Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - April 25, 2008

HP Software Update HPeDiag ActiveX Control Insecure Methods and Buffer Overflow

Secunia Advisory: SA29966
Release Date: 2008-04-25


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: HP Software Update 3.x
HP Software Update 4.x

Description:
Some vulnerabilities have been reported in HP Software Update, which can be exploited by malicious people to disclose certain information or compromise a vulnerable system.

Solution:
Update to version 4.000.010.008 (see vendor's advisory for details).

Provided and/or discovered by:
Tan Chew Keong

Changelog:
2008-04-25: Updated advisory based on additional information from Tan Chew Keong.

Original Advisory:
HPSBGN02333 SSRT080031:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01439758

Tan Chew Keong:
http://vuln.sg/hpupdate302991-en.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - April 25, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - April 25, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Debian update for phpmyadmin

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29964
Release Date: 2008-04-25


Critical:
Less critical
Impact: Manipulation of data
Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for phpmyadmin.This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks, and by malicious users to disclose sensitive information.

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2008/dsa-1557

Other References:
SA29200:
http://secunia.com/advisories/29200/

SA29613:
http://secunia.com/advisories/29613/

SA29944:
http://secunia.com/advisories/29944/

Collapse -
Trillian Display Name Processing Memory Corruption

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29952
Release Date: 2008-04-25


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Trillian Basic 3.x
Trillian Pro 3.x



Description:
Juan Pablo Lopez Yacubian has discovered a vulnerability in Trillian, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error within the processing of "Display Names" in messages. This can be exploited to cause a memory corruption by e.g. setting the "Display Name" to a specially crafted, overly long string and sending an overly long message to another user using the MSN protocol.

Solution:
Add only trusted users to the contact list.

Provided and/or discovered by:
Juan Pablo Lopez Yacubian

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2008-04/0315.html

Collapse -
WordPress "cat" Directory Traversal Vulnerability

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29949
Release Date: 2008-04-25


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Workaround


Software: WordPress 2.x

Description:
Sandor Attila Gerendi has discovered a vulnerability in WordPress, which can potentially be exploited by malicious users to compromise a vulnerable system.

Input passed via the "cat" parameter to index.php is not properly sanitised in the "get_category_template()" function in wp-includes/theme.php before being used to include files in template-loader.php. This can be exploited to include arbitrary PHP files from local resources via directory traversal attacks.

Solution:
Fixed in the SVN repository.
http://trac.wordpress.org/changeset/7586

Provided and/or discovered by:
Sandor Attila Gerendi

Collapse -
Gentoo update for jrockit-jdk-bin

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29925
Release Date: 2008-04-25


Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for jrockit-jdk-bin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate data, disclose sensitive/system information, cause a DoS (Denial of Service), or to compromise a vulnerable system.

Solution:
Update to the latest versions.

"dev-java/jrockit-jdk-bin-1.4.2.16"
"dev-java/jrockit-jdk-bin-1.5.0.14"

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200804-28.xml

Other References:
SA29858:
http://secunia.com/advisories/29858/

Collapse -
Debian update for xulrunner

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29947
Release Date: 2008-04-25


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for xulrunner. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2008/dsa-1558

Other References:
SA29787:
http://secunia.com/advisories/29787/

Collapse -
Gentoo update for silc

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29946
Release Date: 2008-04-25


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for silc. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Solution:
Update to the latest versions:

"net-im/silc-toolkit-1.1.7"
"net-im/silc-client-1.1.4"
"net-im/silc-server-1.1.2"

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200804-27.xml

Other References:
SA29174:
http://secunia.com/advisories/29174/

SA29459:
http://secunia.com/advisories/29459/

SA29463:
http://secunia.com/advisories/29463/

Collapse -
WordPress Spreadsheet Plugin "ss_id" SQL Injection Vulnerabi

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29938
Release Date: 2008-04-25


Critical:
Moderately critical
Impact: Exposure of sensitive information
Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: WordPress Spreadsheep Plugin (wpSS) 0.x

Description:
1ten0.0net1 has reported a vulnerability in the WordPress Spreadsheet Plugin (wpSS), which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ss_id" parameter in wpSS/ss_load.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 0.6. Other versions may also be affected.

