Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - August 15, 2007

by Marianna Schmudlach / August 15, 2007 12:07 AM PDT

IBM Access Support ActiveX Control Code Execution and Security Bypass Issues

Advisory ID : FrSIRT/ADV-2007-2882
CVE ID : CVE-2007-2240 - CVE-2007-2928 - CVE-2007-2929
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-15
Technical Description

Multiple vulnerabilities have been identified in IBM and Lenovo Access Support acpRunner ActiveX control, which could be exploited by remote attackers to take complete control of an affected system.

The first issue is caused by an error in the "AcpController.dll" control that fails to restrict access to its methods, which could be exploited to execute arbitrary code via a specially crafted web page.

The second vulnerability is caused by a format string error in the "AcpController.dll" control, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

The third issue is caused by an error in the "AcpController.dll" control that fails to validate digital signatures of downloaded software packages, which could be exploited to execute arbitrary code via a specially crafted web page.

Other security issues have also been reported in the "acpir.dll" library.

Affected Products

IBM "acpcontroller.dll" ActiveX Control versions prior to 1.2.8.0
IBM "acpir.dll" ActiveX Control versions prior to 1.0.0.9

Solution

Apply patch (Automated Solutions fix pack 1) :
http://www-307.ibm.com/pc/support/site.wss/license.do?filename=mobiles/automatedsolutionsfp1.exe

References

http://www.frsirt.com/english/advisories/2007/2882
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
http://www.kb.cert.org/vuls/id/426737
http://www.kb.cert.org/vuls/id/599657
http://www.kb.cert.org/vuls/id/570705

Credits

Vulnerabilities reported by Will Dormann (CERT/CC) and Karl Lynn (Juniper Networks).

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - August 15, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - August 15, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Apache Tomcat Host Manager Servlet "aliases" Cross Site Scri
by Marianna Schmudlach / August 15, 2007 12:08 AM PDT

Apache Tomcat Host Manager Servlet "aliases" Cross Site Scripting Vulnerability

Advisory ID : FrSIRT/ADV-2007-2880
CVE ID : CVE-2007-3386
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

A vulnerability has been identified in Apache Tomcat, which could be exploited by malicious users to execute arbitrary scripting code. This issue is caused by an input validation error in the "host-manager/html/add" script within the Host Manager Servlet when processing the "aliases" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected Products

Apache Tomcat versions 6.0.0 through 6.0.13
Apache Tomcat versions 5.5.0 through 5.5.24

Solution

Upgrade to Apache Tomcat version 6.0.14 :
http://tomcat.apache.org/index.html

References

http://www.frsirt.com/english/advisories/2007/2880
http://tomcat.apache.org/security-6.html
http://jvn.jp/jp/JVN%2359851336/index.html

Credits

Vulnerability reported by NTT OSS CENTER.

Collapse -
Motive ActiveUtils EmailData ActiveX Control Command Executi
by Marianna Schmudlach / August 15, 2007 12:09 AM PDT

Motive ActiveUtils EmailData ActiveX Control Command Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2881
CVE ID : CVE-2007-0319
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

Multiple vulnerabilities have been identified in Motive Service Activation Manager and Self Service Manager, which could be exploited by remote attackers to take complete control of an affected system. These issues are caused by buffer overflow errors in the ActiveUtils EmailData (ActiveUtils.dll) ActiveX control when processing malformed data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected Products

Motive Service Activation Manager version 5.1 and prior
Motive Self Service Manager version 5.1 and prior

Solution

Apply patches :
http://www.motive.com/securitybulletin_08122007.asp

References

http://www.frsirt.com/english/advisories/2007/2881
http://www.motive.com/securitybulletin_08122007.asp
http://www.kb.cert.org/vuls/id/747233

Credits

Vulnerabilities reported by Will Dormann (CERT/CC).

Collapse -
a2x for XChat id3 Tag Input Validation Error
by Marianna Schmudlach / August 15, 2007 12:17 AM PDT

TITLE:
a2x for XChat id3 Tag Input Validation Error

SECUNIA ADVISORY ID:
SA26487

VERIFY ADVISORY:
http://secunia.com/advisories/26487/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
a2x for XChat 0.x
http://secunia.com/product/15321/

DESCRIPTION:
Wouter Coekaerts has reported a vulnerability in a2x, which can be
exploited by malicious people to bypass certain security
restrictions.

The vulnerability is caused due to a2x not correctly filtering id3
tags before sending them to XChat. This can be exploited to e.g. send
arbitrary commands to a server by tricking a user into playing and
announcing a specially crafted MP3 file.

