Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - April 4, 2008

Webwasher URL Processing Denial of Service Vulnerability

Secunia Advisory: SA29674
Release Date: 2008-04-04


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


Software: Webwasher 6.x
Webwasher CSM Suite 5.x
WebWasher EE
WebWasher PG

Description:
A vulnerability has been reported in Webwasher, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the processing of URLs when running on newer Linux system. This can be exploited to freeze the service via a specially crafted URL.

The vulnerability is reported in the following products:
* Webwasher appliances 6.x (CGLinux 4 or 5) prior to build number 3150
* Webwasher software versions prior to versions 6.6.3 build 3150 or 5.3.0 build 3159 running on:
- RedHat Enterprise Linux 4
- Debian Linux 4
- SLES 10

Solution:
Update to versions 6.6.3 build 3150 or 5.3.0 build 3159:
https://extranet.webwasher.com/download/csm/index.html

Provided and/or discovered by:
The vendor credits National Australia Bank Security Assurance.

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - April 4, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - April 4, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Cisco Unified Communications Disaster Recovery Framework Co

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Cisco Unified Communications Disaster Recovery Framework Command Execution


Secunia Advisory: SA29670
Release Date: 2008-04-04


Critical:
Moderately critical
Impact: Security Bypass
System access

Where: From local network

Solution Status: Vendor Patch


Software: Cisco Emergency Responder 2.x
Cisco Unified Communications Manager 5.x
Cisco Unified Communications Manager 6.x
Cisco Unified Presence 6.x

Description:
A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the Disaster Recovery Framework (DRF) Master not performing authentication on requests received over the network. This can be exploited to perform any DRF-related tasks via the DRF Master service (port 4040/TCP).

Successful exploitation allows execution of arbitrary commands.

The vulnerability affects the following products and versions:
* Cisco Unified Communications Manager (CUCM) 5.x and 6.x
* Cisco Unified Communications Manager Business Edition
* Cisco Unified Precense 1.x and 6.x
* Cisco Emergency Responder 2.x
* Cisco Mobility Manager 2.x

Solution:
The vendor has issued updates (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits VoIPshield Systems.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml

Collapse -
Orbit Downloader URL Processing Buffer Overflow Vulnerabilit

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29669
Release Date: 2008-04-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Orbit Downloader 2.x

Description:
Diego Juarez has reported a vulnerability in Orbit Downloader, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when converting processed URLs from ASCII to Unicode encoding. This can be exploited to cause a stack-based buffer overflow via an invalid URL longer than 4096 bytes.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.6.3 and 2.6.4. Prior versions may also be affected.

Solution:
Update to version 2.6.5.

Provided and/or discovered by:
Diego Juarez, Core Security Technologies

Original Advisory:
http://www.coresecurity.com/?action=item&id=2211

Collapse -
CA Products Alert Notification Server Multiple Vulnerabiliti

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29665
Release Date: 2008-04-04


Critical:
Less critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


Software: BrightStor ARCserve Backup 11.x
BrightStor ARCserve Backup 11.x (for Microsoft SQL Server)
BrightStor ARCserve Backup 11.x (for Open Files)
BrightStor ARCserve Backup 11.x (for Oracle)
BrightStor ARCserve Backup 11.x (for Windows)
CA Anti-Virus for the Enterprise 8.x
CA Threat Manager 8.x
eTrust Antivirus 7.x

Description:
Some vulnerabilities have been reported in various CA products, which can be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors within multiple procedures in the CA Alert Notification Server service, which can be exploited to cause buffer overflows.

Successful exploitation allows execution of arbitrary code, but requires valid user credentials.

Solution:
Apply updates.

CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the Enterprise r8:
Apply QO96079.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=QO96079

CA Threat Manager for the Enterprise r8:
Apply QO96387.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=QO96387

CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the Enterprise r8.1:
Apply QO96080.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=QO96080

BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1:
Apply QO96079.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=QO96079

BrightStor ARCserve Backup r11.0:
Upgrade to 11.1 and apply the latest patches.

