Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - August 21, 2007

by Marianna Schmudlach / August 21, 2007 1:40 AM PDT

Debian update for koffice

Secunia Advisory: SA26514
Release Date: 2007-08-21


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Partial Fix


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for koffice. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

For more information:
SA26257

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2007/msg00119.html

Other References:
SA26257:
http://secunia.com/advisories/26257/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - August 21, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - August 21, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Ubuntu update for jasper
by Marianna Schmudlach / August 21, 2007 1:42 AM PDT

Secunia Advisory: SA26516
Release Date: 2007-08-21


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04

Description:
Ubuntu has issued an update for jasper. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA25287

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-501-1

Other References:
SA25287:
http://secunia.com/advisories/25287/

Collapse -
Ubuntu update for rsync
by Marianna Schmudlach / August 21, 2007 1:44 AM PDT

Secunia Advisory: SA26518
Release Date: 2007-08-21


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04

Description:
Ubuntu has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26493

Solution:
Apply updated packages

Original Advisory:
http://www.ubuntu.com/usn/usn-500-1

Other References:
SA26493:
http://secunia.com/advisories/26493/

Collapse -
Sysstat systat.in Insecure Temporary Files
by Marianna Schmudlach / August 21, 2007 1:46 AM PDT

Secunia Advisory: SA26527
Release Date: 2007-08-21


Critical:
Less critical
Impact: Manipulation of data

Where: Local system

Solution Status: Unpatched


Software: Sysstat 5.x
Sysstat 6.x
Sysstat 7.x

Description:
A vulnerability has been reported in Sysstat, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The vulnerability is caused due to the systat.in script handling temporary files in an insecure manner. This can be exploited to delete arbitrary files via symlink attacks.

The vulnerability is reported in version 7.1.6. Other versions may also be affected.

Solution:
Grant only trusted users access to affected systems.

Provided and/or discovered by:
Julien L.

Original Advisory:
https://bugs.gentoo.org/show_bug.cgi?id=188808

Collapse -
Mandriva update for libvorbis
by Marianna Schmudlach / August 21, 2007 1:47 AM PDT

Secunia Advisory: SA26535
Release Date: 2007-08-21


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for libvorbis. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

For more information:
SA26232

Solution:
Apply updated packages.

Original Advisory:
http://archives.mandrivalinux.com/security-announce/2007-08/msg00011.php

Other References:
SA26232:
http://secunia.com/advisories/26232/

Collapse -
Mandriva update for rsync
by Marianna Schmudlach / August 21, 2007 1:49 AM PDT

Secunia Advisory: SA26537
Release Date: 2007-08-21


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26493

Solution:
Apply updated packages.

Original Advisory:
http://archives.mandrivalinux.com/security-announce/2007-08/msg00010.php

Other References:
SA26493:
http://secunia.com/advisories/26493/

Collapse -
Cisco IP Phone 7940 SIP Message Sequence Denial of Service
by Marianna Schmudlach / August 21, 2007 1:50 AM PDT

Secunia Advisory: SA26547
Release Date: 2007-08-21


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Unpatched


Software: Cisco IP Phone 7940

Description:
The Madynes research team at INRIA Lorraine has reported some vulnerabilities in Cisco IP Phone 7940, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to errors within the handling of certain SIP message sequences. These can be exploited to reboot the device by sending a series of specially crafted SIP messages.

The vulnerabilities are reported in firmware version POS3-08-6-00.

Solution:
Use only in a trusted network environment.

Provided and/or discovered by:
Madynes research team at INRIA Lorraine

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065401.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065402.html

Collapse -
OlateDownload Multiple Vulnerabilities
by Marianna Schmudlach / August 21, 2007 3:00 AM PDT

TITLE:
OlateDownload Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA26533

VERIFY ADVISORY:
http://secunia.com/advisories/26533/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Manipulation of data, System access

WHERE:
From remote

SOFTWARE:
OlateDownload 3.x
http://secunia.com/product/12177/

DESCRIPTION:
imei addmimistrator has reported some vulnerabilities in
OlateDownload, which can be exploited by malicious people to bypass
certain security restrictions, conduct SQL injection attacks, and
compromise a vulnerable system.

1) A vulnerability is caused due to improper authentication
verification in admin.php. This can be exploited to log in as
administrator, by passing values in the "OD3_AutoLogin" cookie.

Successful exploitation of this vulnerability requires knowledge of
the administrator username, user ID, and user group.

