Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - August 19, 2008

by Marianna Schmudlach / August 19, 2008 2:05 AM PDT

NOAH Unspecified Cross-Site Scripting Vulnerability

Secunia Advisory: SA31543
Release Date: 2008-08-19


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: NOAH 3.x

Description:
A vulnerability has been reported in NOAH, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 3.2.2.

Solution:
Update to version 3.2.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.nordicwind.ca/noah/bugs/inputval.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - August 19, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - August 19, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sun Java System Portal Server Cross-Site Scripting Vulnerabi
by Marianna Schmudlach / August 19, 2008 2:06 AM PDT

Secunia Advisory: SA31538
Release Date: 2008-08-19


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Sun Java System Portal Server 7.x

Description:
A vulnerability has been reported in Sun Java System Portal Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239308-1

Collapse -
SFS Affiliate Directory "id" SQL Injection Vulnerability
by Marianna Schmudlach / August 19, 2008 2:07 AM PDT

Secunia Advisory: SA31537
Release Date: 2008-08-19


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: SFS Affiliate Directory

Description:
Hussin X has reported a vulnerability in SFS Affiliate Directory, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in directory.php (when "ax" is set to "deadlink") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Filter malicious characters and character sequences in a proxy.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://packetstorm.linuxsecurity.com/0808-exploits/affildir-sql.txt

Collapse -
MailScan for Mail Servers Web Administration Interface Multi
by Marianna Schmudlach / August 19, 2008 2:09 AM PDT

Secunia Advisory: SA31534
Release Date: 2008-08-19


Critical:
Moderately critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: MicroWorld MailScan for Mail Servers 5.x

Description:
Oliver Karow has reported some vulnerabilities in MailScan for Mail Servers, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and bypass certain security restrictions.

Solution:
Do not browse other websites while being logged in to the web administration interface. Restrict access to trusted users only.

Provided and/or discovered by:
Oliver Karow

Original Advisory:
http://www.oliverkarow.de/research/mailscan.txt

Collapse -
PHPizabi "id" Information Disclosure and Manipulation
by Marianna Schmudlach / August 19, 2008 2:10 AM PDT

Secunia Advisory: SA31533
Release Date: 2008-08-19


Critical:
Not critical
Impact: Manipulation of data
Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: PHPizabi 0.x

Description:
Lostmon has discovered a vulnerability in PHPizabi, which can be exploited by malicious users to disclose sensitive information and manipulate data.

Input passed to the "id" parameter in index.php (when "L" is set to "admin.templates.edittemplate") is not properly sanitised before being used. This can be exploited to display or edit arbitrary files via directory traversal attacks or full paths.

Successful exploitation requires valid administrator credentials.

The vulnerability is confirmed in version 0.848b C1 HFP3 SF1. Other versions may also be affected.

Solution:
Grant administrator access to trusted users only.

Provided and/or discovered by:
Lostmon

Original Advisory:
http://lostmon.blogspot.com/2008/08/phpizabi-v0848b-traversal-file-access.html

Collapse -
Debian update for postfix
by Marianna Schmudlach / August 19, 2008 2:11 AM PDT

Secunia Advisory: SA31530
Release Date: 2008-08-19


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for postfix. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Solution:
Apply updated packages.

Changelog:
2008-08-19: Updated "Solution" section due to a version numbering problem. Added link to updated Debian advisory to "Original Advisory" section.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00214.html
http://lists.debian.org/debian-security-announce/2008/msg00215.html

Other References:
SA31485:
http://secunia.com/advisories/31485/

Collapse -
Interleave Information Disclosure Security Issues
by Marianna Schmudlach / August 19, 2008 2:12 AM PDT

Secunia Advisory: SA31525
Release Date: 2008-08-19


Critical:
Less critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Interleave 4.x

Description:
Some security issues have been reported in Interleave, which can be exploited by malicious users to disclose certain sensitive information.

Solution:
Fixed in version 5.0.

Grant only trusted users access to the application.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://dev.crm-ctt.com/CHANGELOG

Collapse -
Papoo "suchanzahl" SQL Injection Vulnerability
by Marianna Schmudlach / August 19, 2008 2:13 AM PDT

Secunia Advisory: SA31520
Release Date: 2008-08-19


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Papoo 2.x
Papoo 3.x

Description:
Russ McRee has reported a vulnerability in Papoo, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "suchanzahl" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in all 2.x versions and all 3.x versions prior to 3.7.2.

Solution:
Update to version 3.7.2.