The vulnerability is reported in version 0.0.1. Other versions may
also be affected.

SOLUTION:
Do not play and announce untrusted audio files. Use another product.

PROVIDED AND/OR DISCOVERED BY:
Wouter Coekaerts

ORIGINAL ADVISORY:
http://wouter.coekaerts.be/site/security/nowplaying

Collapse -
Opera JavaScript Invalid Pointer Vulnerability
by Marianna Schmudlach / August 15, 2007 12:18 AM PDT

TITLE:
Opera JavaScript Invalid Pointer Vulnerability

SECUNIA ADVISORY ID:
SA26477

VERIFY ADVISORY:
http://secunia.com/advisories/26477/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Opera 9.x
http://secunia.com/product/10615/

DESCRIPTION:
A vulnerability has been reported in Opera, which potentially can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error when
processing JavaScript code and can result in a virtual function call
using an invalid pointer. This can be exploited to execute arbitrary
code by e.g. tricking a user into visiting a malicious website.

The vulnerability is reported in versions prior to 9.23.

SOLUTION:
Update to version 9.23.
http://www.opera.com/download/

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.opera.com/support/search/view/865/

Collapse -
xchat-xmms for XChat id3 Tag Input Validation Error
by Marianna Schmudlach / August 15, 2007 12:19 AM PDT

TITLE:
xchat-xmms for XChat id3 Tag Input Validation Error

SECUNIA ADVISORY ID:
SA26455

VERIFY ADVISORY:
http://secunia.com/advisories/26455/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
xchat-xmms for XChat 0.x
http://secunia.com/product/15315/

DESCRIPTION:
Wouter Coekaerts has reported a vulnerability in xchat-xmms, which
can be exploited by malicious people to bypass certain security
restrictions.

The vulnerability is caused due to xchat-xmms not correctly filtering
id3 tags before sending them to XChat. This can be exploited to e.g.
send arbitrary commands to a server by tricking a user into playing
and announcing a specially crafted MP3 file.

The vulnerability is reported in version 0.81. Other versions may
also be affected.

SOLUTION:
Do not play and announce untrusted audio files. Use another product.

PROVIDED AND/OR DISCOVERED BY:
Wouter Coekaerts

ORIGINAL ADVISORY:
http://wouter.coekaerts.be/site/security/nowplaying

Collapse -
XMMS-Control for XChat id3 Tag Input Validation Error
by Marianna Schmudlach / August 15, 2007 12:20 AM PDT

TITLE:
XMMS-Control for XChat id3 Tag Input Validation Error

SECUNIA ADVISORY ID:
SA26454

VERIFY ADVISORY:
http://secunia.com/advisories/26454/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
XMMS-Control for XChat 0.x
http://secunia.com/product/15314/

DESCRIPTION:
Wouter Coekaerts has reported a vulnerability in XMMS-Control, which
can be exploited by malicious people to bypass certain security
restrictions.

The vulnerability is caused due to XMMS-Control not correctly
filtering id3 tags before sending them to XChat. This can be
exploited to e.g. send arbitrary commands to a server by tricking a
user into playing and announcing a specially crafted MP3 file.

The vulnerability is reported in version 0.33. Other versions may
also be affected.

SOLUTION:
Do not play and announce untrusted audio files. Use another product.

PROVIDED AND/OR DISCOVERED BY:
Wouter Coekaerts

ORIGINAL ADVISORY:
http://wouter.coekaerts.be/site/security/nowplaying

Collapse -
SurgeMail "SEARCH" Command Buffer Overflow
by Marianna Schmudlach / August 15, 2007 12:21 AM PDT

TITLE:
SurgeMail "SEARCH" Command Buffer Overflow

SECUNIA ADVISORY ID:
SA26464

VERIFY ADVISORY:
http://secunia.com/advisories/26464/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
SurgeMail 3.x
http://secunia.com/product/4823/

DESCRIPTION:
Joey Mengele has discovered a vulnerability in SurgeMail, which can
be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the processing
of the IMAP "SEARCH" command. This can be exploited to cause a
stack-based buffer overflow by sending a "SEARCH" command with an
overly long argument.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 38k. Other versions may
also be affected.

SOLUTION:
Grant only trusted users access to the SurgeMail IMAP server.

PROVIDED AND/OR DISCOVERED BY:
Joey Mengele.