Solution:
Update to version 0.62.
http://timrohrer.com/blog/?page_id=71

Provided and/or discovered by:
1ten0.0net1

Original Advisory:
wpSS:
http://timrohrer.com/blog/?p=120

http://milw0rm.com/exploits/5486

Collapse -
SUSE update for clamav

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29891
Release Date: 2008-04-25


Critical:
Highly critical
Impact: Security Bypass
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10.1
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x

Description:
SUSE has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to cause a DoS (Denial of Service), or to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.novell.com/linux/security/advisories/2008_24_clamav.html

Other References:
SA29000:
http://secunia.com/advisories/29000/

Collapse -
RedDot CMS "LngId" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29843
Release Date: 2008-04-25


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: RedDot CMS 6.x
RedDot CMS 7.x

Description:
Mark Crowther and Rodrigo Marcos have reported a vulnerability in RedDot CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "LngId" parameter in ioRD.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows for the enumeration of all data in the database.

The vulnerability is reported in version 7.5 Build 7.5.0.48. Other versions may also be affected.

Solution:
Update to version 7.5.1.86.

Provided and/or discovered by:
Mark Crowther and Rodrigo Marcos, Information Risk Management Plc (IRM)

Original Advisory:
http://www.irmplc.com/index.php/167-Advisory-026

Collapse -
Debian update for perl

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29948
Release Date: 2008-04-25


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2008/dsa-1556

Other References:
SA27546:
http://secunia.com/advisories/27546/

Collapse -
LightNEasy Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Secunia Advisory: SA29833
Release Date: 2008-04-25


Critical:
Highly critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: LightNEasy (no database) 1.x
LightNEasy (SQLite) 1.x

Description:
Some vulnerabilities have been reported in LightNEasy, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, disclose sensitive information, manipulate data, or to compromise a vulnerable system.

Solution:
Update to version 1.2.2 downloaded on or after 2008-04-18.

Apply security patch #1.

Provided and/or discovered by:
1) __GiReX__ and Gerendi Sandor Attila
2, 3) __GiReX__
4, 5) Gerendi Sandor Attila

Original Advisory:
LightNEasy:
http://www.lightneasy.org/news.php?id=16&showcomments=0

1-3) http://milw0rm.com/exploits/5452

Collapse -
HP Software Update Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

added April 25, 2008 at 10:44 am

US-CERT is aware of reports of multiple vulnerabilities affecting HP Software Update. These vulnerabilities are due to insecure methods in multiple ActiveX controls. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or view or modify sensitive information.

US-CERT encourages users to do the following to help mitigate the risks:


Review the HP Support document and update to HP Software Update v4.000.010.008.
Set the kill bit for the CLSIDs listed in the HP Support document.
Disable ActiveX as described in the Securing Your Web Browser document.


http://www.us-cert.gov/current/current_activity.html#hp_software_update_vulnerabilities

Collapse -
MS patch system poses 'significant risk', say researchers

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

The fix could automate production of the attack

By Robert Lemos, SecurityFocus

Published Friday 25th April 2008

A group of four computer scientists urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program. The technique, which the researchers refer to as automatic patch-based exploit generation (APEG), can create attack code for most major types of vulnerabilities in minutes by automating the analysis of a patch designed to fix the flaws, the researchers stated in a paper released last week.

If Microsoft does not change the way its patches are distributed to customers, attackers could create a system to attack the flaws in unpatched systems minutes after an update is released by the software giant, said David Brumley, a PhD candidate in computer science at Carnegie Mellon University.

http://www.theregister.co.uk/2008/04/25/patches_security_risk/

Collapse -
Hundreds of thousands of SQL injections - UPDATE.

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

It is recommend that you block access to hxxp:/www.nihaorr1.com and the IP it resolves to 219DOT153DOT46DOT28 at the edge or border of your network.

