Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 3, 2008

by Marianna Schmudlach / December 3, 2008 12:45 AM PST

Gentoo update for mantisbt

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: Exposure of sensitive information
System access

Where: From remote
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for mantisbt. This fixes a security issue and a vulnerability, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

Solution:
Update to "www-apps/mantisbt-1.1.4-r1" or later.

Original Advisory:
GLSA-200812-07:
http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml

Other References:
SA32243:
http://secunia.com/advisories/32243/

SA32314:
http://secunia.com/advisories/32314/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 3, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 3, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Gentoo update for libxml2
by Marianna Schmudlach / December 3, 2008 12:46 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update to libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Solution:
Update to "dev-libs/libxml2-2.7.2-r1" or later.

Original Advisory:
GLSA-200812-06:
http://www.gentoo.org/security/en/glsa/glsa-200812-06.xml

Other References:
SA31558:
http://secunia.com/advisories/31558/

SA32130:
http://secunia.com/advisories/32130/

SA32773:
http://secunia.com/advisories/32773/

Collapse -
Gentoo update for lighttpd
by Marianna Schmudlach / December 3, 2008 12:47 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: Security Bypass
Exposure of sensitive information
DoS

Where: From remote
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for lighttpd. This fixes a weakness and two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

Solution:
Update to "www-servers/lighttpd-1.4.20" or later.

Original Advisory:
GLSA-200812-04:
http://www.gentoo.org/security/en/glsa/glsa-200812-04.xml

Other References:
SA32069:
http://secunia.com/advisories/32069/

Collapse -
Gentoo update for ipsec-tools
by Marianna Schmudlach / December 3, 2008 12:48 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for ipsec-tools. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

Solution:
Update to "net-firewall/ipsec-tools-0.7.1" or later.

Original Advisory:
GLSA-200812-03:
http://www.gentoo.org/security/en/glsa/glsa-200812-03.xml

Other References:
SA31450:
http://secunia.com/advisories/31450/

SA31478:
http://secunia.com/advisories/31478/

Collapse -
Gentoo update for enscript
by Marianna Schmudlach / December 3, 2008 12:49 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for enscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Update to "app-text/enscript-1.6.4-r4" or later.

Original Advisory:
GLSA-200812-02:
http://www.gentoo.org/security/en/glsa/glsa-200812-02.xml

Other References:
SA32137:
http://secunia.com/advisories/32137/

Collapse -
HP-UX Unspecified Local Denial of Service Vulnerability
by Marianna Schmudlach / December 3, 2008 12:50 AM PST

Release Date: 2008-12-03

Critical:
Not critical
Impact: DoS

Where: Local system
Solution Status: Vendor Patch


OS: HP-UX 11.x

Description:
A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in HP-UX B.11.31.

Solution:
Apply patch PHKL_38987 or subsequent.
http://itrc.hp.com

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBUX02389 SSRT080141:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01615952

Collapse -
Fedora update for samba
by Marianna Schmudlach / December 3, 2008 12:51 AM PST

Release Date: 2008-12-03

Critical:
Less critical
Impact: Exposure of sensitive information

Where: From local network
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for samba. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information.

Solution:
Apply updated packages using the yum utility ("yum update samba").

Original Advisory:
FEDORA-2008-10638:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00141.html

FEDORA-2008-10518:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00021.html

Other References:
SA32813:
http://secunia.com/advisories/32813/

Collapse -
Fedora update for lynx
by Marianna Schmudlach / December 3, 2008 12:52 AM PST

Release Date: 2008-12-03

Critical:
Not critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for lynx. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when handling certain "lynxcgi:"-URLs, which can be exploited to execute arbitrary commands by e.g. tricking a user into following a malicious URL.

Solution:
Apply updated packages using the yum utility ("yum update lynx").

Original Advisory:
FEDORA-2008-9597:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00143.html

FEDORA-2008-9550:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00066.html

Collapse -
Fedora update for wordpress
by Marianna Schmudlach / December 3, 2008 12:53 AM PST

Release Date: 2008-12-03

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for wordpress. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.

Solution:
Apply updated packages using the yum utility ("yum update wordpress").

