Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - April 3, 2008

by Marianna Schmudlach / April 3, 2008 1:06 AM PDT

Fedora update for gnome-screensaver

Secunia Advisory: SA29666
Release Date: 2008-04-03


Critical:
Not critical
Impact: Exposure of sensitive information

Where: Local system

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for gnome-screensaver. This fixes a weakness, which can be exploited by malicious people with physical access to disclose potentially sensitive information.

Solution:
Apply updated packages via the yum utility ("yum update gnome-screensaver").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00020.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00078.html

Other References:
SA29595:
http://secunia.com/advisories/29595/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - April 3, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - April 3, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Opera Multiple Vulnerabilities
by Marianna Schmudlach / April 3, 2008 1:07 AM PDT

Secunia Advisory: SA29662
Release Date: 2008-04-03


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x


Description:
Some vulnerabilities have been reported in Opera, which potentially can be exploited by malicious people to compromise a user's system.

1) An error when prompting the user to add a newsfeed can be exploited to cause an invalid memory access via a specially crafted newsfeed source.

2) An error exists in the processing of HTML CANVAS elements. This can be exploited to cause a memory corruption via specially crafted scaled pattern images.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 9.27.

Solution:
Update to version 9.27.

Provided and/or discovered by:
The vendor credits Michal Zalewski.

Original Advisory:
Opera:
http://www.opera.com/support/search/view/881/
http://www.opera.com/support/search/view/882/

Collapse -
Security holes in Opera closed
by Marianna Schmudlach / April 3, 2008 1:37 AM PDT

Version 9.27 of the Opera fixes a number of vulnerabilities that attackers could use to inject malicious code. The new version is also claimed to be more stable than its predecessors.

Security expert Michal Zalewski has reported two vulnerabilities in Opera. One can be triggered by newsfeeds embedded in web sites. A script on the web site can manipulate the source of the newsfeed so that Opera crashes and may execute injected code. The second vulnerability can be exploited by attackers using HTML canvas elements which, by means of unspecified image scaling functions, can also cause the browser to crash and execute injected code. A further security-related change relates to the treatment of passwords input via the keyboard. Here, too, the developers of Opera give no detailed explanation of the error.

More: http://www.heise-online.co.uk/security/Security-holes-in-Opera-closed--/news/110467

Collapse -
Symantec Products AutoFix Support Tool ActiveX Control Two V
by Marianna Schmudlach / April 3, 2008 1:08 AM PDT

Symantec Products AutoFix Support Tool ActiveX Control Two Vulnerabilities

Secunia Advisory: SA29660
Release Date: 2008-04-03


Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Norton 360
Symantec Norton AntiVirus 2006
Symantec Norton AntiVirus 2007
Symantec Norton AntiVirus 2008
Symantec Norton Internet Security 2006
Symantec Norton Internet Security 2007
Symantec Norton Internet Security 2008
Symantec Norton SystemWorks 2006
Symantec Norton SystemWorks 2007
Symantec Norton SystemWorks 2008

Description:
Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to compromise a user's system.

1) A boundary error within an ActiveX control (SYMADATA.DLL) included in the AutoFix Support Tool can be exploited to cause a stack-based buffer overflow.

2) A design error in the same ActiveX control can be exploited to e.g. load and execute arbitrary code from a remote share.

Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires that the attacker e.g. conducts DNS poisoning or cross-site scripting attacks as the ActiveX control is site-locked and can only be scripted from a trusted domain.

The vulnerabilities affect the following products:
* Norton 360 1.0
* Norton AntiVirus 2006-2008
* Norton Internet Security2006-2008
* Norton System Works 2006-2008

Solution:
Apply updates.
https://www-secure.symantec.com/techsupp/asa/install.jsp

Provided and/or discovered by:
The vendor credits Peter Vreugdenhill and an anonymous person, both reported via iDefense Labs.

Original Advisory:
SYM08-009:
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html

Collapse -
Drupal Flickr Module Cross-Site Scripting Vulnerabilities
by Marianna Schmudlach / April 3, 2008 1:10 AM PDT

Secunia Advisory: SA29658
Release Date: 2008-04-03


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Drupal Flickr Module 5.x

Description:
Some vulnerabilities have been reported in the Flickr module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 5.x-1.3.

