Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - august 1, 2008

SUSE update for net-snmp

Secunia Advisory: SA31334
Release Date: 2008-08-01


Critical:
Less critical
Impact: Spoofing
DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
openSUSE 11.0
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x

Description:
SUSE has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious people to spoof authenticated SNMPv3 packets and potentially compromise a vulnerable system.

Solution:
Apply updated packages

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html

Other References:
SA30187:
http://secunia.com/advisories/30187/

SA30574:
http://secunia.com/advisories/30574/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - august 1, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - august 1, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Red Hat update for libxslt

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31331
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0649.html

Other References:
SA31230:
http://secunia.com/advisories/31230/

Collapse -
OpenSC CardOS Improper Initialization Security Issue

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31330
Release Date: 2008-08-01


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: OpenSC 0.x

Description:
A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to the application improperly setting the ADMIN file control information to "00" while initializing smart cards having a Siemens CardOS M4 operating system. This can be exploited to change a user PIN code without having the PIN or PUK if the smart card was initialized with OpenSC.

The security issue is reported in versions prior to 0.11.5.

Solution:
Update to version 0.11.5.

If a CardOS smart card was initialized with a vulnerable OpenSC version (test using "pkcs15-tool -T"), apply a smart card update via the "pkcs15-tool -T -U" command.

Provided and/or discovered by:
The vendor credits Chaskiel M Grundman.

Original Advisory:
http://www.opensc-project.org/security.html

Collapse -
Avaya Communication Manager Perl Regular Expressions Vulnera

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31328
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


Software: Avaya Communication Manager 3.x
Avaya Communication Manager 4.x

Description:
Avaya has acknowledged a vulnerability in Perl in Avaya Communication Manager, which can potentially be exploited by malicious people to compromise a vulnerable system.

The vulnerability is reported in CM 2.x and later.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm

Other References:
SA27546:
http://secunia.com/advisories/27546/

Collapse -
Apple Mac OS X Security Update Fixes Multiple Vulnerabilitie

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31326
Release Date: 2008-08-01


Critical:
Highly critical
Impact: Security Bypass
Spoofing
Privilege escalation
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Apple Macintosh OS X

Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) A vulnerability in BIND can be exploited to poison the DNS cache.

Solution:
Apply Security Update 2008-005.

Security Update 2008-005 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008005serverppc.html

Security Update 2008-005 Server (Intel):
http://www.apple.com/support/downloads/securityupdate2008005serverintel.html

Security Update 2008-005 (PPC):
http://www.apple.com/support/downloads/securityupdate2008005ppc.html

Security Update 2008-005 (Intel):
http://www.apple.com/support/downloads/securityupdate2008005intel.html

Security Update 2008-005 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008005leopard.html

Provided and/or discovered by:
The vendor credits:
1) Dan Kaminsky of IOActive
2) Thomas Raffetseder of the International Secure Systems Lab and Sergio 'shadown' Alvarez of n.runs AG.
3) Michal Zalewski, Google
4) Pariente Kobi, reported via iDefense
7) Anton Rang and Brian Timares

Original Advisory:
Apple:
http://support.apple.com/kb/HT2647

Other References:
SA22130:
http://secunia.com/advisories/22130/

SA27863:
http://secunia.com/advisories/27863/

SA30048:
http://secunia.com/advisories/30048/

SA30973:
http://secunia.com/advisories/30973/

SA30853:
http://secunia.com/advisories/30853/

Collapse -
Apple eliminates DNS server vulnerability under Mac OS X

Apple has released Security Update 2008-005 for Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4 and Mac OS X Server v10.5.4, which, along with other fixes, eliminates the vulnerability of recursive name servers to cache poisoning. BIND is updated to version 9.3.5-P1 under Mac OS X 10.4.11, and to version 9.4.2-P1 under Mac OS X 10.5.4. It has taken Apple more than three weeks from the point at which the official patch was available to issue these BIND updates. Apple didn't even think it necessary to issue a warning to its customers.

Users should now install the update as soon as possible, in order to immunise their servers against the attacks that are already going on. This also applies to those who are vulnerable, but are not yet under active attack. Although, according to ISC, server performance may be degraded by P1, a slow server is better than a vulnerable one. By the end of this week, the ISC will release P2 for BIND, which it hopes will solve the performance problem. It remains to be seen how long Apple will take to deliver it.

http://www.heise-online.co.uk/security/Apple-eliminates-DNS-server-vulnerability-under-Mac-OS-X--/news/111226

Collapse -
MailEnable IMAP Denial of Service Vulnerability

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31325
Release Date: 2008-08-01


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: MailEnable Enterprise Edition 3.x
MailEnable Professional 3.x

Description:
A vulnerability has been reported in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling multiple IMAP connections to the same folders and can be exploited to potentially cause a crash.

The vulnerability is reported in version 3.52 Professional Edition and version 3.52 Enterprise Edition.