2) Input passed in the "OD3_AutoLogin" cookie to admin.php is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) Input passed to the "server" parameter in environment.php is used
to connect to a MySQL server on that host. Data returned from the
MySQL server is not properly sanitised before being used in "eval()"
calls. This can be exploited to execute arbitrary PHP code.

The vulnerabilities are reported in version 3.4.1. Prior versions may
also be affected.

SOLUTION:
Update to version 3.4.2.

PROVIDED AND/OR DISCOVERED BY:
imei addmimistrator

ORIGINAL ADVISORY:
OlateDownload:
http://sourceforge.net/forum/forum.php?forum_id=727807

imei addmimistrator:
1-2)
http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html
3)
http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html

Collapse -
2wire Routers Cross-Site Request Forgery Vulnerability
by Marianna Schmudlach / August 21, 2007 4:44 AM PDT

TITLE:
2wire Routers Cross-Site Request Forgery Vulnerability

SECUNIA ADVISORY ID:
SA26496

VERIFY ADVISORY:
http://secunia.com/advisories/26496/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting, Manipulation of data

WHERE:
From remote

OPERATING SYSTEM:
2Wire HomePortal Series
http://secunia.com/product/2862/
2Wire OfficePortal Series
http://secunia.com/product/11696/

DESCRIPTION:
hkm has reported a vulnerability in 2wire routers, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

The vulnerability is caused due the administrative web interface
allowing users to perform certain sensitive actions via HTTP requests
without verifying the validity of the user's request. This can be
exploited to perform certain actions on the device when a logged in
administrator is tricked into visiting a malicious web page.

The vulnerability is reported in 1701HG version 3.17.5 and 2071
Gateway version 5.29.51. Other versions may also be affected.

SOLUTION:
Do not browse untrusted web sites while being logged in to the
administrative section of the device.

PROVIDED AND/OR DISCOVERED BY:
hkm

ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/2007-08/0226.html

Collapse -
NuFW Time Based Filtering Rules Security Bypass
by Marianna Schmudlach / August 21, 2007 4:45 AM PDT

TITLE:
NuFW Time Based Filtering Rules Security Bypass

SECUNIA ADVISORY ID:
SA26546

VERIFY ADVISORY:
http://secunia.com/advisories/26546/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From remote

REVISION:
1.1 originally posted 2007-08-21

SOFTWARE:
NuFW 2.x
http://secunia.com/product/15380/

DESCRIPTION:
A security issue has been reported in NuFW, which can be exploited by
malicious people to bypass certain security restrictions.

The security issue is caused due to NuFW not correctly dropping
packets with an out of period arrival time, which can be exploited to
bypass the filtering rules.

The security issue is reported in versions 2.2.x up to but not
including 2.2.4.

SOLUTION:
Update to version 2.2.4.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

CHANGELOG:
2007-08-21: Added more information about affected versions in
"Description" section.

ORIGINAL ADVISORY:
http://www.nufw.org/+NuFW-2-2-4,201+.html

Collapse -
ZoneAlarm Products ACL and IOCTL Local Privilege Escalation
by Marianna Schmudlach / August 21, 2007 4:49 AM PDT

ZoneAlarm Products ACL and IOCTL Local Privilege Escalation Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2929
CVE ID : CVE-2005-2932 - CVE-2007-4216
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-08-21
Technical Description

Multiple vulnerabilities have been identified in various ZoneAlarm products, which could be exploited by local attackers to obtain elevated privileges.

The first issue is caused by insecure default file Access Control List (ACL) settings being applied during the installation process, which could be exploited by malicious users to replace certain files with malicious binaries and execute arbitrary code with SYSTEM privileges.

The second vulnerability is caused by errors in the "vsdatant.sys" device driver that does not validate user-land supplied addresses passed to IOCTL 0x8400000F and IOCTL 0x84000013, which could be exploited by local attackers to overwrite arbitrary memory and execute code with elevated privileges.

Affected Products

ZoneAlarm versions prior to 7.0.362
ZoneAlarm Pro versions prior to 7.0.362
ZoneAlarm Security Suite versions prior to 7.0.362

Solution

Upgrade to version 7.0.362 :
http://www.zonealarm.com/store/content/catalog/products/trial_zaFamily/trial_zaFamily.jsp

References

http://www.frsirt.com/english/advisories/2007/2929
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585

Credits

Vulnerabilities reported by Ruben Santamarta and iDefense Labs.

