Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 19, 2007

by Marianna Schmudlach / December 19, 2007 12:03 AM PST

Opera Multiple Vulnerabilities


Secunia Advisory: SA28169
Release Date: 2007-12-19


Critical:
Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x

Description:
Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system.

1) An unspecified error can be exploited via certain plugins to conduct cross-domain scripting attacks.

2) An unspecified error within the processing of TLS certificates can be exploited to execute arbitrary code.

3) An unspecified error within Rich text editing when using designMode can be exploited to conduct cross-domain scripting attacks.

4) An unspecified error within the processing of bitmaps can be exploited to disclose the contents of random memory areas.

The vulnerabilities are reported in versions prior to 9.25.

Solution:
Update to version 9.25.
http://www.opera.com/download/

Provided and/or discovered by:
1, 3) The vendor credits David Bloom.
2) The vendor credits Alexander Klink, Cynops GmbH.
4) The vendor credits Gynvael Coldwind.

Original Advisory:
http://www.opera.com/docs/changelogs/windows/925/#security
http://www.opera.com/support/search/view/875/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 19, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 19, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
IBM AIX Perl Regular Expressions Unicode Data Buffer Overflo
by Marianna Schmudlach / December 19, 2007 12:04 AM PST

Secunia Advisory: SA28167
Release Date: 2007-12-19


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: AIX 5.x
AIX 6.x

Description:
IBM has acknowledged a vulnerability in AIX, which potentially can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA27546

The vulnerability affects AIX 5.2, 5.3, and 6.1.

Solution:
Apply interim fix.

Original Advisory:
IBM:
ftp://aix.software.ibm.com/aix/efixes/security/README

Other References:
SA27546:
http://secunia.com/advisories/27546/

Collapse -
GF-3XPLORER Cross-Site Scripting and Information Disclosure
by Marianna Schmudlach / December 19, 2007 12:05 AM PST

Secunia Advisory: SA28164
Release Date: 2007-12-19


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: GF-3XPLORER 2.x

Description:
MhZ91 has discovered a vulnerability and a security issue in GF-3XPLORER, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose system information.

1) Input passed to the "newdir" parameter in index_3x.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) The explorer/phpinfo.php script calls the "phpinfo()" PHP function directly. This can be exploited to disclose sensitive system information.

The vulnerability and the security issue are confirmed in version 2.4. Prior versions may also be affected.

Solution:
Update to version 2.5.
http://sourceforge.net/project/showfi...ckage_id=208942&release_id=561866

Provided and/or discovered by:
MhZ91

Original Advisory:
http://milw0rm.com/exploits/4738

Collapse -
Adobe Flash Player Multiple Vulnerabilities
by Marianna Schmudlach / December 19, 2007 12:07 AM PST

Secunia Advisory: SA28161
Release Date: 2007-12-19


Critical:
Highly critical
Impact: Unknown
Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Adobe Flash CS3
Adobe Flash Player 9.x
Adobe Flex 2.x
Macromedia Flash 8.x
Macromedia Flash Player 7.x
Macromedia Flash Player 8.x

Description:
Some vulnerabilities have been reported in Adobe Flash Player, where one vulnerability has an unknown impact and others can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP request splitting attacks, disclose sensitive information, cause a Denial of Service (DoS), or to potentially compromise a user's system.

1) An error when parsing specially crafted regular expressions can be exploited to cause a heap-based buffer overflow.

For more information see vulnerability #7 in:
SA27543

2) An unspecified error in the parsing of SWF files can potentially be exploited to execute arbitrary code.

3) An error exists when pinning a hostname to an IP address. This can be exploited to conduct DNS rebinding attacks via allow-access-from elements in cross-domain-policy XML documents.

4) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files.

5) Input passed to unspecified parameters when handling the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability does not affect Flash Player 7.

6) Input passed to unspecified parameters when calling the "navigateToURL" function is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability only affects the Flash Player ActiveX Control for Internet Explorer.