Apply the vendor's official patch:
http://www.papoo.de/cms-news-und-infos/security/patch1-10808.html

Provided and/or discovered by:
Russ McRee

Original Advisory:
http://holisticinfosec.org/content/view/80/45/

Collapse -
SUSE update for python
by Marianna Schmudlach / August 19, 2008 2:14 AM PDT

Secunia Advisory: SA31518
Release Date: 2008-08-19


Critical:
Moderately critical
Impact: Unknown

Where: From remote

Solution Status: Vendor Patch


OS: SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x



Description:
SUSE has issued an update for python. This fixes some vulnerabilities, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Solution:
Updates are available via the SuSE Linux Maintenance Web.
http://support.novell.com/techcenter/psdb/c1c51f74ac5868675063af2a6018cb5f.html

Original Advisory:
http://www.novell.com/support/search....foDocument-patchbuilder-readme5032900

Other References:
SA31305:
http://secunia.com/advisories/31305/

Collapse -
WS_FTP Home / Professional Format String Vulnerability
by Marianna Schmudlach / August 19, 2008 2:15 AM PDT

Secunia Advisory: SA31504
Release Date: 2008-08-19


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Ipswitch WS_FTP Home 2007
Ipswitch WS_FTP Professional 2007

Description:
securfrog has discovered a vulnerability in WS_FTP Home and Professional, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a format string error when processing responses of the FTP server. This can be exploited by e.g. tricking a user into connecting to a malicious FTP server.

Successful exploitation may allow the execution of arbitrary code.

The vulnerability is confirmed in WS_FTP Home version 2007.0.0.2 and WS_FTP Professional version 2007.1.0.0. Other versions may also be affected.

Solution:
Connect to trusted servers only.

Provided and/or discovered by:
securfrog

Original Advisory:
http://milw0rm.com/exploits/6257

Collapse -
Ad Board "id" SQL Injection Vulnerability
by Marianna Schmudlach / August 19, 2008 2:16 AM PDT

Secunia Advisory: SA31491
Release Date: 2008-08-19


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Ad Board

Description:
Hussin X has reported a vulnerability in Ad Board, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in trr.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and passwords.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt

Collapse -
Serv-U File Server SFTP Logging Denial of Service Vulnerabil
by Marianna Schmudlach / August 19, 2008 2:17 AM PDT

Secunia Advisory: SA31461
Release Date: 2008-08-19


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Serv-U File Server 7.x

Description:
A vulnerability has been reported in Serv-U File Server, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the logging functionality when creating directories via SFTP. This can be exploited to crash the service.

Successful exploitation requires a valid account with write permissions.

The vulnerability is reported in version 7.x prior to 7.2.0.1.

Solution:
Update to version 7.2.0.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.serv-u.com/releasenotes/

Collapse -
IBM WebSphere Portal Server Authentication Bypass
by Marianna Schmudlach / August 19, 2008 2:19 AM PDT

Secunia Advisory: SA31443
Release Date: 2008-08-19


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: IBM WebSphere Portal 6.x

Description:
Charles Gillman has reported a vulnerability in WebSphere Portal Server, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the administrative interface not properly restricting access to certain pages. This can be exploited to perform certain administrative actions via a specially crafted HTTP request.

Provided and/or discovered by:
Charles Gillman, Security Assurance National Australia Bank

Original Advisory:
http://www-1.ibm.com/support/docview....8&ca=portall2&uid=swg1PK67104

Collapse -
Fedora servers may have been breached
by Marianna Schmudlach / August 19, 2008 2:21 AM PDT

19 August 2008, 10:09

Server failure announcements on the Fedora mailing list are currently causing alarm among users of the Fedora Linux distribution. Paul Frields, head of the Fedora project, said there had evidently been a problem with various servers in the Fedora infrastructure that had made the project reinstall its systems. Frields gave no information about the precise reasons for this action, but US media are already speculating that a breach in one of the systems was to blame.

Apart from the packages servers, many of the Fedora servers were not available due to the maintenance work. Frields recommended that until the problem was solved no new packages should be installed or updated, which strongly hints at a security problem, possibly with manipulated packages. Fedora packages are digitally signed, but if the programs have already been manipulated on the build server, the signature will be worthless.

More: http://www.heise-online.co.uk/security/Fedora-servers-may-have-been-breached--/news/111345

Collapse -
Cisco fixes its conferencing software
by Marianna Schmudlach / August 19, 2008 2:22 AM PDT

Cisco has announced an update to fix a bug in the ActiveX control of its WebEx Meeting Manager that could lead to a buffer overflow. The network specialist acknowledged that an attacker could exploit the vulnerability to execute arbitrary code. The bug is in the Control WebexUCFObject, ClassID {32E26FD9-F435-4A20-A561-35D4B987CFDC} in the DLL atucfobj.dll8. Cisco says that the problem affects versions WBS 23, WBS 25, and WBS 26. The WBS 26 server has already been updated and anyone connecting to an updated server will automatically receive an updated version of the client software. Cisco says that WBS 25 will also be updated by the end of September and WBS23 will be transitioned to WBS26 in the same time frame.

http://www.heise-online.co.uk/security/Cisco-fixes-its-conferencing-software--/news/111352

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.