Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - August 8, 2008

by Marianna Schmudlach / August 8, 2008 12:26 AM PDT

Fedora update for httpd

Secunia Advisory: SA31416
Release Date: 2008-08-08


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for httpd. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update httpd").

Original Advisory:
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00055.html

Other References:
SA28046:
http://secunia.com/advisories/28046/

SA30621:
http://secunia.com/advisories/30621/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - August 8, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - August 8, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
RTH File Disclosure and SQL Injection Vulnerabilities
by Marianna Schmudlach / August 8, 2008 12:27 AM PDT

Secunia Advisory: SA31414
Release Date: 2008-08-08


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: RTH 1.x

Description:
Some vulnerabilities have been reported in RTH, which can be exploited by malicious people to conduct SQL injection attacks or to disclose sensitive information.

Solution:
Update to version 1.7.0.

Provided and/or discovered by:
1) Jan Sch

Collapse -
Sun Solaris Trusted Extensions Labeled Networking Unauthoris
by Marianna Schmudlach / August 8, 2008 12:28 AM PDT

Secunia Advisory: SA31412
Release Date: 2008-08-08


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


OS: Sun Solaris 10

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Apply patches.

-- SPARC Platform --

Solaris 10:
Apply patch 125100-08 or later.

OpenSolaris:
Fixed in build snv_68 or later.

-- x86 Platform --

Solaris 10:
Apply patch 125101-08 or later.

OpenSolaris:
Fixed in builds snv_68 or later.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240099-1

Collapse -
Fedora update for poppler
by Marianna Schmudlach / August 8, 2008 12:29 AM PDT

Secunia Advisory: SA31405
Release Date: 2008-08-08


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8

Description:
Fedora has issued an update for poppler. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages via the yum utility ("yum update poppler").

Original Advisory:
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00161.html

Other References:
SA30963:
http://secunia.com/advisories/30963/

Collapse -
Fedora update for httpd
by Marianna Schmudlach / August 8, 2008 12:30 AM PDT

Secunia Advisory: SA31404
Release Date: 2008-08-08


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8

Description:
Fedora has issued an update for httpd. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update httpd").

Original Advisory:
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00153.html

Other References:
SA30621:
http://secunia.com/advisories/30621/

Collapse -
Fedora update for thunderbird
by Marianna Schmudlach / August 8, 2008 12:32 AM PDT

Secunia Advisory: SA31403
Release Date: 2008-08-08


Critical:
Highly critical
Impact: Spoofing
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, disclose sensitive information, and to compromise a user's system.

Solution:
Apply updated packages via the yum utility ("yum update thunderbird").

Original Advisory:
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00125.html
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00144.html

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA30911:
http://secunia.com/advisories/30911/

SA30915:
http://secunia.com/advisories/30915/

Collapse -
Fedora update for pdns
by Marianna Schmudlach / August 8, 2008 12:33 AM PDT

Secunia Advisory: SA31401
Release Date: 2008-08-08


Critical:
Not critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for pdns. This fixes a weakness, which can be exploited by malicious people to conduct spoofing attacks.

Solution:
Apply updated packages via the yum utility ("yum update pdns").

Original Advisory:
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00140.html
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00109.html

Other References:
SA31407:
http://secunia.com/advisories/31407/

Collapse -
Fedora update for libxslt
by Marianna Schmudlach / August 8, 2008 12:34 AM PDT

Secunia Advisory: SA31399
Release Date: 2008-08-08


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Solution:
Apply updated packages via the yum utility ("yum update libxslt").

Original Advisory:
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00092.html
https://www.redhat.com/archives/fedor...ge-announce/2008-August/msg00118.html

Other References:
SA31230:
http://secunia.com/advisories/31230/

Collapse -
e107 download.php "extract()" Vulnerability
by Marianna Schmudlach / August 8, 2008 12:35 AM PDT

Secunia Advisory: SA31394
Release Date: 2008-08-08


Critical:
Highly critical
Impact: Manipulation of data
System access

Where: From remote

Solution Status: Vendor Workaround


Software: e107 0.x



Description:
James Bercegay has discovered a vulnerability in e107, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.

The vulnerability is caused due to the insecure use of the "extract()" function in download.php, which allows input passed via the POST method to overwrite arbitrary variables. This can be exploited to modify certain SQL statements and execute arbitrary PHP code.

The vulnerability is confirmed in version 0.7.11. Other versions may also be affected.

Solution:
Fixed in the CVS repository.

Provided and/or discovered by:
James Bercegay, GulfTech Security Research Team

Original Advisory:
http://www.gulftech.org/?node=research&article_id=00122-08072008

Collapse -
WSN Products "TID" Local File Inclusion
by Marianna Schmudlach / August 8, 2008 12:36 AM PDT

Secunia Advisory: SA31392
Release Date: 2008-08-08


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: WSN Classifieds 4.x
WSN Forum 4.x
WSN Gallery 4.x
WSN Knowledge Base 4.x
WSN Links 4.x

Description:
otmorozok428 has reported a vulnerability in various WSN products, which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system.

Solution:
Update to WSN Links 4.1.49, WSN Forum 4.1.45, WSN Knowledge Base 4.1.41, WSN Gallery 4.1.40, and WSN Classifieds 4.1.30.