Original Advisory:
FEDORA-2008-10468:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00176.html

FEDORA-2008-10483:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00000.html

Other References:
SA32882:
http://secunia.com/advisories/32882/

Collapse -
VMware ESX / ESXi Virtual Hardware Memory Corruption Vulnera
by Marianna Schmudlach / December 3, 2008 12:54 AM PST

Release Date: 2008-12-03

Critical:
Less critical
Impact: Security Bypass

Where: Local system
Solution Status: Vendor Patch


OS: VMware ESX Server 3.x
VMware ESXi 3.x

Description:
A vulnerability has been reported in VMware ESX / ESXi, which can be exploited by malicious, local users to bypass certain security restrictions.

Solution:
Apply patches.

ESXi 3.5:
Apply ESXe350-200811401-O-SG.
http://download3.vmware.com/software/vi/ESXe350-200811401-O-SG.zip

ESX 3.5:
Apply ESX350-200811401-SG.
http://download3.vmware.com/software/vi/ESX350-200811401-SG.zip

ESX 3.0.3:
Apply ESX303-200811401-BG.
http://download3.vmware.com/software/vi/ESX303-200811401-BG.zip

ESX 3.0.2:
Apply ESX-1006980.
http://download3.vmware.com/software/vi/ESX-1006980.tgz

Provided and/or discovered by:
The vendor credits Andrew Honig from the Department of Defense.

Original Advisory:
VMSA-2008-0019:
http://lists.vmware.com/pipermail/security-announce/2008/000046.html

Other References:
SA32612:
http://secunia.com/advisories/32612/

Collapse -
Ubuntu update for imlib2
by Marianna Schmudlach / December 3, 2008 12:55 AM PST

Release Date: 2008-12-03

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.10
Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for imlib2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.


Solution:
Apply updated packages.

Original Advisory:
USN-683-1:
https://lists.ubuntu.com/archives/ubu...ty-announce/2008-December/000794.html

Other References:
SA32796:
http://secunia.com/advisories/32796/

Collapse -
Gentoo update for optipng
by Marianna Schmudlach / December 3, 2008 12:57 AM PST

Release Date: 2008-12-03

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for optipng. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

Solution:
Update to "media-gfx/optipng-0.6.2" or later.

Original Advisory:
GLSA-200812-01:
http://www.gentoo.org/security/en/glsa/glsa-200812-01.xml

Other References:
SA32651:
http://secunia.com/advisories/32651/

Collapse -
SUSE update for kernel
by Marianna Schmudlach / December 3, 2008 12:58 AM PST

Release Date: 2008-12-03

Critical:
Not critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for the kernel. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

Solution:
Apply updated packages.

Original Advisory:
SUSE-SA:2008:056:
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html

Other References:
SA25895:
http://secunia.com/advisories/25895/

Collapse -
VMware ESX Server update for bzip2
by Marianna Schmudlach / December 3, 2008 12:59 AM PST

Release Date: 2008-12-03

Critical:
Less critical
Impact: DoS

Where: From remote
Solution Status: Partial Fix


OS: VMware ESX Server 2.x
VMware ESX Server 3.x

Description:
VMware has issued an update for VMware ESX Server. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply patches.

Original Advisory:
VMSA-2008-0019:
http://lists.vmware.com/pipermail/security-announce/2008/000046.html

Other References:
SA29410:
http://secunia.com/advisories/29410/

Collapse -
Debian update for awstats
by Marianna Schmudlach / December 3, 2008 1:00 AM PST

Release Date: 2008-12-03

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Apply updated packages.

