Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - August 7, 2008

by Marianna Schmudlach / August 6, 2008 11:53 PM PDT

PowerDNS Malformed Queries Handling Weakness



Secunia Advisory: SA31407
Release Date: 2008-08-07


Critical:
Not critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


Software: PowerDNS 2.x


Description:
A weakness has been reported in PowerDNS, which can be exploited by malicious people to conduct spoofing attacks.

The weakness is caused due to the server dropping DNS queries for invalid DNS records within a valid domain. This can be exploited to facilitate the spoofing of the valid domain on third-party DNS servers.

The weakness is reported in versions prior to 2.9.21.1.

Solution:
Update to version 2.9.21.1.

Provided and/or discovered by:
The vendor credits Brian J. Dowling of Simplicity Communications.

Original Advisory:
http://doc.powerdns.com/powerdns-advisory-2008-02.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - August 7, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - August 7, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
HP-UX libc Denial of Service Vulnerability
by Marianna Schmudlach / August 6, 2008 11:54 PM PDT

Secunia Advisory: SA31400
Release Date: 2008-08-07


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: HP-UX 11.x

Description:
HP has acknowledged a vulnerability in libc, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in HP-UX B.11.23 and B.11.31 using libc.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBUX02355 SSRT080023:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01520421

Collapse -
CA Products Ingres Multiple Vulnerabilities
by Marianna Schmudlach / August 6, 2008 11:55 PM PDT

Secunia Advisory: SA31398
Release Date: 2008-08-07


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


Software: BrightStor ARCserve Backup 11.x
CA Advantage Data Transformer 2.x
CA AllFusion Harvest Change Manager 7.x
CA CleverPath Aion 10.x
CA Embedded Entitlements Manager 8.x
CA eTrust Admin 8.x
CA eTrust Audit 8.x
CA Identity Manager 12.x
CA Single Sign-On 8.x
CA Unicenter Asset Management 11.x
CA Unicenter Job Management Option 11.x
CA Unicenter Network and Systems Management (NSM) 11.x
CA Unicenter Network and Systems Management (NSM) 3.x
CA Unicenter Remote Control 11.x
CA Unicenter Service Catalog 11.x
CA Unicenter Service Metric Analysis 11.x
CA Unicenter ServicePlus Service Desk 11.x
CA Unicenter ServicePlus Service Desk 6.x
CA Unicenter Software Delivery 11.x
CA Unicenter Workload Control Center 11.x
eTrust Directory 8.x



Description:
Some vulnerabilities have been reported in CA products, which can be exploited by malicious, local users to gain escalated privileges.

Solution:
Apply patches (please see vendor advisory for details).

Provided and/or discovered by:
The vendor credits iDefense Labs.

Original Advisory:
CA:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989

Other References:
SA31357:
http://secunia.com/advisories/31357/

Collapse -
Webex Meeting Manager WebexUCFObject ActiveX Control Buffer
by Marianna Schmudlach / August 6, 2008 11:56 PM PDT

Secunia Advisory: SA31397
Release Date: 2008-08-07


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: WebEx Meeting Manager

Description:
Elazar Broad has discovered a vulnerability in Webex Meeting Manager, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the WebexUCFObject ActiveX control (atucfobj.dll) when handling arguments passed to the "NewObject()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string as argument to the affected method.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 20.2008.2601.4928. Other versions may also be affected.

Solution:
The vendor has reportedly fixed the vulnerability in version 20.2008.2606.4919.

Provided and/or discovered by:
Elazar Broad

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html

Collapse -
Gentoo update for dhcp
by Marianna Schmudlach / August 6, 2008 11:57 PM PDT

Secunia Advisory: SA31396
Release Date: 2008-08-07


Critical:
Not critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for dhcp. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an integer overflow error, which can be exploited to crash the server if a large "dhcp-max-message-size" was specified by a client.

Note: Successful exploitation requires a server configuration which provides clients with an unlikely amount of DHCP options.

Solution:
Update to "net-misc/dhcp-3.1.1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200808-05.xml

Other References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062

Collapse -
Gentoo update for libxslt
by Marianna Schmudlach / August 6, 2008 11:59 PM PDT

Secunia Advisory: SA31395
Release Date: 2008-08-07


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

Solution:
Update to "dev-libs/libxslt-1.1.24-r1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200808-06.xml

Other References:
SA31230:
http://secunia.com/advisories/31230/

Collapse -
8e6 R3000 "Host" URL Filter Bypass Vulnerability
by Marianna Schmudlach / August 7, 2008 12:00 AM PDT

Secunia Advisory: SA31391
Release Date: 2008-08-07


Critical:
Less critical
Impact: Security Bypass

Where: From local network

Solution Status: Unpatched


OS: 8e6 R3000 Internet Filter

Description:
nnposter has reported a vulnerability in 8e6 R3000 Internet Filter, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due an error in the URL filter when processing custom HTTP headers. This can be exploited to bypass the URL filter via a custom HTTP header containing the string "Host:" followed by an unrestricted site.