Provided and/or discovered by:
otmorozok428

Original Advisory:
http://milw0rm.com/exploits/6208

Collapse -
PowerGap Shopsystem "ag" SQL Injection Vulnerability
by Marianna Schmudlach / August 8, 2008 12:38 AM PDT

Secunia Advisory: SA31382
Release Date: 2008-08-08


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: PowerGap Shopsystem

Description:
Rohit Bansal has reported a vulnerability in PowerGap Shopsystem, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ag" parameter in s03.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation may require that "magic_quotes_gpc" is disabled.

Solution:
Filter malicious characters and character sequences in a proxy.

Provided and/or discovered by:
Rohit Bansal

Original Advisory:
http://packetstorm.linuxsecurity.com/0808-exploits/powergap-sql.txt

Collapse -
KAPhotoservice "page" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / August 8, 2008 12:39 AM PDT

Secunia Advisory: SA31369
Release Date: 2008-08-08


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: KAPhotoservice 7.x

Description:
by_casper41 has reported a vulnerability in KAPhotoservice, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "page" parameter in order.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the target user has valid user credentials.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
by_casper41

Original Advisory:
http://www.securityfocus.com/bid/30567

Collapse -
Chupix Contact Module "mods" Local File Inclusion
by Marianna Schmudlach / August 8, 2008 12:40 AM PDT

Secunia Advisory: SA31362
Release Date: 2008-08-08


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Contact 0.x (module for Chupix)

Description:
A vulnerability has been discovered in the Contact module for Chupix, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "mods" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 0.1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
casper41 and an anonymous person

Original Advisory:
http://www.securityfocus.com/bid/30564

Collapse -
SUSE Update for Multiple Packages
by Marianna Schmudlach / August 8, 2008 12:41 AM PDT

Secunia Advisory: SA31339
Release Date: 2008-08-08


Critical:
Highly critical
Impact: System access
DoS
Exposure of sensitive information
Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
openSUSE 11.0

Description:
SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information, conduct cross-site request forgery attacks, and compromise a user's system.

Solution:
Updated packages are available via YaST Online Update and the SUSE FTP server.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html

Other References:
SA28725:
http://secunia.com/advisories/28725/

SA30832:
http://secunia.com/advisories/30832/

SA30935:
http://secunia.com/advisories/30935/

SA31096:
http://secunia.com/advisories/31096/

SA31196:
http://secunia.com/advisories/31196/

Collapse -
Cygwin Package Handling Security Issue
by Marianna Schmudlach / August 8, 2008 12:42 AM PDT

Secunia Advisory: SA31271
Release Date: 2008-08-08


Critical:
Not critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Cygwin 1.x
Cygwin 4.x

Description:
A security issue has been reported in Cygwin, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Update setup.exe to version 2.573.2.3.

Provided and/or discovered by:
Derek Callaway, Security Objectives

Original Advisory:
Cygwin:
http://cygwin.com/ml/cygwin-announce/2008-08/msg00001.html

Security Objectives:
http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt

Collapse -
Next Patch Tuesday: Twelve security updates from Micro
by Marianna Schmudlach / August 8, 2008 12:46 AM PDT

8 August 2008

Next Tuesday, 12 August, Microsoft plans to issue twelve security bulletins, of which seven alone are to deal with critical errors in its products. According to the advance notification, these include Internet Explorer 5, 6 and 7, Media Player 11, Access, Excel, PowerPoint, Office, and Windows. All of the holes can presumably enable code to be remotely injected and executed, using crafted web sites or manipulated files.

http://www.heise-online.co.uk/security/Next-Patch-Tuesday-Twelve-security-updates-from-Microsoft--/news/111276

Collapse -
Kaminsky reveals final details of DNS vulnerability
by Marianna Schmudlach / August 8, 2008 12:47 AM PDT

8 August 2008

Dan Kaminsky in his Black Hat lecture has revealed the final details of the vulnerability in the Domain Name System that he originally discovered. In addition to an attack on a CNAME record, it appears possible to provide a querying name server with false information that can then be used to query other name servers. This means that manipulation is not limited to a single address entry in the cache, and that all other queries may be forwarded to the name server of an attacker.

The attacker could take advantage of the fact that a recursive DNS server is sent from one name server to the next until it finally finds the name server responsible for the domain. This provides the attacker with multiple opportunities to send spoof packets to the victim's server. It should even be possible to attack the name servers of top-level domains in this way. The first pointer to this alternative type of attack was in H.D. Moore's exploit. This could also explain the varying times given by different security specialists for a successful cache poisoning attack. While some specialists have put the time in minutes, Kaminsky has repeatedly stated that his attack took only a few seconds.

http://www.heise-online.co.uk/security/Kaminsky-reveals-final-details-of-DNS-vulnerability--/news/111272

Collapse -
SQL Injection Attacks Targeting Chinese-oriented Sites
by Marianna Schmudlach / August 8, 2008 4:37 AM PDT

Friday, August 8, 2008

With all the attention on China these days, especially in conjunction with the Beijing 2008 Olympics Games, and with ?China? being one of the more popular search engine keywords at the moment, it makes sense for malware writers to focus their attention on the Chinese web ? and we?ve been seeing some interesting examples of SQL injection attacks specifically targeting website designed for a Chinese audience, whether from the mainland or overseas.

Like most SQL injection attacks, these attacks begin with a compromising script being injected into a legitimate site, compromising it and redirecting its users to a malicious website. This website then takes advantage of the vulnerabilities available on the user?s computer to download and execute malicious programs.

More: http://www.f-secure.com/weblog/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!