Solution:
Apply hotfix (ME-10042).
http://www.mailenable.com/hotfix/ME-10042.EXE

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.mailenable.com/hotfix/

Collapse -
Debian update for cupsys

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31324
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for cupsys. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00210.html

Other References:
SA29431:
http://secunia.com/advisories/29431/

SA29809:
http://secunia.com/advisories/29809/

Collapse -
Red Hat update for nfs-utils

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31322
Release Date: 2008-08-01


Critical:
Less critical
Impact: Security Bypass

Where: From local network

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Description:
Red Hat has issued an update for nfs-utils. This fixes a security issue, which can be exploited by malicious people to potentially bypass certain security restrictions.

The problem is that the nfs-utils package is built without TCP wrappers support, which could result in improper access restrictions being imposed due to the documentation specifying TCP wrappers as a valid security measure.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com/

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0486.html

Collapse -
Red Hat Extras and Supplementary RealPlayer Vulnerability

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31321
Release Date: 2008-08-01


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Red Hat Enterprise Linux Extras v. 3
Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has acknowledged a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is reported in RealPlayer 10.0.9 as shipped in Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.

Solution:
The vendor recommends to no longer use the affected package.

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0812.html

Other References:
SA27620:
http://secunia.com/advisories/27620/

Collapse -
Red Hat update for java-1.5.0-ibm

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31320
Release Date: 2008-08-01


Critical:
Highly critical
Impact: Exposure of sensitive information
DoS
System access
Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0790.html

Other References:
SA31010:
http://secunia.com/advisories/31010/

Collapse -
Novell iManager Property Book Security Bypass

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31333
Release Date: 2008-08-01


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Novell iManager 2.x

Description:
A security issue has been reported in Novell iManager, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to improper checks being performed when granting access to Property Book pages and can be exploited to delete arbitrary Plug-in Studio created Property Book pages.

The security issue is reported in version 2.7. Prior versions may also be affected.

Solution:
Apply iManager 2.7 Support Pack 1.
http://download.novell.com/Download?buildid=25h33XlN_70~

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://support.novell.com/docs/Readme...ment/patchbuilder/readme_5031820.html

Collapse -
CA ARCserve Backup for Laptops and Desktops LGServer Service

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31319
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


Software: CA ARCserve Backup for Laptops & Desktops 11.x

Description:
A vulnerability has been reported in CA ARCserve Backup for Laptops and Desktops, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

Solution:
Apply updates.

CA ARCserve Backup for Laptops and Desktops 11.1, 11.1 SP1, 11.1 SP2:
Upgrade to 11.1 SP2 and apply RO00912.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=RO00912

CA ARCserve Backup for Laptops and Desktops 11.5:
Apply RO00913.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=RO00913

CA Protection Suites 3.0:
Apply RO00912.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=RO00912

CA Protection Suites 3.1:
Apply RO00912.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=RO00912

CA Desktop Management Suite 11.2:
Upgrade to CA Desktop Management Suite 11.2 C1 and apply RO00913.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=RO00913

CA Desktop Management Suite 11.1:
Apply RO01150.
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=RO01150

CA ARCserve Backup for Laptops and Desktops 11.0:
Upgrade to ARCserve Backup for Laptops and Desktops version 11.1 SP2 and apply the latest patches.
QI85497:
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=QI85497

Provided and/or discovered by:
Vulnerability Research Team of Assurent Secure Technologies

Original Advisory:
CA:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721

Assurent (via Full-Disclosure):
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063594.html

Collapse -
MaxDB "dbmsrv" Privilege Escalation Vulnerability

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31318
Release Date: 2008-08-01


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


Software: MaxDB 7.x

Description:
A vulnerability has been reported in MaxDB, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to the "dbmsrv" application improperly checking the "PATH" environment variable when executed via "dbmcli". This can be exploited to execute arbitrary code with "sdb" user privileges and "sdba" group privileges via a specially crafted "PATH".

The vulnerability is reported in version 7.6.03.15 on Linux. Other versions may also be affected.

Solution:
The vendor has released a new version that fixes the vulnerability. Consult SAP Note 1178438 for more information.

Provided and/or discovered by:
anonymous researcher, reported via iDefense

Original Advisory:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729

Collapse -
Gentoo update for vlc

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31317
Release Date: 2008-08-01


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

Solution:
Update to "media-video/vlc-0.8.6i" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200807-13.xml

Other References:
SA29878:
http://secunia.com/advisories/29878/

Collapse -
Gentoo update for audit

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31316
Release Date: 2008-08-01


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for audit. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges.

Solution:
Update to "sys-process/audit-1.7.3" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200807-14.xml

Other References:
SA29617:
http://secunia.com/advisories/29617/

Collapse -
Gentoo update for pan

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31315
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for pan. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the PartsBatch class when processing certain NZB files. This may be exploited to cause a buffer overflow and execute arbitrary code by e.g. tricking a user into opening a specially crafted NZB file.

Solution:
Update to "net-nntp/pan-0.132-r3" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200807-15.xml

Collapse -
F-PROT Antivirus File Scanning Denial of Service

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31313
Release Date: 2008-08-01


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Unpatched


Software: F-PROT Antivirus for Linux 6.x

Description:
Knud Erik H

Collapse -
Debian update for libxslt

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31310
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00209.html

Other References:
SA31230:
http://secunia.com/advisories/31230/

Collapse -
SUSE update for MozillaFirefox

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31306
Release Date: 2008-08-01


Critical:
Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.