Collapse -
Lhaz Gzip Archive Processing Client-Side Code Execution Vuln
by Marianna Schmudlach / August 21, 2007 4:50 AM PDT

Lhaz Gzip Archive Processing Client-Side Code Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-2930
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-21
Technical Description

A vulnerability has been identified in Lhaz, which could be exploited by remote attackers to take complete control of an affected system. This issue is caused by a memory corruption error when processing a malformed gzip archive, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted archive.

Note : This vulnerability is currently being exploited in the wild.

Affected Products

Lhaz version 1.33 and prior

Solution

Upgrade to Lhaz version 1.34b1 :
http://www.chitora.jp/lhaz.html

References

http://www.frsirt.com/english/advisories/2007/2930
http://www.avertlabs.com/research/blog/index.php/2007/08/17/targeted-zero-day-attack-against-free-tools-lhaz/

Credits

Vulnerability reported by McAfee Avert Labs.

Collapse -
EMC Legato Networker Remote Exec Service Stack Overflow Vuln
by Marianna Schmudlach / August 21, 2007 4:52 AM PDT

EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2931
CVE ID : CVE-2007-3618
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-21
Technical Description

Multiple vulnerabilities have been identified in EMC Legato Networker, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are caused by stack overflow errors in the Networker Remote Exec Service (nsrexecd.exe) when processing a poll or kill request with an overly long and invalid subcmd (sent to the SUNRPC portmapper on TCP port 111 for service #0x5f3e1, version 1), which could be exploited by remote unauthenticated attackers to crash an affected service or execute arbitrary code.

Affected Products

EMC Legato Networker versions 7.x

Solution

Apply patch (KB article esg83899) :
http://powerlink.emc.com

References

http://www.frsirt.com/english/advisories/2007/2931
http://www.zerodayinitiative.com/advisories/ZDI-07-049.html

Credits

Vulnerabilities reported by Tenable Network Security and ZDI.

Collapse -
SuSE Security Update Fixes Multiple Denial of Service and Se
by Marianna Schmudlach / August 21, 2007 4:54 AM PDT

SuSE Security Update Fixes Multiple Denial of Service and Security Bypass Issues

Advisory ID : FrSIRT/ADV-2007-2926
CVE ID : CVE-2007-3099 - CVE-2007-3100 - CVE-2007-3377 - CVE-2007-3409 - CVE-2007-4091
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-21
Technical Description

Multiple vulnerabilities have been identified in various SuSE products, which could be exploited by attackers to bypass security restrictions, cause a denial of service or execute arbitrary code. These issues are caused by errors in perl-Net-DNS, rsync, open-iscsi and rug zen-updater. For additional information, see : FrSIRT/ADV-2007-2516 - FrSIRT/ADV-2007-2195

Affected Products

SuSE Linux 10.x
SuSE Linux 9.x
SuSE Linux 8.x
SuSE Linux 7.x
SuSE Linux Connectivity Server
SuSE Linux Database Server
SuSE Linux Desktop 1.x
SuSE Linux Enterprise Server 7
SuSE Linux Enterprise Server 8
SUSE Linux Enterprise Server 9
SUSE Linux Enterprise Server 10
SuSE Linux Firewall
SuSE Linux Standard Server 8
SuSE Linux Office Server
SuSE Linux Openexchange Server 4.x

Solution

Upgrade the affected packages :
ftp://ftp.suse.com/pub/suse/update/

References

http://www.frsirt.com/english/advisories/2007/2926
http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00005.html

Collapse -
Slackware Security Update Fixes Tcpdump Remote Integer Overf
by Marianna Schmudlach / August 21, 2007 4:55 AM PDT

Slackware Security Update Fixes Tcpdump Remote Integer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2927
CVE ID : CVE-2007-3798
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-21
Technical Description

A vulnerability has been identified in Slackware, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in Tcpdump. For additional information, see : FrSIRT/ADV-2007-2578

Affected Products

Slackware 9.0
Slackware 9.1
Slackware 10.0
Slackware 10.1
Slackware 10.2
Slackware 11.0
Slackware 12.0

Solution

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/tcpdump-3.9.7-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/tcpdump-3.9.7-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/tcpdump-3.9.7-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/tcpdump-3.9.7-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tcpdump-3.9.7-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/tcpdump-3.9.7-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/tcpdump-3.9.7-i486-1_slack12.0.tgz

References

http://www.frsirt.com/english/advisories/2007/2927
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?