7) An unspecified error can be exploited to modify HTTP headers and conduct HTTP request splitting attacks.

Cool An error within the implementation of the Socket or XMLSocket ActionScript classes can be exploited to determine if a port on a remote host is opened or closed.

9) An error within the setting of memory permissions in Adobe Flash Player for Linux can be exploited by malicious, local users to gain escalated privileges.

10) An unspecified error exists in Adobe Flash Player and Opera on Mac OS X.

For more information see vulnerability #3 in:
SA27277

The vulnerabilities are reported in versions prior to 9.0.115.0.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector or Online Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.

Solution:
Update to version 9.0.115.0.

Flash Player 9.0.48.0 and earlier for Windows, Mac, and Linux:
http://www.stage.adobe.com/go/getflash

Flash Player 9.0.48.0 and earlier - network distribution:
http://www.stage.adobe.com/licensing/distribution

Flash CS3 Professional:
http://www.adobe.com/support/flash/downloads.html

Flex 2.0:
http://www.stage.adobe.com/support/flashplayer/downloads.html#fp9

NOTE: This is reportedly the final security bulletin that Adobe will supply for users of Adobe Flash Player 7 (formerly Macromedia Flash Player 7).

Provided and/or discovered by:
1) The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team.
2) The vendor credits Aaron Portnoy of TippingPoint DVLabs.
3) The vendor credits Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao of Stanford University.
4, 7) The vendor credits Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC.
5) The vendor credits Rich Cannings of the Google Security Team.
6) The vendor credits Collin Jackson and Adam Barth of Stanford University.
9) The vendor credits Jesse Michael and Thomas Biege of SUSE.
10) The vendor credits Opera.

Original Advisory:
http://www.adobe.com/support/security/bulletins/apsb07-20.html

Other References:
SA27543:
http://secunia.com/advisories/27543/

SA27277:
http://secunia.com/advisories/27277/

Collapse -
Adobe Flash Player and GoLive security updates
by Marianna Schmudlach / December 19, 2007 12:28 AM PST

Published: 2007-12-19,
Last Updated: 2007-12-19 07:44:21 UTC
by Maarten Van Horenbeeck (Version: 1)
Adobe has released updates which fix several critical vulnerabilities in Flash Player and GoLive.

Flash Player 9.0.48.0, 8.0.35.0 and 7.0.70.0 and earlier are affected by CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246 and CVE-2007-5476.

Several of the issues resolved are input validation errors, which could allow an attacker to execute arbitrary code through content delivered from a web location. This update resolves issues reported on various platforms (Mac OS, Linux, Windows). Adobe strongly recommends users of this version to upgrade to Flash Player 9.0.115.0 which can be downloaded from a link in their bulletin.

GoLive 9 and GoLive CS2 are affected by CVE-2007-2244 and CVE-2007-2365. These vulnerabilities are somewhat more difficult to exploit, but they can be exploited by convincing a user to include crafted BMP, DIB, RLE or PNG content into a GoLive document. Impact remains execution of arbitrary code, so we strongly recommend implementing the update.

http://isc.sans.org/

Collapse -
WFTPD Explorer LIST Reply Buffer Overflow Vulnerability
by Marianna Schmudlach / December 19, 2007 12:08 AM PST

Secunia Advisory: SA28160
Release Date: 2007-12-19


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: WFTPD Explorer

Description:
r4x has reported a vulnerability in WFTPD Explorer, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing server replies to the LIST command. This can be exploited to cause a heap-based buffer overflow via an overly-long LIST server reply.

Successful exploitation may allow execution of arbitrary code but requires that the user is tricked into connecting to a malicious FTP server.

The vulnerability is reported in version 1.0. Other versions may also be affected.

Solution:
Do not connect to untrusted FTP servers.