Solution:
Update to version 5.x-1.3.
http://drupal.org/node/241943

Provided and/or discovered by:
The vendor credits Kees Cook.

Original Advisory:
http://drupal.org/node/241939

Collapse -
Gentoo update for bzip2
by Marianna Schmudlach / April 3, 2008 1:11 AM PDT

Secunia Advisory: SA29656
Release Date: 2008-04-03


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to "app-arch/bzip2-1.0.5" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml

Other References:
SA29410:
http://secunia.com/advisories/29410/

Collapse -
Mandriva update for cups
by Marianna Schmudlach / April 3, 2008 1:12 AM PDT

Secunia Advisory: SA29655
Release Date: 2008-04-03


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: Mandriva Linux 2007.0



Description:
Mandriva has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:081

Other References:
SA29431:
http://secunia.com/advisories/29431/

Collapse -
Solaris inetd Debug Logging Symlink Security Issue
by Marianna Schmudlach / April 3, 2008 1:13 AM PDT

Secunia Advisory: SA29654
Release Date: 2008-04-03


Critical:
Not critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Sun Solaris 10

Description:
Sun has acknowledged a security issue in Solaris, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the inetd daemon logging debug messages to "/var/tmp/inetd.log". This can be exploited to e.g. write data into another file and cause a DoS (Denial of Service) via symlink attacks.

Successful exploitation requires that debug logging is enabled.

The security issue is reported in Solaris 10 for the SPARC and x86 platforms.

Solution:
Apply patches.

SPARC platform:
Apply patch 127718-05 or later.

x86 platform:
Apply patch 127719-05 or later.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233284-1

Collapse -
DaZPHPNews "prefixdir" Local File Inclusion Vulnerability
by Marianna Schmudlach / April 3, 2008 1:15 AM PDT

Secunia Advisory: SA29653
Release Date: 2008-04-03


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: DaZPHPNews 0.x

Description:
w0cker has discovered a vulnerability in DaZPHPNews, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "prefixdir" parameter in makepost.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "register_globals" is enabled and that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 0.1-1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
w0cker

Original Advisory:
http://milw0rm.com/exploits/5347

Collapse -
Writer?s Block CMS "PostID" SQL Injection Vulnerability
by Marianna Schmudlach / April 3, 2008 1:17 AM PDT

Secunia Advisory: SA29652
Release Date: 2008-04-03


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Writer's Block CMS 3.x



Secunia Advisory: SA29652
Release Date: 2008-04-03


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Writer's Block CMS 3.x



This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released!



Description:
katharsis has discovered a vulnerability in Writer's Block CMS, which can be exploited by malicious people to conduct SQL injection attacks

Input passed to the "PostID" parameter in permalink.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 3.8a. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
katharsis

Collapse -
Apple QuickTime Multiple Vulnerabilities
by Marianna Schmudlach / April 3, 2008 1:18 AM PDT

Secunia Advisory: SA29650
Release Date: 2008-04-03


Critical:
Highly critical
Impact: Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Apple QuickTime 7.x

Description:
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose potentially sensitive information or compromise a vulnerable system.

1) An implementation error in QuickTime for Java allows untrusted Java applets to deserialize objects provided by QTJava. This can be exploited to disclose sensitive information or execute arbitrary code e.g. when a user visits a malicious web page.

Solution:
Update to version 7.4.5.