Solution:
Updates are available via the SuSE Linux Maintenance Web.
http://support.novell.com/techcenter/psdb/8bfc1676fcec027a90fa59b4d99cefda.html

Original Advisory:
http://www.novell.com/support/search....foDocument-patchbuilder-readme5031400

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA31120:
http://secunia.com/advisories/31120/

Collapse -
phpMyRealty "location" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31302
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: phpMyRealty 2.x

Description:
CraCkEr has reported a vulnerability in phpMyRealty (PMR), which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "location" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and password hashes.

The vulnerability is reported in version 2.0.0. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
CraCkEr

Original Advisory:
http://milw0rm.com/exploits/6180

Collapse -
LetterIt "language" Local File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31298
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: LetterIt 2.x

Description:
NoGe has discovered a vulnerability in LetterIt, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "language" parameter in inc/wysiwyg.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version "V2 070726". Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
NoGe

Original Advisory:
http://milw0rm.com/exploits/6179

Collapse -
Coppermine Photo Gallery "lang" Local File Inclusion

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31295
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Coppermine Photo Gallery 1.x

Description:
EgiX has discovered a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious people to disclose sensitive information.

Input passed in the "lang" part encoded in the "data" cookie is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and NULL bytes.

Successful exploitation requires that "Character encoding" is set to "Unicode (recommended) (utf-8)", which is the default value.

The vulnerability is confirmed in version 1.4.18. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Set "Character encoding" to another value than "Unicode".

Provided and/or discovered by:
EgiX

Original Advisory:
http://milw0rm.com/exploits/6178

Collapse -
Debian update for dnsmasq

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31237
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for dnsmasq. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

Original Advisory:
http://www.debian.org/security/2008/dsa-1623

Other References:
SA31197:
http://secunia.com/advisories/31197/

Collapse -
libxslt "crypto:rc4_encrypt" and "crypto:rc4_decrypt" Buffer

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Secunia Advisory: SA31230
Release Date: 2008-08-01


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Workaround


Software: libxslt 1.x

Description:
Chris Evans has reported some vulnerabilities in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

The vulnerabilities are caused due to boundary errors within crypto.c when handling the XSLT "crypto:rc4_encrypt" and "crypto:rc4_decrypt" functions. This can be exploited to cause a heap-based buffer overflow via a specially crafted stylesheet.

The vulnerability is reported in version 1.1.24. Other versions may also be affected.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
Chris Evans, Google Security Team

Changelog:
2008-08-01: Added link to oCERT.

Original Advisory:
http://scary.beasts.org/security/CESA-2008-003.html

Other References:
oCERT:
http://www.ocert.org/advisories/ocert-2008-009.html

Collapse -
Hewlett-Packard OVIS Probe Builder Arbitrary Process Termina

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability

Summary
Hewlett-Packard's Internet Services provides "end-user emulation of major business applications and a single integrated view of the Internet infrastructure". Remote exploitation of a denial of service vulnerability in Hewlett-Packard's Internet Services Probe Builder product allows an unauthenticated attacker the ability to terminate any process.

Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728


http://www.securiteam.com/windowsntfocus/5JP020AP5A.html

Collapse -
SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Summary
SAP's MaxDB is "a database software product". MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The "dbmsrv" program is set-uid "sdb", set-gid "sdba", and installed by default. Local exploitation of an untrusted path vulnerability in the "dbmsrv" program, as distributed with SAP AG's MaxDB, allow attackers to elevate privileges to that of the "sdb" user.

Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729

http://www.securiteam.com/unixfocus/5IP010AP5M.html

Collapse -
Kaspersky Mobile Security wipes data from lost mobiles

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Version 7.0 of Kaspersky's Mobile Security incorporates a function to wipe a lost or stolen mobile phone. If the original SIM card stays in the phone, the legal owner can send a prearranged text message by SMS, to block the phone until the correct password is input. Alternatively, he can remotely delete all the data held on it. The software also allows coupling the SIM card with the data stored on the phone. Once this is done, if a different SIM card is inserted, the contacts, appointments and documents stored on the mobile phone are locked and can no longer be accessed. Kaspersky says that optionally, when the new card is inserted, the original owner can have an SMS sent to a specified number telling him the new number that has been assigned to the phone.

A finder or thief can of course completely reset the phone, thus removing the software, but that also means wiping all the data from it.

http://www.heise-online.co.uk/security/Kaspersky-Mobile-Security-wipes-data-from-lost-mobiles--/news/111225

Collapse -
Microsoft Security Advisory Notification - August 1, 2008

In reply to: VULNERABILITIES \ FIXES - august 1, 2008

Title: Microsoft Security Advisory Notification
Issued: August 1, 2008
***********************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (954960)
- Title: Microsoft Windows Server Update Services
(WSUS) Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
- Revision Note: August 1, 2008: Added Frequently Asked
Questions entry to communicate re-release of the update to
fix known installation issue with Windows Server 2008
systems.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.