The vulnerability is reported in version 2.0.12.10. Other versions may also be affected.

Solution:
This will reportedly be fixed in R3000 patch version 2.1.05.

Provided and/or discovered by:
nnposter

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2008-08/0035.html

Collapse -
Free Hosting Manager Insecure Cookie Handling Vulnerability
by Marianna Schmudlach / August 7, 2008 12:01 AM PDT

Secunia Advisory: SA31383
Release Date: 2008-08-07


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Unpatched


Software: Free Hosting Manager 2.x



Description:
lvlr-Erfan has discovered a vulnerability in Free Hosting Manager, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restrictions when accessing the administration interface. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "adminuser" and "loggedin" cookies to "1".

The vulnerability is confirmed in version 2.0.1. Other versions may also be affected.

Solution:
Restrict access to the "admin" directory (e.g. via ".htaccess").

Provided and/or discovered by:
lvlr-Erfan, Scary-Boys

Original Advisory:
http://milw0rm.com/exploits/6213

Collapse -
Contenido Unspecified File Inclusion Vulnerabilities
by Marianna Schmudlach / August 7, 2008 12:02 AM PDT

Secunia Advisory: SA31374
Release Date: 2008-08-07


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Contenido 4.x

Description:
Some vulnerabilities have been reported in Contenido, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to unspecified parameters is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in 4.8.x versions prior to 4.8.7.

Solution:
Update to version 4.8.7.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://forum.contenido.org/viewtopic.php?t=22129

Collapse -
csphonebook "letter" Cross-Site Scripting
by Marianna Schmudlach / August 7, 2008 12:03 AM PDT

Secunia Advisory: SA31359
Release Date: 2008-08-07


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: csphonebook 1.x

Description:
Ghost Hacker has discovered a vulnerability in csphonebook, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "letter" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.02. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Ghost Hacker

Collapse -
Xoops Kshop Module "search" Cross-Site Scripting
by Marianna Schmudlach / August 7, 2008 12:07 AM PDT

Secunia Advisory: SA31402
Release Date: 2008-08-07


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Kshop 2.x (module for Xoops)

Description:
Lostmon has discovered a vulnerability in the Kshop module for Xoops, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "search" parameter in kshop_search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.22. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Lostmon

Original Advisory:
http://lostmon.blogspot.com/2008/08/kshop-module-search-variable-and-field.html

Collapse -
Oracle breaks patch cycle with emergency fix
by Marianna Schmudlach / August 7, 2008 12:10 AM PDT

Tackles buffer overflow exploits
By John Leyden

Collapse -
Sun's snoop dogged by a buffer overflow
by Marianna Schmudlach / August 7, 2008 2:09 AM PDT

Sun Microsystems has released two security alerts for Solaris. One of the alerts affects Solaris 8, 9 and 10 and OpenSolaris, and closes a hole in the snoop network utility, which is normally used to monitor packets on the network. The other covers Solaris 10 and OpenSolaris and involves a way for an unprivileged user to crash the system.

It appears that when the snoop utility is run without the "-o" option, which directs snoop's output to a file, it is possible to craft a malicious packet that can trigger a bug allowing arbitrary commands to be run as the user running snoop. The problem is slightly mitigated by the fact that snoop, when run as root, changes its effective user to "nobody", but that is the only user for which snoop changes effective user id. The problem is related to snoop's displaying of SMB traffic according to the Sun alert for this issue.

More: http://www.heise-online.co.uk/security/Sun-s-snoop-dogged-by-a-buffer-overflow--/news/111264

Collapse -
Security Update for the Git version management tool
by Marianna Schmudlach / August 7, 2008 2:11 AM PDT

The free distributed version management system Git has several weaknesses that could allow an attacker to compromise a Git repository. The problem happens when path names in the repository are longer than the system defined PATH_MAX value. The overflows occur in the diff_change and diff_addremove when they call out to the git-diff and rep commands. The flaw is sufficient to allow code on the stack to be executed or to lock the repository, but the attacker has to obtain repository access first.

More: http://www.heise-online.co.uk/security/Security-Update-for-the-Git-version-management-tool--/news/111265

Collapse -
Cleanup in isle 3 please. Asprox lying around
by Marianna Schmudlach / August 7, 2008 5:23 AM PDT

Published: 2008-08-07,
Last Updated: 2008-08-07 14:43:56 UTC
by Mark Hofman

Whilst looking for something completely different I came across our old friend ASPROX See previous diary from Marc

It seems that a lot of the domains used by this are still or again active. Typically using fast flux. The script that is being injected tends to be ngg.js, fgg.js, b.js or js.js. This links to an IP address (still up) where a CGI script starts the road of pain.

Doing a quick search using our friend Google I ended up with 1,470,000 sites that are currently infected. Now about 591,000 or so are b.js which seems to point to inactive domains so these are unlikely to do damage. The rest is a mixture of active and inactive links.

More: http://isc.sans.org/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?