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/4287

Collapse -
AMD Catalyst Software Suite DSM Dynamic Driver Vista Kernel
by Marianna Schmudlach / August 15, 2007 12:23 AM PDT

TITLE:
AMD Catalyst Software Suite DSM Dynamic Driver Vista Kernel
Protection Bypass

SECUNIA ADVISORY ID:
SA26448

VERIFY ADVISORY:
http://secunia.com/advisories/26448/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
Local system

OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/product/13223/

SOFTWARE:
AMD Catalyst Software Suite 7.x
http://secunia.com/product/15311/

DESCRIPTION:
A weakness has been reported in AMD Catalyst Software Suite, which
can be exploited by malicious, local users to bypass certain security
restrictions.

The weakness is caused due to an input validation error within the
digitally signed ATI DSM Dynamic Driver (atdcm64a.sys). This can be
exploited to e.g. load arbitrary unsigned drivers on Windows Vista.

The weakness is reported in atdcm64a.sys version 3.0.502.0 included
in the AMD Catalyst Software Suite. Other versions may also be
affected.

SOLUTION:
Update to AMD Catalyst Software Suite version 7.8.
http://ati.amd.com/support/drivers/vista32/common-vista32.html

PROVIDED AND/OR DISCOVERED BY:
Joanna Rutkowska and Alexander Tereshkin, Invisible Things Lab

ORIGINAL ADVISORY:
Invisible Things Lab:
http://bluepillproject.org/stuff/IsGameOver.ppt

Collapse -
Motive Communications ActiveUtils EmailData ActiveX Buffer O
by Marianna Schmudlach / August 15, 2007 12:24 AM PDT

TITLE:
Motive Communications ActiveUtils EmailData ActiveX Buffer Overflow
Vulnerabilities

SECUNIA ADVISORY ID:
SA26481

VERIFY ADVISORY:
http://secunia.com/advisories/26481/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Motive Service Activation Manager 5.x
http://secunia.com/product/15308/
Motive Service Activation Manager 4.x
http://secunia.com/product/15307/
Motive Self Service Manager 4.x
http://secunia.com/product/15312/
Motive Self Service Manager 5.x
http://secunia.com/product/15313/

DESCRIPTION:
Will Dormann has reported some vulnerabilities in the Motive
Communications ActiveUtils EmailData ActiveX control, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerabilities are caused due to unspecified errors within the
ActiveEmailTest.EmailData (ActiveUtils.dll) ActiveX control, which
can be exploited to cause stack-based buffer overflows by e.g.
tricking a user into visiting a malicious website.

The vulnerabilities are reported in version 5.1 and prior.

SOLUTION:
Reportedly, automatic updates have been released to all corporate
customers and this is also fixed via MS07-045 (Cumulative Security
Update for Microsoft Internet Explorer).
http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx

Set the kill-bit for the affected ActiveX control.

PROVIDED AND/OR DISCOVERED BY:
Will Dormann, CERT/CC.

ORIGINAL ADVISORY:
Motive Security Bulletin:
http://www.motive.com/securitybulletin_08122007.asp

US-CERT VU#747233:
http://www.kb.cert.org/vuls/id/747233

Collapse -
SUSE update for open-iscsi
by Marianna Schmudlach / August 15, 2007 12:25 AM PDT

TITLE:
SUSE update for open-iscsi

SECUNIA ADVISORY ID:
SA26438

VERIFY ADVISORY:
http://secunia.com/advisories/26438/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
Local system

OPERATING SYSTEM:
SUSE Linux Enterprise Server 10
http://secunia.com/product/12192/

DESCRIPTION:
SUSE has issued an update for open-iscsi. This fixes some security
issues, which can be exploited by malicious, local users to cause a
DoS (Denial of Service),

1) Permissions of users connecting to the local AF_LOCAL management
socket are incorrectly checked, which can be exploited to perform
certain operations that may cause a DoS.

2) The logging mechanism creates a semaphore with insecure
permissions. This can be exploited to cause a DoS by modifying the
semaphore.

SOLUTION:
Apply patches.
http://support.novell.com/linux/psdb/sources.html

ORIGINAL ADVISORY:
http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html

Collapse -
IBM / Lenovo Access Support acpRunner ActiveX Multiple Vulne
by Marianna Schmudlach / August 15, 2007 12:27 AM PDT

TITLE:
IBM / Lenovo Access Support acpRunner ActiveX Multiple
Vulnerabilities

SECUNIA ADVISORY ID:
SA26482

VERIFY ADVISORY:
http://secunia.com/advisories/26482/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
IBM Access Support ActiveX Control (acpRunner) 1.x
http://secunia.com/product/3584/

DESCRIPTION:
Will Dormann has reported multiple vulnerabilities in the acpRunner
ActiveX control, which can be exploited by malicious people to
compromise a user's system.

1) An unspecified format string error exists within the acpRunner
(AcpController.dll) ActiveX control.

