Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - August 31, 2007

by Marianna Schmudlach / August 31, 2007 1:27 AM PDT

HP Tru64 UNIX BIND Predictable DNS Query IDs Vulnerability

Secunia Advisory: SA26605
Release Date: 2007-08-31


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: HP Tru64 UNIX 5.x



Software: HP Internet Express 6.x

Description:
HP has acknowledged a vulnerability in HP Tru64 UNIX and HP Internet Express for Tru64 UNIX, which can be exploited by malicious people to poison the DNS cache.

For more information:
SA26152

The vulnerability affects the following products and versions running BIND:
* HP Tru64 UNIX v 5.1B-4
* HP Tru64 UNIX v 5.1B-3
* HP Internet Express for Tru64 UNIX (IX) v 6.6

Solution:
Apply patches.

HP Tru64 UNIX v 5.1B-4:
Prerequisite: HP Tru64 UNIX v 5.1B-4 PK6 (BL27)
Name: T64KIT1001268-V51BB27-ES-20070806.tar
http://www.itrc.hp.com/service/patch/...hid=T64KIT1001268-V51BB27-ES-20070806

HP Tru64 UNIX v 5.1B-3:
Prerequisite: HP Tru64 UNIX v 5.1B-3 PK5 (BL26)
Name: T64KIT1001273-V51BB26-ES-20070809.tar
http://www.itrc.hp.com/service/patch/...hid=T64KIT1001273-V51BB26-ES-20070809

HP Internet Express for Tru64 UNIX v 6.6:
Install the HP Tru64 UNIX ERP kit appropriate for the supported operating system version or update to version 6.7 as soon as it becomes available.

Original Advisory:
HPSBTU02256 SSRT071449:
http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=c01154600

Other References:
SA26152:
http://secunia.com/advisories/26152/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - August 31, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - August 31, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Red Hat update for mysql
by Marianna Schmudlach / August 31, 2007 1:29 AM PDT

Secunia Advisory: SA26621
Release Date: 2007-08-31


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information see vulnerability #3 in:
SA25301

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-0875.html

Other References:
SA25301:
http://secunia.com/advisories/25301/

Collapse -
PHP Multiple Vulnerabilities
by Marianna Schmudlach / August 31, 2007 1:30 AM PDT

Secunia Advisory: SA26642
Release Date: 2007-08-31


Critical:
Moderately critical
Impact: Unknown
Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: PHP 5.2.x

Description:
Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions.

1) An error with unknown impact exists within the "money_format()" function when processing "%i" and "%n" tokens.

2) An unspecified error exists within the "zend_alter_ini_entry()" function. This can be exploited to trigger a memory_limit interruption.

3) Two integer overflow errors exist within the "gdImageCreate()" and "gdImageCreateTrueColor()" functions in ext/gd/libgd/gd.c. These can be exploited to cause a heap-based buffer overflow via overly large integer values passed as parameters to e.g. the "imagecreatetruecolor()" PHP function.

4) Two integer overflow errors exist within the "gdImageCopyResized()" function in ext/gd/libgd/gd.c. These can be exploited to cause a heap-based buffer overflow via overly large integer values passed as parameters to the "imagecopyresized()" or "imagecopyresampled()" PHP functions.

Successful exploitation of vulnerabilities #3 and #4 may allow execution of arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed, but requires that PHP is configured to use gd.

5) An error exists within the handling of SQL queries containing "LOCAL INFILE" inside the MySQL and MySQLi extensions. This can be exploited to bypass the "open_basedir" and "safe_mode" directives.

6) An error exists when processing "session_save_path()" and "ini_set()" functions called from a ".htaccess" file. This can be exploited to bypass the "open_basedir" and "safe_mode" directives.

7) An unspecified error exists within the "glob()" function. This can be exploited to bypass the "open_basedir" directive.

Cool An unspecified error exists within the session extension. This can potentially be exploited to bypass the "open_basedir" directive when the session file is a symlink.

The vulnerabilities are reported in PHP versions prior to 5.2.4.

Solution:
Update to PHP version 5.2.4.
http://www.php.net/downloads.php

Provided and/or discovered by:
1) The vendor credits Stanislav Malyshev.
2) The vendor credits Stefan Esser.
3, 4) Mattias Bengtsson and Philip Olausson.
5) The vendor credits Stanislav Malyshev. Also reported by Mattias Bengtsson and Philip Olausson.
6) The vendor credits Maksymilian Arciemowicz.
7) The vendor credits dr.
Cool The vendor credits c.i.morris.

Original Advisory:
http://www.php.net/releases/5_2_4.php

3) http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
4) http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/
5) http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/

Collapse -
Ubuntu update for kernel
by Marianna Schmudlach / August 31, 2007 1:32 AM PDT

Secunia Advisory: SA26643
Release Date: 2007-08-31


Critical:
Not critical
Impact: Security Bypass
Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.10

Description:
Ubuntu has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or gain escalated privileges.

For more information:
SA25771
SA25895
SA26322
SA26389

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-509-1

Other References:
SA25771:
http://secunia.com/advisories/25771/

SA25895:
http://secunia.com/advisories/25895/

SA26322:
http://secunia.com/advisories/26322/

SA26389:
http://secunia.com/advisories/26389/

Collapse -
NMDeluxe "id" SQL Injection Vulnerability
by Marianna Schmudlach / August 31, 2007 1:34 AM PDT

Secunia Advisory: SA26652
Release Date: 2007-08-31


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: NMDeluxe 2.x

Description:
R00T[ATI] has discovered a vulnerability in NMDeluxe, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in index.php (when "do" is set to "newspost") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes.