1.js is the file they are currently injecting. That could change and has been injected into thousands of legitimate websites. Visitors to this website are ?treated? to 8 different exploits for many windows based applications including AIM, RealPlayer, and iTunes. DO NOT visit sites that link to this site as you are very likely to get infected. Trendmicro named the malware toj_agent.KAQ it watches for passwords and passes them back to contoller?s ip.


More: http://isc.sans.org/

Collapse -
Compromised Websites Hosting Malicious JavaScript

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

added April 25, 2008 at 04:45 pm

US-CERT is following reports of SQL injection attacks that have compromised a large number of legitimate websites. The compromised websites contain injected JavaScript that attempts to exploit multiple, known vulnerabilities. Users who visit a compromised website may unknowingly execute malicious code.

US-CERT encourages users to do the following to help mitigate the risks of this and similar attacks:


Regularly apply software updates and patches provided by vendors.
Disable JavaScript and ActiveX as described in the Securing Your Web Browser document.
For more technical information, visit SANS Internet Storm Center at http://isc.sans.org/diary.html?storyid=4331.

US-CERT will provide more information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#compromised_websites_hosting_malicious_javascript

Collapse -
Zero-Day Vulnerability Reported in Apple's QuickTime for Win

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Zero-Day Vulnerability Reported in Apple's QuickTime for Windows XP and Vista

Security consultancy GNUCitizen says an attacker could exploit the vulnerability by constructing a specially crafted QuickTime supported media file that allows remote code execution.

By Thomas Claburn
InformationWeek
April 25, 2008 04:40 PM


GNUCitizen, a computer security consultancy, on Friday warned of a zero-day vulnerability in Apple's QuickTime media player for Windows XP and Windows Vista.
"A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs)," said company founder Petko D. Petkov in a blog post. "An attacker could exploit the vulnerability by constructing a specially crafted QuickTime supported media file that allows remote code execution if a user visited a malicious Web site, opened a specially crafted attachment in e-mail, or opened a maliciously crafted media file from the desktop."

Petkov said that if the malicious file was opened by logged-in user with administrative privileges, the attacker could take control of the affected system.

More: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=207402200&cid=RSSfeed_IWK_Security

Collapse -
Solaris update woos elderly apps

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Intel's SpeedStep inside too
By Austin Modine

Published Friday 25th April 2008

Sun Microsystems has released a fresh update for Solaris, but the 10 5/08 injection may appeal most to users running older generations of the operating system.

The update features support for virtualized instances of Solaris 8 and 9 to run inside Solaris Containers. So, you can package up those Solaris 8 and 9 apps and pop them on a Solaris 10 box.

Sun reckons the feature will let legacy Solaris users migrate to the latest version of the OS, as well as upgrade any long-in-the-tooth hardware.

More: http://www.theregister.co.uk/2008/04/25/sun_solaris_10_5_08/

Collapse -
Privilege escalation through hole in Realtek HD driver

In reply to: VULNERABILITIES \ FIXES - April 25, 2008

Security service Wintercore has reported a security hole in Realtek's HD audio codec drivers which allows local users to escalate their system privileges. Realtek has already updated the drivers to plug the hole.

According to the advisory by Wintercore, the Realtek drivers check buffers incorrectly when processing input and output requests (IOCTLs). While this allows users to generate, read and write arbitrary registry keys, it also, and more critically, allows arbitrary code to be executed at SYSTEM privilege level in the kernel context.

Realtek has already made updated drivers (version 1.91) available for download on its servers. Wintercore detected the vulnerability in the drivers for Windows Vista, but the drivers for older versions of Windows may also contain the hole. Affected users should install the update soon as malicious software can use the old drivers to escalate its privileges unnoticed and without triggering User Account Control (UAC) especially under Windows Vista.

http://www.heise-online.co.uk/security/Privilege-escalation-through-hole-in-Realtek-HD-driver--/news/110611

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!