2) The acpRunner (AcpController.dll) ActiveX control does not
properly verify the signature of downloaded packages.

3) The acpRunner (AcpController.dll) ActiveX control does not
restrict potentially dangerous operations to certain domains.

The vulnerabilities can potentially be exploited to execute arbitrary
code by e.g. tricking a user into visiting a malicious website.

SOLUTION:
Apply Automated Solutions Fix Pack 1:
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649

PROVIDED AND/OR DISCOVERED BY:
Will Dormann, CERT/CC.

ORIGINAL ADVISORY:
IBM / Lenovo:
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649

US-CERT VU#426737:
http://www.kb.cert.org/vuls/id/426737

US-CERT VU#599657:
http://www.kb.cert.org/vuls/id/599657

US-CERT VU#570705:
http://www.kb.cert.org/vuls/id/570705

Collapse -
rPath update for openoffice.org
by Marianna Schmudlach / August 15, 2007 12:28 AM PDT

TITLE:
rPath update for openoffice.org

SECUNIA ADVISORY ID:
SA26476

VERIFY ADVISORY:
http://secunia.com/advisories/26476/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
rPath Linux 1.x
http://secunia.com/product/10614/

DESCRIPTION:
rPath has issued an update for openoffice.org. This fixes a
vulnerability, which can potentially be exploited by malicious people
to compromise a user's system.

For more information:
SA25648

SOLUTION:
Update to "openoffice.org=/conary.rpath.com@rpl:devel//1/2.2-0.2-1".

ORIGINAL ADVISORY:
http://lists.rpath.com/pipermail/security-announce/2007-August/000225.html

OTHER REFERENCES:
SA25648:
http://secunia.com/advisories/25648/

Collapse -
Zoidcom Packet Handling Double Free Vulnerability
by Marianna Schmudlach / August 15, 2007 12:29 AM PDT

TITLE:
Zoidcom Packet Handling Double Free Vulnerability

SECUNIA ADVISORY ID:
SA26451

VERIFY ADVISORY:
http://secunia.com/advisories/26451/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Zoidcom 0.x
http://secunia.com/product/15305/

DESCRIPTION:
Luigi Auriemma has discovered a vulnerability in Zoidcom, which can
be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the incorrect processing of
malformed packets within the "ZCom_processInput()" function. This can
be exploited to trigger a double free error by sending specially
crafted packets to an application using the "ZCom_processInput()"
function of the library.

The vulnerability is confirmed in version 0.6.7. Other versions may
also be affected.

SOLUTION:
Deny access from untrusted sources to applications linked against the
Zoidcom library.

The vulnerability will reportedly be fixed in version 0.6.8.

PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma

ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/zoidboom2-adv.txt

Collapse -
Gentoo update for Mozilla Products
by Marianna Schmudlach / August 15, 2007 12:31 AM PDT

TITLE:
Gentoo update for Mozilla Products

SECUNIA ADVISORY ID:
SA26460

VERIFY ADVISORY:
http://secunia.com/advisories/26460/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for Mozilla Products. This fixes some
vulnerabilities, which can be exploited by malicious people to
disclose potentially sensitive information, conduct spoofing and
cross-site scripting attacks, and potentially compromise a user's
system.

For more information:
SA25984
SA26095
SA26288

SOLUTION:
Update to the latest versions:

"www-client/mozilla-firefox-2.0.0.6" or later
"www-client/mozilla-firefox-bin-2.0.0.6" or later
"mail-client/mozilla-thunderbird-2.0.0.6" or later
"mail-client/mozilla-thunderbird-bin-2.0.0.6" or later
"www-client/seamonkey-1.1.4" or later
"www-client/seamonkey-bin-1.1.4" or later
"net-libs/xulrunner-1.8.1.6" or later

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml

OTHER REFERENCES:
SA25984:
http://secunia.com/advisories/25984/

SA26095:
http://secunia.com/advisories/26095/

SA26288:
http://secunia.com/advisories/26288/

Collapse -
PHPCentral Poll "_SERVER[DOCUMENT_ROOT]" File Inclusion
by Marianna Schmudlach / August 15, 2007 12:32 AM PDT

TITLE:
PHPCentral Poll "_SERVER[DOCUMENT_ROOT]" File Inclusion

SECUNIA ADVISORY ID:
SA26434

VERIFY ADVISORY:
http://secunia.com/advisories/26434/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

REVISION:
1.1 originally posted 2007-08-15

SOFTWARE:
PHPCentral Poll
http://secunia.com/product/15267/

DESCRIPTION:
Rizgar has discovered a vulnerability in PHPCentral Poll, which can
be exploited by malicious people to compromise a vulnerable system.