The vulnerability is confirmed in version 2.0.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R00T[ATI]

Original Advisory:
http://milw0rm.com/exploits/4342

Collapse -
Backup Manager Information Disclosure Security Issue
by Marianna Schmudlach / August 31, 2007 1:35 AM PDT

Secunia Advisory: SA26657
Release Date: 2007-08-31


Critical:
Less critical
Impact: Exposure of sensitive information

Where: Local system

Solution Status: Vendor Patch


Software: Backup Manager 0.x

Description:
Micha Lenk has reported a security issue in Backup Manager, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to the host, username, and password used to connect to a remote FTP server being shown in the process list. This can be exploited to gain unauthorized FTP access to the remote backup server.

The security issue is reported in versions prior to 0.6.3.

Solution:
Update to version 0.6.3.
http://www2.backup-manager.org/Release063

Provided and/or discovered by:
Micha Lenk

Original Advisory:
Backup Manager:
http://www2.backup-manager.org/Release063

Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392

Collapse -
Fedora Security Update Fixes Tar Archive Handling Directory
by Marianna Schmudlach / August 31, 2007 1:44 AM PDT

Fedora Security Update Fixes Tar Archive Handling Directory Traversal Issue

Advisory ID : FrSIRT/ADV-2007-3015
CVE ID : CVE-2007-4131
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-31
Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error in Tar. For additional information, see : FrSIRT/ADV-2007-2958

Affected Products

Fedora 7

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/3015
https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00443.html

Collapse -
Fedora Security Update Fixes WordPress Cross Site Scripting
by Marianna Schmudlach / August 31, 2007 1:45 AM PDT

Fedora Security Update Fixes WordPress Cross Site Scripting Vulnerability

Advisory ID : FrSIRT/ADV-2007-3016
CVE ID : CVE-2007-4139
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-31
Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an error in WordPress. For additional information, see : FrSIRT/ADV-2007-2744

Affected Products

Fedora 7

Solution

Upgrade the affected packages

5147bbafce51645dae00f2e8d33ff6ee9ba0d282 wordpress-2.2.2-0.fc7.noarch.rpm
6f763d57be435382e3b5de56c81d7f85c0faceda wordpress-2.2.2-0.fc7.src.rpm

References

http://www.frsirt.com/english/advisories/2007/3016
https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00435.html

Collapse -
Redhat Network Satellite XMLRPC Handler Remote Code Executio
by Marianna Schmudlach / August 31, 2007 1:47 AM PDT

Redhat Network Satellite XMLRPC Handler Remote Code Execution Issue


Advisory ID : FrSIRT/ADV-2007-3017
CVE ID : CVE-2007-4132
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-31
Technical Description

A vulnerability has been identified in Redhat Network Satellite, which could be exploited by malicious users to compromise an affected system. This issue is caused by an unspecified error in a back-end XMLRPC handler, which could be exploited by remote authenticated attackers to execute arbitrary code with "apache" privileges.

Affected Products

Red Hat Network Satellite version 5.0

Solution

Upgrade the affected packages :
http://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/3017
http://rhn.redhat.com/errata/RHSA-2007-0868.html

Collapse -
Redhat Security Update Fixes MySQL Remote Denial of Service
by Marianna Schmudlach / August 31, 2007 1:48 AM PDT

Redhat Security Update Fixes MySQL Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-3018
CVE ID : CVE-2007-3780
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-31
Technical Description

A vulnerability has been identified in various Redhat products, which could be exploited by remote attackers to cause a denial of service. This issue is caused by an error in MySQL. For additional information, see : FrSIRT/ADV-2007-2122

Affected Products

RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)

Solution

Upgrade the affected packages :
http://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/3018
http://rhn.redhat.com/errata/RHSA-2007-0875.html

Collapse -
SuSE Security Update Fixes Opera Remote Command Execution Vu
by Marianna Schmudlach / August 31, 2007 1:49 AM PDT

SuSE Security Update Fixes Opera Remote Command Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-3019
CVE ID : CVE-2007-4367
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-31
Technical Description

A vulnerability has been identified in SuSE Linux and openSUSE, which could be exploited by remote attackers to cause a denial of service or execute arbitrary code. This issue is caused by an error in Opera. For additional information, see : FrSIRT/ADV-2007-2904

Affected Products

SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2

Solution

Upgrade the affected packages :
ftp://ftp.suse.com/pub/suse/update

References

http://www.frsirt.com/english/advisories/2007/3019
http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00006.html

Collapse -
USAJOBS and Monster Resume Database Compromise
by Marianna Schmudlach / August 31, 2007 8:14 AM PDT

US-CERT is aware of a database compromise affecting Monster.com. Reports indicate that the resume database was targeted and that subscriber names, addresses, phone numbers, and email addresses were disclosed to the attacker. This compromise also affects USAJOBS.gov subscribers as Monster Worldwide is the technology provider for USAJOBS. Monster states that social security numbers have not been compromised as USAJOBS has security policies in place to safeguard them.

More information may be found at the following:


Monster.com
USAJOBS.gov

More: http://www.us-cert.gov/current/current_activity.html#monster_resume_database_compromise

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.