris / SEAM Kerberos Multiple Vulnerabilities
by Marianna Schmudlach / April 21, 2009 1:12 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Unpatched

OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged some vulnerabilities in Avaya CMS, which can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

http://secunia.com/advisories/34814/

Collapse -
Avaya CMS Solaris dircmp Shell Script File Overwriting Vulne
by Marianna Schmudlach / April 21, 2009 1:13 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Unpatched

OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

For more information:
SA34558

The vulnerability is reported in Avaya CMS R13/R13.1, R14/R14.1, and R15.

http://secunia.com/advisories/34813/

Collapse -
Seditio CMS Events Plugin "c" SQL Injection Vulnerability
by Marianna Schmudlach / April 21, 2009 1:14 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: Seditio Events (plugin for Seditio)


Description:
A vulnerability has been discovered in Seditio CMS Events Plugin, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "c" parameter in events/inc/events.inc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

http://secunia.com/advisories/34812/

Collapse -
FlatnuX CMS Multiple Vulnerabilities
by Marianna Schmudlach / April 21, 2009 1:15 AM PDT

Release Date: 2009-04-21

Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched

Software: FlatnuX CMS

Description:
girex has discovered some vulnerabilities in FlatnuX CMS, which can be exploited by malicious people to disclose sensitive information and by malicious users to compromise a vulnerable system.

1) Input passed to the "module" parameter in sections/02_Flatforum/search.php and sections/08_Files/search.php, to the "_FNVMOD" parameter in sections/06_Download/section.php, the "_FN[vmod]" parameter in sections/10_Login/section.php and none_Control_Center/section.php, and to the "_FN[theme]" parameter in themes/tp_alpha/theme.php, themes/tp_dhtml2/theme.php, and themes/tp_green/theme.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation allows to execute arbitrary PHP code e.g. via an uploaded avatar image, but requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled.

2) The application does not properly check the file extensions of uploaded files. This can be exploited to upload and execute arbitrary PHP code e.g. via ".phtml" files.

Successful exploitation requires valid user credentials.

The vulnerabilities are confirmed in version 2009-03-27. Other versions may also be affected.

http://secunia.com/advisories/34811/

Collapse -
Creasito "username" SQL Injection Vulnerability
by Marianna Schmudlach / April 21, 2009 1:16 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: Creasito 1.x

Description:
Salvatore "drosophila" Fresta has reported a vulnerability in Creasito E-Commerce Content Manager, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "username" parameter is not properly sanitised before being used in an SQL query in admin/checkuser.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation may allow bypassing the authentication mechanism.

The vulnerability is reported in version 1.3.16. Other versions may also be affected.

http://secunia.com/advisories/34809/

Collapse -
HP StorageWorks Storage Mirroring Software Multiple Vulnerab
by Marianna Schmudlach / April 21, 2009 1:17 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: Security Bypass
DoS
System access
Where: From local network
Solution Status: Vendor Patch

Software: HP StorageWorks Storage Mirroring Software 5.x

Description:
Some vulnerabilities have been reported in HP StorageWorks Storage Mirroring Software, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, or to compromise a vulnerable system.

http://secunia.com/advisories/34808/

Collapse -
HP Storage Essentials Secure NaviCLI Security Bypass
by Marianna Schmudlach / April 21, 2009 1:18 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Security Bypass
Privilege escalation
Where: From local network
Solution Status: Unpatched

Software: HP Storage Essentials SRM 6.x

Description:
A vulnerability has been reported in HP Storage Essentials, which can be exploited by malicious users to bypass certain security restrictions and gain escalated privileges.

The vulnerability is caused due to an unspecified error, which can be exploited to gain unauthorised access or to gain escalated privileges. No further information is currently available.

http://secunia.com/advisories/34807/

Collapse -
Slackware update for udev
by Marianna Schmudlach / April 21, 2009 1:19 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch

OS: Slackware Linux 11.0

Description:
Slackware has issued an update for udev. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

http://secunia.com/advisories/34801/

Collapse -
eMule Plus Logging Infinite Loop Denial of Service
by Marianna Schmudlach / April 21, 2009 1:20 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

Software: eMule Plus 1.x

Description:
A vulnerability has been reported in eMule Plus, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the logging functionality, which can be exploited to trigger an infinite loop.

The vulnerability is reported in versions prior to 1.2e.

http://secunia.com/advisories/34799/

Collapse -
Debian update for php-json-ext
by Marianna Schmudlach / April 21, 2009 1:21 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0

Description:
Debian has issued an update for php-json-ext. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/34770/

Collapse -
Novell NetStorage Multiple Vulnerabilities
by Marianna Schmudlach / April 21, 2009 1:22 AM PDT

Release Date: 2009-04-21

Critical:
Less critical
Impact: Cross Site Scripting
Exposure of system information
DoS
Where: From remote
Solution Status: Unpatched

Software: Novell NetStorage 3.x

Description:
Some vulnerabilities have been reported in Novell NetStorage, which can be exploited by malicious people to conduct cross-site scripting attacks, and by malicious users to disclose system information or cause a DoS (Denial of Service).

http://secunia.com/advisories/34769/

Collapse -
Studio Lounge Address Book Arbitrary File Upload Vulnerabili
by Marianna Schmudlach / April 21, 2009 1:23 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Studio Lounge Address Book 2.x

Description:
Jose Luis Gongora Fernandez has reported a vulnerability in Studio Lounge Address Book, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to the upload-file.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a PHP file.

The vulnerability is reported in version 2.5. Other versions may also be affected.

http://secunia.com/advisories/34761/

Collapse -
Nethoteles "id_establecimiento" SQL Injection Vulnerability
by Marianna Schmudlach / April 21, 2009 1:25 AM PDT

Release Date: 2009-04-21

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: Nethoteles 3.x

Description:
A vulnerability has been reported in Nethoteles, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id_establecimiento" parameter in ficha.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 3.0. Other versions may also be affected.

http://secunia.com/advisories/34743/

Collapse -
Cisco rolls out security upgrades at RSA
by Marianna Schmudlach / April 21, 2009 1:27 AM PDT

April 21st, 2009

Posted by Sam Diaz

Cisco is making a round of announcements today of new products and services that are aimed at boosting network security systems and the delivery of cloud security services. The company noted that, in these offerings, the line between client-based and cloud-based services is beginning to blur - as Cisco thinks it should.

Bottom line: a company shouldn?t care if the products or service is hosted locally or on the cloud. So long as its safe - and that?s what Cisco is promising - then IT departments need not worry about those issues, company executives said.

Today?s announcement, made in conjunction with the RSA Security conference in San Francisco, comes at a time ?when collaboration and mobility technologies are redefining how, when and where business gets done.?

More: http://blogs.zdnet.com/BTL/?p=16688

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?