An incorrect use of the "extract()" function in functions.php can be
exploited to overwrite certain server set variables. This can further
be exploited to include arbitrary files from local or external
resources e.g. via the "_SERVER[DOCUMENT_ROOT]" parameter in poll.php
and pollarchive.php.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Rizgar

Collapse -
Mandriva update for tetex
by Marianna Schmudlach / August 15, 2007 12:34 AM PDT

TITLE:
Mandriva update for tetex

SECUNIA ADVISORY ID:
SA26467

VERIFY ADVISORY:
http://secunia.com/advisories/26467/

CRITICAL:
Moderately critical

IMPACT:
Unknown, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/

DESCRIPTION:
Mandriva has issued an update for tetex. This fixes some
vulnerabilities, where some have unknown impact and others can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a user's system.

For more information:
SA25855
SA26293

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164

OTHER REFERENCES:
SA25855:
http://secunia.com/advisories/25855/

SA26293:
http://secunia.com/advisories/26293/

Collapse -
rPath update for dovecot
by Marianna Schmudlach / August 15, 2007 12:37 AM PDT

TITLE:
rPath update for dovecot

SECUNIA ADVISORY ID:
SA26475

VERIFY ADVISORY:
http://secunia.com/advisories/26475/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
From remote

OPERATING SYSTEM:
rPath Linux 1.x
http://secunia.com/product/10614/

DESCRIPTION:
rPath has issued an update for dovecot. This fixes a weakness, which
can be exploited by malicious users to bypass certain security
restrictions.

For more information:
SA26320

SOLUTION:
Update to "dovecot=/conary.rpath.com@rpl:devel//1/1.0.3-0.1-1".

ORIGINAL ADVISORY:
http://lists.rpath.com/pipermail/security-announce/2007-August/000226.html

OTHER REFERENCES:
SA26320:
http://secunia.com/advisories/26320/

Collapse -
Mandriva update for kdegraphics
by Marianna Schmudlach / August 15, 2007 12:38 AM PDT

TITLE:
Mandriva update for kdegraphics

SECUNIA ADVISORY ID:
SA26470

VERIFY ADVISORY:
http://secunia.com/advisories/26470/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/

DESCRIPTION:
Mandriva has issued an update for kdegraphics. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

For more information:
SA26257

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162

OTHER REFERENCES:
SA26257:
http://secunia.com/advisories/26257/

Collapse -
Mandriva update for koffice
by Marianna Schmudlach / August 15, 2007 12:40 AM PDT

TITLE:
Mandriva update for koffice

SECUNIA ADVISORY ID:
SA26468

VERIFY ADVISORY:
http://secunia.com/advisories/26468/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/

DESCRIPTION:
Mandriva has issued an update for koffice. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

For more information:
SA26257

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163

OTHER REFERENCES:
SA26257:
http://secunia.com/advisories/26257/

Collapse -
Advanced mIRC Integration Plugin id3 Tag Input Validation Er
by Marianna Schmudlach / August 15, 2007 3:13 AM PDT

Advanced mIRC Integration Plugin id3 Tag Input Validation Error

Secunia Advisory: SA26491
Release Date: 2007-08-15


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Unpatched


Software: Advanced mIRC Integration Plugin 2.x

Description:
Wouter Coekaerts has discovered a vulnerability in Advanced mIRC Integration Plugin, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to Advanced mIRC Integration Plugin not correctly filtering id3 tags before sending them to mIRC. This can be exploited to e.g. send arbitrary commands to a server by tricking a user into playing and announcing a specially crafted MP3 file.

The vulnerability is confirmed in version 2.49. Other versions may also be affected.

Solution:
Do not play and announce untrusted audio files. Use another product.

Provided and/or discovered by:
Wouter Coekaerts

Original Advisory:
http://wouter.coekaerts.be/site/security/nowplaying

Collapse -
Cisco Releases Security Advisory for Vulnerabilities in Cisc
by Marianna Schmudlach / August 15, 2007 3:16 PM PDT

Cisco Releases Security Advisory for Vulnerabilities in Cisco VPN Client


added August 15, 2007 at 02:21 pm

Cisco has issued a Security Advisory to address two vulnerabilities in their VPN Client for Microsoft Windows. These vulnerabilities may allow an attacker to elevate privileges on an affected system.

More information regarding these vulnerabilities can be found in the Cisco Security Advisory: Local Privilege Escalation Vulnerabilities in Cisco VPN Client.

More: http://www.us-cert.gov/current/current_activity.html#cisco_releases_security_advisory_for1

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.