Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 21, 2008

Firefox Cross-Domain Text Theft

21 Dec. 2008

Summary
A vulnerability in the way Firefox parses Javascript code (through a src tag) without properly restricting it to the same domain allows attackers to access information that is outside their domain restriction, which in turn can be used to preform cross-domain theft.

Credit:
The information has been provided by Chris Evans.
The original article can be found at: http://scary.beasts.org/security/CESA-2008-011.html

http://www.securiteam.com/securitynews/6V00N0ANFI.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 21, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 21, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL Pointer Derefere

In reply to: VULNERABILITIES \ FIXES - December 21, 2008

Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL Pointer Dereference

21 Dec. 2008

Summary
The kernel of Solaris contains a vulnerability in the code that handles SIOCGTUNPARAM IOCTL requests. Exploitation of this vulnerability can result in:
1) Local denial of service attacks (system crash due to a kernel panic), or
[ As all Solaris Zones (Containers) share the same kernel it is possible to crash the whole system (all Zones) even if the vulnerability is triggered in an unprivileged non-global zone. ]

2) Local execution of arbitrary code at the kernel level (complete system compromise) on x86 platforms
[ As all Solaris Zones (Containers) share the same kernel it is possible to escape from unprivileged non-global zones and compromise other non-global zones or the global zone. ]

The issue can be triggered by sending a specially crafted IOCTL request to the kernel.

Credit:
The information has been provided by Tobias Klein.
The original article can be found at: http://www.trapkit.de/advisories/TKADV2008-015.txt

http://www.securiteam.com/unixfocus/6W00O0ANFO.html

Collapse -
PHP APC Vulnerable to Local Attacks

In reply to: VULNERABILITIES \ FIXES - December 21, 2008

21 Dec. 2008

Summary
PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." A cross site scripting issue which comes into play when you have local users which are able to create files and cause those to be cached by the PHP APC, and a server admin later visits the apc.php web interface which comes with PHP APC.

Credit:
The information has been provided by Moritz Naumann.

http://www.securiteam.com/unixfocus/6T00L0ANFE.html

Collapse -
Fujitsu-Siemens WebTransactions Command Injection Vulnerabil

In reply to: VULNERABILITIES \ FIXES - December 21, 2008

21 Dec. 2008

Summary
With WebTransactions openSEAS provides "a product which allows approved host applications to be used in new business processes and modern application scenarios. WebTransactions provides all possibilities to prepare existing host applications for new web based scenarios. Host applications and data can be used via Standard Web browser without need to change anything on the host side".

Fujitsu-Siemens WebTransactions is vulnerable to remote command injection due to insufficient input validation. Under certain conditions, WBPublish.exe passes unvalidated user input to the system() function when cleaning up temporary session data. This vulnerability allows an attacker to execute arbitrary commands on the affected system. The vulnerability does not require prior authentication and can be exploited from a web browser.

Credit:
The information has been provided by Bernhard Mueller.
The original article can be found at: http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt


http://www.securiteam.com/securitynews/6U00M0ANFS.html

Collapse -
PHP mbstring Buffer Overflow Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 21, 2008

21 Dec. 2008

Summary
PHP is "a scripting language extensively used in web application development. The package contains a number of language extensions aside from the language core".

A heap buffer overflow was found in mbstring extension that is bundled in the standard distribution. mbstring extension provides a set of functions for the manipulation of multibyte / Unicode strings.

The vulnerability occurs in the part of the encoding conversion facility that decodes strings that contain HTML entities into Unicode strings. Due to the decoder's incorrect handling of error conditions, the bounds check for a heap-allocated buffer is effectively bypassed. An attacker can exploit this vulnerability to transfer arbitrary data to a specific region of the heap if he gains control over the input of the decoder.

Credit:
The information has been provided by Moriyoshi Koizumi.

http://www.securiteam.com/unixfocus/6X00P0ANFM.html

Collapse -
Trend Micro HouseCall ActiveX Control "notifyOnLoadNative()"

In reply to: VULNERABILITIES \ FIXES - December 21, 2008

Trend Micro HouseCall ActiveX Control "notifyOnLoadNative()" Vulnerability

Release Date: 2008-12-21

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: Trend Micro HouseCall ActiveX Control 6.x
Trend Micro HouseCall Server 6.x

Description:
Secunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error in the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted "notifyOnLoadNative()" callback function.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in versions 6.51.0.1028 and 6.6.0.1278. Other versions may also be affected.

Solution:
Remove the ActiveX control and install version 6.6.0.1285.
http://prerelease.trendmicro-europe.com/hc66/launch/

HouseCall Server Edition:
Apply hotfix B1285. Please see vendor's advisory for further details.

Provided and/or discovered by:
Alin Rad Pop, Secunia Research.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2008-34/

Trend Micro:
http://esupport.trendmicro.com/suppor...ontentID=EN-1038646&id=EN-1038646

Collapse -
American Express bitten by XSS bugs (again)

In reply to: VULNERABILITIES \ FIXES - December 21, 2008

Card accounts still naked

By Dan Goodin in San Francisco

The website for American Express has once again been bitten by security bugs that could expose its considerable base of customers to attacks that steal their login credentials.

The notice comes days after The Register reported Amex unnecessarily put its users at risk by failing to fix a glaring vulnerability more than two weeks after a security research first alerted company employees to the problem. An Amex spokesman later said the hole had been plugged.

It turns out that's not the case. The cross-site scripting (XSS) error that makes it trivial for attackers to steal americanexpress.com user's authentication cookies is alive and kicking. The confusion stems from a mistake made by many application developers who incorrectly assume that the root cause of a vulnerability is closed as soon as a particular exploit no longer works.

More: http://www.theregister.co.uk/2008/12/20/american_express_website_bug_redux/

Collapse -
Firefox 2.0.20 arrives with missed patch

In reply to: VULNERABILITIES \ FIXES - December 21, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.