Provided and/or discovered by:
The vendor credits an anonymous researcher working with iDefense VCP.

Original Advisory:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103
http://community.ca.com/blogs/casecur...-server-multiple-vulnerabilities.aspx

Collapse -
CA BrightStor ARCserve Backup Vulnerabilities

added April 4, 2008 at 11:36 am

CA has released updates to address multiple vulnerabilities in BrightStor ARCserve Backup and other CA products. These vulnerabilities are due to boundary errors within the CA Alert Notification Server service. These vulnerabilities may allow a local attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the CA Security Notice for Alert Notification Server for a complete list of affected products and apply any necessary updates.

http://www.us-cert.gov/current/current_activity.html#ca_brightstor_arcserve_backup_vulnerabilities1

Collapse -
Novell Kerberos KDC Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29663
Release Date: 2008-04-04


Critical:
Highly critical
Impact: Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Novell Kerberos KDC 1.x



Description:
Novell has acknowledged some vulnerabilities in Novell Kerberos KDC, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

Solution:
Apply patches.

Original Advisory:
http://support.novell.com/docs/Readme...ment/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readme...ment/patchbuilder/readme_5022542.html

Other References:
SA29428:
http://secunia.com/advisories/29428/

Collapse -
SCO UnixWare "pkgadd" Directory Traversal Privilege Escalati

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29657
Release Date: 2008-04-04


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: UnixWare 7.x.x

Description:
A vulnerability has been reported in SCO UnixWare, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to the "pkgadd" command not properly filtering a certain environment variable. This can be exploited to add user accounts or gain escalated privileges by overwriting system files via directory traversal sequences (e.g. "../").

Solution:
Apply patches.
http://www.sco.com/support/update/download/release.php?rid=324

Provided and/or discovered by:
Discovered by an anonymous person and reported via iDefense Labs.

Changelog:
2008-04-04: Added reference to related SA29370.

Original Advisory:
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676

SCO:
http://www.sco.com/support/update/download/release.php?rid=324

Other References:
SA29370:
http://secunia.com/advisories/29370/

Collapse -
Nuke ET "mensaje" Script Insertion Vulnerability

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29651
Release Date: 2008-04-04


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Nuke ET 3.x



Description:
mrzayas.es has discovered a vulnerability in Nuke ET, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to the "mensaje" parameter when sending private messages is not properly sanitised before being stored. This can be exploited to insert <div> HTML elements with JavaScript code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

Successful exploitation requires that both the attacker and the victim have valid user credentials, and that the victim uses e.g. Internet Explorer.

The vulnerability is confirmed in version 3.4 and reported in version 3.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
mrzayas.es

Original Advisory:
http://www.mrzayas.es/2008/04/04/xploitnukeet3/

Collapse -
ManageEngine Firewall Analyzer "displayName" Cross-Site Scri

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

ManageEngine Firewall Analyzer "displayName" Cross-Site Scripting

Secunia Advisory: SA29632
Release Date: 2008-04-04


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: ManageEngine Firewall Analyzer 4.x

Description:
Jason Rhodes has reported a vulnerability in ManageEngine Firewall Analyzer, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "displayName" parameter in mindex.do is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the target user is logged in to the application.

The vulnerability is reported in version 4.0.3. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a web proxy.

The vendor will reportedly fix this in the next release.

Provided and/or discovered by:
Jason Rhodes

Collapse -
Borland CaliberRM StarTeam Multicast Service Buffer Overflow

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29631
Release Date: 2008-04-04


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Unpatched


Software: Borland CaliberRM 2006
Borland CaliberRM 2008

Description:
A vulnerability has been reported in Borland CaliberRM, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within "PGMWebHandler::parse_request()" in the StarTeam Multicast Service component (STMulticastService). This can be exploited to cause a stack-based buffer overflow via an overly long HTTP request sent to default port 3057/TCP.

Successful exploitation allows execution of arbitrary code but requires that the StarTeam Multicast service is installed by enabling MPX Events and StarTeam Message Broker options during installation.