Original Advisory:
DSA-1679-1:
http://lists.debian.org/debian-security-announce/2008/msg00271.html

Other References:
SA31519:
http://secunia.com/advisories/31519/

Collapse -
iNet Orkut Clone "id" SQL Injection and Cross-Site Scripting
by Marianna Schmudlach / December 3, 2008 1:01 AM PST

Release Date: 2008-12-03

Critical:
Less critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: iNet Orkut Clone

Description:
d3b4g has reported some vulnerabilities in iNet Orkut Clone, which can be exploited by malicious users to conduct SQL injection attacks and malicious people to conduct cross-site scripting attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
d3b4g

Original Advisory:
http://packetstorm.linuxsecurity.com/0812-exploits/orkut-sqlxss.txt

Collapse -
Ubuntu update for clamav
by Marianna Schmudlach / December 3, 2008 1:03 AM PST
Collapse -
Movable Type Unspecified Cross-Site Scripting Vulnerability
by Marianna Schmudlach / December 3, 2008 1:04 AM PST

Release Date: 2008-12-03

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: Movable Type 3.x
Movable Type 4.x
Movable Type Enterprise 1.x



Description:
A vulnerability has been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

This vulnerability is reported in the following versions. Other versions may also be affected.
- Movable Type 4
- Movable Type 4 Enterprise
- Movable Type 4 Community Edition
- Movable Type 4 (Open Source)
- Movable Type 3
- Movable Type Enterprise 1.5

Solution:
Update to the latest version.

Movable Type 4.23 (Open Source)
Movable Type 4.23 (Professional Pack Community Pack included)
Movable Type Commercial 4.23 (Professional Pack included)
Movable Type Enterprise 4.23
Movable Type 3.38
Movable Type Enterprise 1.56

Provided and/or discovered by:
JVN credits Mr. Yousuke Hasegawa, Net Agent Co. Ltd.

Original Advisory:
JVN:
http://jvn.jp/jp/JVN02216739/index.html

Movable Type:
http://www.movabletype.jp/blog/_movable_type_423.html

Collapse -
WebGUI Executable Attachments Vulnerability
by Marianna Schmudlach / December 3, 2008 1:05 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Workaround


Software: WebGUI 7.x

Description:
A vulnerability has been reported in WebGUI, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to certain email attachments not being properly restricted from being stored. This can be exploited to e.g. execute arbitrary PHP and Perl code by sending an email containing a malicious attachment to the collaboration system. The attached file is executed if viewed from within the collaboration web view.

Successful exploitation requires that the web server is configured to execute the uploaded file type.

Solution:
Reportedly, this will be fixed in version 7.5.35, which should be available soon.

Fixed in version 7.6.5 (beta).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.webgui.org/getwebgui/advisories/security-executable-upload-problem

Collapse -
mvnForum Unspecified Cross-Site Scripting and Request Forger
by Marianna Schmudlach / December 3, 2008 1:06 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: mvnForum 1.x

Description:
Some vulnerabilities have been reported in mvnForum, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

Solution:
Update to version 1.2.1 GA.

Provided and/or discovered by:
Dau Huy Ngoc, reported via SVRT-Bkis

Original Advisory:
SVRT-Bkis:
http://security.bkis.vn/?p=286

mvnForum:
http://www.mvnforum.com/mvnforum/viewthread_thread,4361

Collapse -
Ocean12 Mailing List Manager Gold Multiple Vulnerabilities
by Marianna Schmudlach / December 3, 2008 1:07 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Ocean12 Mailing List Manager Gold 2.x

Description:
Pouya_Server has reported some vulnerabilities in Ocean12 Mailing List Manager Gold, which can be exploited by malicious users and people to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

Solution:
Edit the source code to ensure that input is properly sanitised.
Move the database file out of the web root.

Provided and/or discovered by:
Pouya_Server

Original Advisory:
http://milw0rm.com/exploits/7319

Collapse -
Sunbyte e-Flower "id" SQL Injection Vulnerability
by Marianna Schmudlach / December 3, 2008 1:08 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Sunbyte e-Flower

Description:
W4RL0CK has reported a vulnerability in Sunbyte e-Flower, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in popupproduct.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
W4RL0CK

Original Advisory:
http://milw0rm.com/exploits/7323

Collapse -
Kolab Server ClamAV Multiple Vulnerabilities
by Marianna Schmudlach / December 3, 2008 1:09 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


Software: Kolab Server 2.x

Description:
Some vulnerabilities have been reported in Kolab Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

Solution:
Upgrade the ClamAV package to version 0.94.2. See vendor's advisory for details.