QuickTime 7.4.5 for Windows:
http://www.apple.com/support/downloads/quicktime745forwindows.html

QuickTime 7.4.5 for Leopard:
http://www.apple.com/support/downloads/quicktime745forleopard.html

QuickTime 7.4.5 for Panther:
http://www.apple.com/support/downloads/quicktime745forpanther.html

QuickTime 7.4.5 for Tiger:
http://www.apple.com/support/downloads/quicktime745fortiger.html

Provided and/or discovered by:
The vendor credits:
1) Adam Gowdiak
2) Jorge Escala of Open Tech Solutions, and Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs
3) Chris Ries of Carnegie Mellon University Computing Services
5) Sanbin Li working with ZDI
6) An anonymous researcher working with ZDI
7) bugfree working with ZDI
Cool Ruben Santamarta of Reversemode.com working with ZDI
9) An anonymous researcher working with ZDI
10) An anonymous researcher working with ZDI
11) Wei Wang of McAfee AVERT labs

Original Advisory:
Apple:
http://support.apple.com/kb/HT1241

Collapse -
Apple closes 11 security holes in QuickTime
by Marianna Schmudlach / April 3, 2008 1:40 AM PDT

Apple has released version 7.4.5 of QuickTime to fix a total of 11 security vulnerabilities. Attackers can use nine of them to inject Trojans by means of specially crafted media files.

The file formats PICT, QuickTime Animation, QuickTime VR, MOV and MPG are affected. When manipulated files are handled, various buffer overflows can occur, allowing any injected malicious code to be executed. Access privileges can also be escalated for Java applets in QuickTime for Java, and sensitive information can be transmitted to attackers when specially crafted movies are downloaded because the movies are able to open URLs automatically.

More: http://www.heise-online.co.uk/security/Apple-closes-11-security-holes-in-QuickTime--/news/110463

Collapse -
Simple Gallery "album" Cross-Site Scripting
by Marianna Schmudlach / April 3, 2008 1:19 AM PDT

Secunia Advisory: SA29646
Release Date: 2008-04-03


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Simple Gallery 2.x

Description:
Russ McRee has discovered a vulnerability in Simple Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "album" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Russ McRee

Collapse -
Apache-SSL Environment Variables Manipulation Vulnerability
by Marianna Schmudlach / April 3, 2008 1:20 AM PDT

Secunia Advisory: SA29644
Release Date: 2008-04-03


Critical:
Less critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Apache-SSL 1.3.x

Description:
Alexander Klink has reported a vulnerability in Apache-SSL, which can be exploited by malicious people to manipulate certain data or to disclose potentially sensitive information.

The vulnerability is caused due to an error in the "ExpandCert()" function when processing client certificates. This can be exploited to set arbitrary environment variables and disclose potentially sensitive memory via '/' and '=' characters in the relative distinguished name.

The vulnerability is reported in apache_1.3.34+ssl_1.57. Other versions prior to apache_1.3.41+ssl_1.59 may also be affected.

Solution:
Update to apache_1.3.41+ssl_1.59.

Provided and/or discovered by:
Alexander Klink, Cynops GmbH

Original Advisory:
http://www.apache-ssl.org/advisory-cve-2008-0555.txt

Collapse -
HP OpenView Network Node Manager Buffer Overflow Vulnerabili
by Marianna Schmudlach / April 3, 2008 1:21 AM PDT

Secunia Advisory: SA29641
Release Date: 2008-04-03


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Unpatched


Software: HP OpenView Network Node Manager (NNM) 7.x




Description:
Mati Aharoni has discovered a vulnerability in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within ovwparser.dll, which can be exploited to cause a stack-based buffer overflow via an overly long HTTP GET request to ovas.exe on default port 7510/TCP.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 7.51. Other versions may also be affected.

Solution:
Restrict network access to ovas.exe.

Provided and/or discovered by:
Mati Aharoni

Original Advisory:
http://www.offensive-security.com/0day/hp-nnm-ov.py.txt

Collapse -
Novell eDirectory Host Environment HTTP Request Processing D
by Marianna Schmudlach / April 3, 2008 1:22 AM PDT

Novell eDirectory Host Environment HTTP Request Processing Denial of Service

Secunia Advisory: SA29639
Release Date: 2008-04-03


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Unpatched


Software: Novell eDirectory 8.x

Description:
Mati Aharoni has discovered a vulnerability in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the Novell eDirectory Host Environment service (dhost.exe) when processing HTTP requests. This can be exploited to e.g. cause the service to consume large amounts of CPU resources and stop responding to other requests by sending an overly long, specially crafted HTTP request to default port 8028/TCP.

The vulnerability is confirmed in version 8.8.2. Other versions may also be affected.