The vulnerability is reported in Borland CaliberRM 2006 and 2008. Other versions and products using the affected component may also be affected.

Solution:
Restrict network access to the service.

Affected users can also disable the listening port.
http://support.borland.com/kbshow.php?q=29083

Provided and/or discovered by:
Discovered by an anonymous researcher and reported via iDefense Labs.

Original Advisory:
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=675

Collapse -
Red Hat update for thunderbird

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29607
Release Date: 2008-04-04


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux Desktop (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0209.html

Other References:
SA29526:
http://secunia.com/advisories/29526/

SA29548:
http://secunia.com/advisories/29548/

Collapse -
e-Classifieds Corporate Edition "db" Cross-Site Scripting

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29673
Release Date: 2008-04-04


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: e-Classifieds Corporate Edition

Description:
Russ McRee has reported a vulnerability in e-Classifieds, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "db" parameter in hsx/classifieds.hsx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in the Corporate Edition.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Russ McRee

Collapse -
SUSE update for MozillaFirefox

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29645
Release Date: 2008-04-04


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10.1
SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

Other References:
SA29526:
http://secunia.com/advisories/29526/

Collapse -
Debian update for xpdf

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29604
Release Date: 2008-04-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid


Description:
Debian has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to compromse a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00107.html

Other References:
SA27260:
http://secunia.com/advisories/27260/

Collapse -
Red Hat update for java-1.5.0-ibm

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Secunia Advisory: SA29498
Release Date: 2008-04-04


Critical:
Highly critical
Impact: System access
DoS
Manipulation of data
Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)



Description:
Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, or to compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0210.html

Other References:
SA28795:
http://secunia.com/advisories/28795/

SA29293:
http://secunia.com/advisories/29239/

Collapse -
Symantec closes hole in consumer products

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Symantec has issued a security update for its consumer products to close two critical holes in an ActiveX control (SYMADATA.DLL). Security services provider iDefense reports that a buffer overflow in the AutoFix tool, intended for remote support, enables malicious code to be injected and executed in the context of the user's browser. All it needs is a visit to a crafted Web site.

Symantec has taken some security precautions in the control in order to prevent this attack: the control only runs on pages in the symantec.com domain. A successful attack would also have to exploit a cross-site scripting hole, or manipulate the client PC's name resolution ? both iDefense and Symantec classify the problem as non-critical. A second hole enables the downloading of code from a remote share.

More: http://www.heise-online.co.uk/security/Symantec-closes-hole-in-consumer-products--/news/110476

Collapse -
Eight security updates for Microsoft April patch day

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

Microsoft has announced eight Security Bulletins for the coming patch day ? Tuesday, 8 April. Five of the security updates close critical holes. These, according to the Advance Notification, are for Project, Windows, VBScript and Internet Explorer versions 5, 6 and 7. According to the report, all five holes make it possible for code to be injected and executed.

Three security updates are intended to eliminate less critical vulnerabilities in Windows and Visio. Windows Server 2008, which has been available since February, is in the list of affected operating systems for the first time, with two critical errors. As always, there will also be an updated version of the Malicious Software Removal Tool

http://www.heise-online.co.uk/security/Eight-security-updates-for-Microsoft-April-patch-day--/news/110474

Collapse -
RealPlayer Update Released

In reply to: VULNERABILITIES \ FIXES - April 4, 2008

added April 4, 2008 at 02:35 pm

RealPlayer has released an update to address an ActiveX vulnerability. This vulnerability is due to improper handling of multiple properties of the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. At this time, US-CERT has seen reports of active exploitation of this vulnerability.

US-CERT encourages users to do the following to help mitigate the risk:


Update RealPlayer to protect against known attack vectors.

Review US-CERT Vulnerability Note VU#831457 for more information and workarounds.
Review the Securing Your Web Browser document and disable ActiveX controls.
US-CERT will provide more information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#realplayer_version_11_0_2

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.