Provided and/or discovered by:
r4x (Kamil Szczerba)

Original Advisory:
http://milw0rm.com/exploits/4742

Collapse -
Red Hat update for flash-plugin
by Marianna Schmudlach / December 19, 2007 12:09 AM PST

Secunia Advisory: SA28157
Release Date: 2007-12-19


Critical:
Highly critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 3
Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)




Description:
Red Hat has issued an update for flash-plugin. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting and HTTP request splitting attacks, disclose sensitive information, cause a Denial of Service (DoS), or to potentially compromise a user's system.

For more information:
SA28161

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-1126.html

Other References:
SA28161:
http://secunia.com/advisories/28161/

Collapse -
phpMyRealty Two SQL Injection Vulnerabilities
by Marianna Schmudlach / December 19, 2007 12:10 AM PST

Secunia Advisory: SA28155
Release Date: 2007-12-19


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: phpMyRealty 1.x

Description:
Koller has reported two vulnerabilities in phpMyRealty (PMR), which can be exploited by malicious people and malicious users to conduct SQL injection attacks.

1) Input passed to the "type" parameter in search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability allows e.g. retrieving administrator usernames and password hashes.

2) Input passed to the "listing_updated_days" parameter in admin/findlistings.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires valid administrator credentials.

The vulnerabilities are reported in version 1.0.9. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Koller

Original Advisory:
http://milw0rm.com/exploits/4750

Collapse -
Citrix Web Interface Unspecified Cross-Site Scripting Vulner
by Marianna Schmudlach / December 19, 2007 12:11 AM PST

Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability

Secunia Advisory: SA28150
Release Date: 2007-12-19


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Citrix NFuse Classic 1.x
Citrix NFuse Elite
Citrix Web Interface 2.x

Description:
A vulnerability has been reported in Citrix Web Interface, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input in the on-line help is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability affects the following products, which according to the vendor have already reached End-of-Life:
* Citrix NFuse - all versions
* Citrix Web Interface up to and including version 2.0

Solution:
Upgrade to the latest version of Citrix Web Interface:
http://www.citrix.com/English/SS/downloads/downloads.asp?dID=36407

Provided and/or discovered by:
The vendor credits David Vaartjes of ITsec Security Services B.V.

Original Advisory:
CTX115283:
http://support.citrix.com/article/CTX115283

Collapse -
Asterisk Registration Database Security Bypass
by Marianna Schmudlach / December 19, 2007 12:12 AM PST

Secunia Advisory: SA28149
Release Date: 2007-12-19


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Asterisk 1.x
Asterisk Business Edition 2.x

Description:
A security issue has been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to missing checks of IP addresses when processing database-based registrations ("realtime"). This can be exploited to authenticate as a legitimate user without a password.

Successful exploitation requires that host-based authentication is used and that the attacker has knowledge of a valid username.

The security issue affects the following products and versions:
* Asterisk Open Source 1.2.x prior to 1.2.26
* Asterisk Open Source 1.4.x prior to 1.4.16
* Asterisk Business Edition B.x.x prior to B.2.3.6
* Asterisk Business Edition C.x.x prior to C.1.0-beta8

Solution:
Update to a fixed version.

Asterisk Open Source 1.2.x:
Update to version 1.2.26.

Asterisk Open Source 1.4.x:
Update to version 1.4.16.

Asterisk Business Edition B.x.x:
Update to version B.2.3.6.

Asterisk Business Edition C.x.x:
Fixed in version C.1.0-beta8.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://downloads.digium.com/pub/security/AST-2007-027.pdf

Collapse -
Ubuntu update for libgd2
by Marianna Schmudlach / December 19, 2007 12:14 AM PST

Secunia Advisory: SA28147
Release Date: 2007-12-19


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04
Ubuntu Linux 7.10

Description:
Ubuntu has issued an update for libgd2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

For more information:
SA26642

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubu...ty-announce/2007-December/000643.html