Solution:
Restrict network access to the service.

Provided and/or discovered by:
Mati Aharoni

Original Advisory:
http://www.offensive-security.com/0day/novel-edir.py.txt

Collapse -
Webform Module Unspecified Script Insertion
by Marianna Schmudlach / April 3, 2008 1:24 AM PDT

Secunia Advisory: SA29633
Release Date: 2008-04-03


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Drupal Webform Module 5.x

Description:
Some vulnerabilities have been reported in the Webform module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to unspecified parameters is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

Successful exploitation requires that the attacker has valid user credentials.

The vulnerabilities are reported in 5.x versions prior to 5.x-1.10.

Solution:
Update to version 5.x-1.10.

Provided and/or discovered by:
cwgordon7, Drupal security team

Original Advisory:
DRUPAL-SA-2008-024:
http://drupal.org/node/242053

Collapse -
OpenBSD update for OpenSSH
by Marianna Schmudlach / April 3, 2008 1:25 AM PDT

Secunia Advisory: SA29627
Release Date: 2008-04-03


Critical:
Less critical
Impact: Exposure of sensitive information

Where: Local system

Solution Status: Vendor Patch


OS: OpenBSD 4.1
OpenBSD 4.2

Description:
OpenBSD has issued an update for OpenSSH. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.

Solution:
Apply vendor patches.

Original Advisory:
http://www.openbsd.org/errata41.html
http://www.openbsd.org/errata42.html
http://www.openbsd.org/errata43.html

Other References:
SA29522:
http://secunia.com/advisories/29522/

Collapse -
Smart Classified / Photo ADS Cross-Site Scripting Vulnerabil
by Marianna Schmudlach / April 3, 2008 1:26 AM PDT

Secunia Advisory: SA29623
Release Date: 2008-04-03


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Smart Classified ADS
Smart Photo ADS

Description:
Russ McRee has reported some vulnerabilities in Smart Classified ADS and Smart Photo ADS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "AdNum" and "Department" parameters in view.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold.

Solution:
Filter malicious characters and character sequences in a web proxy.

Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Russ McRee

Collapse -
Red Hat update for gnome-screensaver
by Marianna Schmudlach / April 3, 2008 1:28 AM PDT

Secunia Advisory: SA29606
Release Date: 2008-04-03


Critical:
Not critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Description:
Red Hat has issued an update for gnome-screensaver. This fixes a security issue, which can be exploited by malicious people with physical access to bypass certain security restrictions.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0197.html

Other References:
SA29595:
http://secunia.com/advisories/29595/

Collapse -
Ubuntu update for cups
by Marianna Schmudlach / April 3, 2008 1:29 AM PDT

Secunia Advisory: SA29603
Release Date: 2008-04-03


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04
Ubuntu Linux 7.10

Description:
Ubuntu has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubu...urity-announce/2008-April/000688.html

Other References:
SA28994:
http://secunia.com/advisories/28994/

SA29431:
http://secunia.com/advisories/29431/

Collapse -
gnome-screensaver Information Disclosure and Security Bypass
by Marianna Schmudlach / April 3, 2008 1:30 AM PDT

Secunia Advisory: SA29595
Release Date: 2008-04-03


Critical:
Not critical
Impact: Security Bypass
Exposure of sensitive information

Where: Local system

Solution Status: Vendor Patch


Software: GNOME 2.x
gnome-screensaver 2.x

Description:
A weakness and a security issue have been reported in gnome-screensaver, which can be exploited by malicious people with physical access to disclose potentially sensitive information or bypass certain security restrictions.

1) A weakness is caused due to the "Leave message" feature allowing attackers to e.g. paste the contents of the clipboard of the user who's screen is currently locked, which can be exploited to disclose potentially sensitive information.

2) A security issue is caused due to an error if the NIS authentication method is used. This can be exploited to bypass the authentication check and unlock the screen if the NIS server is not reachable.

Solution:
Update to version 2.22.1 or later. Vulnerability #1 is fixed in version 2.21.6 or later.