Original Advisory:
http://kolab.org/security/kolab-vendor-notice-23.txt

Other References:
SA32663:
http://secunia.com/advisories/32663/

SA32926:
http://secunia.com/advisories/32926/

Collapse -
SquirrelMail Malformed HTML Mail Message Script Insertion
by Marianna Schmudlach / December 3, 2008 1:10 AM PST

Release Date: 2008-12-03

Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: SquirrelMail 1.x

Description:
Ivan Markovic has discovered a vulnerability in SquirrelMail, which can be exploited by malicious people to conduct script insertion attacks.

Input passed as HTML parts of e-mail messages is not properly sanitised for malformed HTML before being viewed. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when a malicious e-mail message is opened.

Successful exploitation requires that "Show HTML Version by Default" is enabled in "Options -> Display Preferences".

The vulnerability is confirmed in version 1.4.16 and reported in version 1.4.15. Prior versions may also be affected.

Solution:
Do not open untrusted e-mail messages.

The vendor will release a fixed version later today.

Provided and/or discovered by:
Ivan Markovic, security-net.biz

Collapse -
Frame Pointer Overwrite Demonstration (Linux)
by Marianna Schmudlach / December 3, 2008 1:12 AM PST

3 Dec. 2008

Summary
This paper assumes you have read the proper background information and/or technical details about the above subject. If not, please do so, because this read does not include key concepts but instead technical exploitation examples. That being said, enjoy. Knowledge is power.

Credit:
The information has been provided by Jeremy Brown.

http://www.securiteam.com/securityreviews/6M0010UNFQ.html

Collapse -
SonicWALL server switches off protective functions
by Marianna Schmudlach / December 3, 2008 1:55 AM PST
Collapse -
Viewing subversion repositories online with WebSVN 2.1
by Marianna Schmudlach / December 3, 2008 1:56 AM PST
Collapse -
Adobe admits Acrobat 9 passwords can be guessed more quickly
by Marianna Schmudlach / December 3, 2008 1:59 AM PST
Collapse -
Java 6 update 11 available
by Marianna Schmudlach / December 3, 2008 2:00 AM PST

3 December 2008

Sun has released new versions of Java. Available to download now are versions JDK and JRE 6 Update 11 ? JDK and JRE 5.0 Update 17 ? SDK and JRE 1.4.2_19 as well as SDK and JRE 1.3.1_24. Sun says it has fixed several security holes in the new versions, but does not go into any detail. The release of Java 6 Update 11 is also the prelude to tomorrows official release of the JavaFX platform.

More: http://www.heise-online.co.uk/security/Java-6-update-11-available--/news/112139

Collapse -
Encrypting hard disk housing cracked
by Marianna Schmudlach / December 3, 2008 2:02 AM PST

3 December 2008

Another encrypting USB hard disk housing with RFID technology is put on the market ? again the vendor advertises AES encryption ? and once more, we manage to crack its encryption within a few minutes.

With its Digittrade Security hard disk, the German vendor Digittrade has launched another hard disk housing based on the unsafe IM7206 controller by the Chinese manufacturer Innmax. The German vendor prominently advertises the product's strong 128-bit AES encryption on its packaging and web page. In practice, however, the hard disk data is only encrypted using a primitive XOR mechanism with an identical 512-Byte block for each sector. This type of encryption is easily cracked, even without in-depth cryptography knowledge; in our test, unscrewing the housing took longer than cracking its encryption mechanism.

More: http://www.heise-online.co.uk/security/Encrypting-hard-disk-housing-cracked--/news/112141

Collapse -
VMware security advisories
by Marianna Schmudlach / December 3, 2008 5:58 AM PST

Published: 2008-12-03,
Last Updated: 2008-12-03 10:38:18 UTC
by Stephen Hall (Version: 1)
1 comment(s)
VMWare have today released a security advisory, and updated another.

- VMSA-2008-0019 (new advisory)

http://lists.vmware.com/pipermail/security-announce/2008/000046.html

This impacts :

VMware Workstation 6.0.5 and earlier
VMware Workstation 5.5.8 and earlier
VMware Player 2.0.5 and earlier
VMware Player 1.0.8 and earlier
VMware Server 1.0.9 and earlier
VMware ESX(i) 3.5 and 3.0.2


More: http://isc.sans.org/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?