Other References:
SA26642:
http://secunia.com/advisories/26642/

Collapse -
Rosoft Media Player File Processing Buffer Overflow Vulnerab
by Marianna Schmudlach / December 19, 2007 12:15 AM PST

Secunia Advisory: SA28144
Release Date: 2007-12-19


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Rosoft Media Player 4.x

Description:
Juan Pablo Lopez Yacubian has discovered a vulnerability in Rosoft Media Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing files (e.g. .TXT, .M3U, .RML, or a file with any extension) and can be exploited to cause a stack-based buffer overflow via e.g. a .M3U file containing an overly-long (greater than 4095 bytes) string.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 4.1.7. Other versions may also be affected.

Solution:
Do not open untrusted files.

Provided and/or discovered by:
Juan Pablo Lopez Yacubian

Collapse -
Sun Solaris Firefox / Thunderbird Multiple Vulnerabilities
by Marianna Schmudlach / December 19, 2007 12:16 AM PST

Secunia Advisory: SA28135
Release Date: 2007-12-19


Critical:
Highly critical
Impact: Cross Site Scripting
Spoofing
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Unpatched


OS: Sun Solaris 10

Description:
Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, to disclose sensitive information, and potentially to compromise a user's system.

For more information:
SA25990
SA26095
SA26288

The vulnerabilities are reported in Thunderbird and Firefox 2.0 for Solaris 10 for both the SPARC and x86 platforms.

Solution:
Please see the vendor advisory for recommended workarounds.

A final resolution is pending completion.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

Other References:
SA25990:
http://secunia.com/advisories/25990/

SA26095:
http://secunia.com/advisories/26095/

SA26288:
http://secunia.com/advisories/26288/

Collapse -
Mambo Two Cross-Site Scripting Vulnerabilities
by Marianna Schmudlach / December 19, 2007 12:17 AM PST

Secunia Advisory: SA28133
Release Date: 2007-12-19


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Mambo 4.x

Description:
Beenu Arora has discovered two vulnerabilities in Mambo, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "Itemid" parameter in index.php (when "option" is set to "com_frontpage") and "option" in index.php (when "Itemid" is set to "1") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation of both vulnerabilities requires that the target user runs a web browser that does not URL-encode the request (e.g. Internet Explorer 6).

The vulnerabilities are confirmed in version 4.6.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Beenu Arora

Collapse -
WordPress Draft Information Disclosure
by Marianna Schmudlach / December 19, 2007 12:18 AM PST

Secunia Advisory: SA28130
Release Date: 2007-12-19


Critical:
Less critical
Impact: Security Bypass
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: WordPress 2.x



Description:
Michael Brooks has discovered a vulnerability in WordPress, which can be exploited by malicious people to bypass certain security restrictions and to disclose sensitive information.

The application does not properly restrict access to posted drafts to users with valid administrator credentials. This can be exploited to read drafts by accessing the index.php script with data in the "PATH_INFO" URL part ending with "wp-admin/".

Examples:
http://[host]/[path]/index.php/wp-admin/
http://[host]/[path]/index.php/test-wp-admin/

The vulnerability is confirmed in version 2.3.1. Other versions may also be affected.

Solution:
Do not post sensitive information as drafts.

Provided and/or discovered by:
Michael Brooks

Collapse -
ClamAV "cli_scanpe()" MEW Handling Integer Overflow
by Marianna Schmudlach / December 19, 2007 12:19 AM PST

Secunia Advisory: SA28117
Release Date: 2007-12-19


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Clam AntiVirus (clamav) 0.x



Description:
A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to an integer overflow error within the "cli_scanpe()" function when handling MEW packed executables. This can be exploited to cause a heap-based buffer overflow via specially crafted "ssize" and "dsize" values.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in versions prior to 0.92.

Solution:
Update to version 0.92.

Provided and/or discovered by:
Discovered by an anonymous researcher and reported via iDefense Labs.