Provided and/or discovered by:
1) Josh Smith
2) Alan Matsuoka

Original Advisory:
1) https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/146862
2) https://bugzilla.redhat.com/show_bug.cgi?id=435773

Collapse -
SUSE update for Sun Java
by Marianna Schmudlach / April 3, 2008 1:32 AM PDT

Secunia Advisory: SA29582
Release Date: 2008-04-03


Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10.1
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server


Description:
SUSE has issued an update for Sun Java. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, or to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html

Other References:
SA29239:
http://secunia.com/advisories/29239/

Collapse -
Blackboard Academic Suite "searchText" Cross-Site Scripting
by Marianna Schmudlach / April 3, 2008 1:33 AM PDT

Secunia Advisory: SA29543
Release Date: 2008-04-03


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Blackboard Academic Suite 6.x
Blackboard Academic Suite 7.x
Blackboard Academic Suite 8.x
Blackboard Learning and Community Portal Systems 6
Blackboard Learning System 6



Description:
Duong Thanh has reported a vulnerability in Blackboard Academic Suite, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "searchText" parameter in webapps/blackboard/execute/viewCatalog is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in 6.3 versions prior to 6.3.1.683, 7.0 versions prior to 7.0.404.58, 7.1 versions prior to 7.1.467.35, 7.2 versions prior to 7.2.383.45, 7.3 versions prior to 7.3.216.0, and 8.0 versions prior to 8.0.184.0.

Solution:
Update to Blackboard Academic Suite version 6.3.1.683, 7.0.404.58, 7.1.467.35, 7.2.383.45, 7.3.216.0, or 8.0.184.0.

Provided and/or discovered by:
Duong Thanh a.k.a. Knight4vn

Original Advisory:
Blackboard:
http://kb.blackboard.com/display/KB/Security+Vulnerability+in+the+Course+Catalog
http://kb.blackboard.com//x/04NPAQ

Duong Thanh:
http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

Collapse -
VLC Media Player plugs holes
by Marianna Schmudlach / April 3, 2008 1:35 AM PDT

For some time now, there have been several open security holes in VLC Media Player, MPlayer and Xine. The developers of VLC Media Player have now published Version 0.8.6f to close these holes in their product.

The current version eliminates the error in processing manipulated subtitle files that enabled attackers to smuggle in trojans. The vulnerability through which crafted real-time data streams were able to trigger a buffer overflow and execute infiltrated programming code has also been fixed. Version 0.8.6f also closes a hole through which manipulated files encoded with the Cinepak codec trigger a buffer overflow.

A non-security related bugfix is provided for users of the software under Mac OS X. The plug-in for Mozilla now registers some MIME types that VLC can process.

More: http://www.heise-online.co.uk/security/VLC-Media-Player-plugs-holes--/news/110468

Collapse -
Web bugs return using digital certificates
by Marianna Schmudlach / April 3, 2008 1:41 AM PDT

Spammers are once again using web bugs to verify the validity of of email addresses. This time the trick is not done with graphics but with digital certificates. Alexander Klink from German consultants Cynops has discovered a vulnerability in Microsoft products ? or possibly in the Crypto API ? that can be used to verify a victim's email address if they open a crafted email which is signed using S/MIME.

Traditionally, web bugs are small graphic images ? often just one pixel ? inserted into HTML emails which the mail client downloads from a website when you read the email. Spammers use them to verify email addresses, but the FBI has also used them to help put blackmailers behind bars. Web bugs in office documents work in a similar way, tracking access to documents. For security reasons, modern email clients do not automatically download content from external sites and office applications no longer contact servers without asking the user.

More: http://www.heise-online.co.uk/security/Web-bugs-return-using-digital-certificates--/news/110462

Collapse -
Microsoft Releases Advance Notification for April Security B
by Marianna Schmudlach / April 3, 2008 6:31 AM PDT

Microsoft has issued a Security Bulletin Advance Notification indicating that its April release cycle will contain eight bulletins, five of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Office. The release is scheduled for Tuesday, April 8.

US-CERT will provide additional information as it becomes available.


http://www.us-cert.gov/current/current_activity.html#microsoft_releases_advance_notification_for13

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?