Original Advisory:
ClamAV:
http://sourceforge.net/project/showno...?release_id=562254&group_id=86638

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634

Collapse -
Gentoo update for cups
by Marianna Schmudlach / December 19, 2007 12:20 AM PST

Secunia Advisory: SA28113
Release Date: 2007-12-19


Critical:
Moderately critical
Impact: Privilege escalation
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for cups. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

Note: This also fixes an incorrect patch for CVE-2007-0720, which introduced another DoS.

For more information:
SA24660
SA28129
SA28139

Solution:
Update to "net-print/cups-1.2.12-r4" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml

Other References:
SA24660:
http://secunia.com/advisories/24660/

SA28129:
http://secunia.com/advisories/28129/

SA28139:
http://secunia.com/advisories/28139/

Collapse -
Red Hat update for squid
by Marianna Schmudlach / December 19, 2007 12:21 AM PST

Secunia Advisory: SA28109
Release Date: 2007-12-19


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4
RedHat Linux Advanced Workstation 2.1 for Itanium

Description:
Red Hat has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA27910

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2007-1130.html

Other References:
SA27910:
http://secunia.com/advisories/27910/

Collapse -
Red Hat update for mysql
by Marianna Schmudlach / December 19, 2007 12:22 AM PST

Secunia Advisory: SA28099
Release Date: 2007-12-19


Critical:
Less critical
Impact: Manipulation of data
DoS

Where: From local network

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for mysql. This fixes some vulnerabilities, which can be exploited by malicious, local users to manipulate certain data and by malicious users to cause a DoS (Denial of Service).

For more information:
SA27568
SA27981

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-1155.html

Other References:
SA27568:
http://secunia.com/advisories/27568/

SA27981:
http://secunia.com/advisories/27981/

Collapse -
rPath update for kernel
by Marianna Schmudlach / December 19, 2007 12:24 AM PST

Secunia Advisory: SA28088
Release Date: 2007-12-19


Critical:
Less critical
Impact: Unknown

Where: Local system

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for the kernel. This fixes a vulnerability with an unknown impact.

For more information:
SA28105

Solution:
Update to:
kernel=conary.rpath.com@rpl:1-vmware/2.6.22.15-0.1-1
kernel=conary.rpath.com@rpl:1/2.6.22.15-0.1-1
kernel=rap.rpath.com@rpath:linux-1/2.6.22.15-1-1

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2007-December/000293.html

Other References:
SA28105:
http://secunia.com/advisories/28105/

Collapse -
Ubuntu update for samba
by Marianna Schmudlach / December 19, 2007 12:25 AM PST

Secunia Advisory: SA28037
Release Date: 2007-12-19


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04
Ubuntu Linux 7.10


Description:
Ubuntu has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA27760

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-556-1

Other References:
SA27760:
http://secunia.com/advisories/27760/

Collapse -
Gentoo update for e2fsprogs
by Marianna Schmudlach / December 19, 2007 12:26 AM PST

Secunia Advisory: SA28009
Release Date: 2007-12-19


Critical:
Less critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for e2fsprogs. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.

For more information:
SA27889

Solution:
Update to "sys-fs/e2fsprogs-1.40.3" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-13.xml

Other References:
SA27889:
http://secunia.com/advisories/27889/

Collapse -
MS07-069 - Post install issue
by Marianna Schmudlach / December 19, 2007 12:31 AM PST

Published: 2007-12-19,
Last Updated: 2007-12-19 08:51:09 UTC
by Stephen Hall (Version: 1)
We have been working with Microsoft and a couple of our readers on an issue they have been having with MS07-069 and IE crashing after the roll up patch for IE has been installed.

Well the Microsoft MSRC have updated their blog and there is a KB article which provides a workaround. http://support.microsoft.com/kb/942615

So if you have a customised installation and have been having IE issues since MS07-069, this could be your solution.

http://isc.sans.org/

Collapse -
Dokeos "My productions" Multiple Extensions File Upload Vuln
by Marianna Schmudlach / December 19, 2007 12:34 AM PST

Dokeos "My productions" Multiple Extensions File Upload Vulnerability

Secunia Advisory: SA28154
Release Date: 2007-12-19


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Dokeos 1.x

Description:
A vulnerability has been discovered in Dokeos, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of file uploads to "My productions" under "My profile", if a filename has multiple file extensions (e.g. "file.php.1"). This can be exploited to upload and execute arbitrary PHP code.

Successful exploitation requires valid user credentials and an certain server configuration (e.g. an Apache server with the "mod_mime" module installed).

The vulnerability is confirmed in version 1.8.4. Other versions may also be affected.

Solution:
Grant only trusted users access to the application.

Restrict access to the "main/upload/users/" directory (e.g. with ".htaccess"). This will however break the download functionality.

Provided and/or discovered by:
RoMaNcYxHaCkEr and an anonymous person

Original Advisory:
http://milw0rm.com/exploits/4753

Collapse -
Unsafe buttons in Google's toolbar
by Marianna Schmudlach / December 19, 2007 1:31 AM PST

The Google Toolbar allows vendors and websites to install additional buttons, for example, to make it easier to search through their sites. However, security researcher Aviv Raff has discovered that an attacker can spoof information displayed during installation, both the origin of the button and the domain it exchanges information with. This simplifies attacks as criminals could use the button to conduct phishing attacks or persuade users to download and run programs from what they mistakenly believe is a trusted domain.

More: http://www.heise-security.co.uk/news/100853

Collapse -
Vulnerability in Unix print service CUPS
by Marianna Schmudlach / December 19, 2007 1:33 AM PST

Version 1.3.5 of the CUPS open source Unix printing system, which fixes multiple security vulnerabilities, has been released. Attackers on the local network can exploit these vulnerabilities to inject malicious code. Apple acquired the rights to the source code to the Unix printing system in the middle of this year. CUPS will, however, continue to be published under GPL and LGPL.

The bugs fixed include vulnerabilities in XPDF discovered six weeks ago, which can be exploited when processing crafted PDF files. A previously unknown bug in the CUPS SNMP backend can allow execution of injected malicious code when processing prepared response packets in ASN.1 notation as a result of an algebraic sign error. This bug affects both 1.2.x and 1.3.x versions of CUPS, for which source code patches are available on the bug tracking system. The SNMP service is active by default in CUPS 1.2.x.

More: http://www.heise-security.co.uk/news/100823

Collapse -
Wireshark network analysis tool version 0.99.7 available
by Marianna Schmudlach / December 19, 2007 1:34 AM PST

The Wireshark project has marked version 0.99.7 of the open source network analysis tool as stable and released it for public consumption. Security vulnerabilities in a number of software modules were reported just under a month ago. The new version fixes these vulnerabilities. Remote attackers can exploit the bugs to cause previous versions of the software to enter an infinite loop, crash or possibly to inject arbitrary code.

More: http://www.heise-security.co.uk/news/100818

Collapse -
A vulnerability in the social networking site Orkut
by Marianna Schmudlach / December 19, 2007 3:52 AM PST

that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users. The malicious code is apparently fetched from the site "http://files.myopera.com" and is called, conveniently enough, "virus.js."

http://isc.sans.org/

Collapse -
Orkut/Google worms Compromise over 400,000 accounts
by Marianna Schmudlach / December 19, 2007 3:54 AM PST

December 19th, 2007 by Alice Decker
There appears to be a web worm which has replicated at an alarming rate through Google?s Orkut social network in the last few hours.Infection starts when the user is sent an email telling them that they have a new Scrapbook entry (essentially a guestbook). Upon visiting their page the user sees the text:

?2008 vem ai? que ele comece mto bem para vc?

No interaction is necessary, simply looking at the scrap starts the infection sequence. The scrap deletes itself, and the user is added to the Orkut Community ?Infectados pelo V

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.