HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 4, 2008

by Marianna Schmudlach / December 3, 2008 11:56 PM PST

Ubuntu update for net-snmp

Release Date: 2008-12-04

Critical:
Less critical
Impact: DoS
System access

Where: From local network
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.10
Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious people to spoof authenticated SNMPv3 packets, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
USN-685-1:
https://lists.ubuntu.com/archives/ubu...ty-announce/2008-December/000796.html

Other References:
SA30187:
http://secunia.com/advisories/30187/

SA30574:
http://secunia.com/advisories/30574/

SA32560:
http://secunia.com/advisories/32560/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 4, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 4, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Ubuntu update for awstats
by Marianna Schmudlach / December 3, 2008 11:58 PM PST

Release Date: 2008-12-04

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.10
Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Apply updated packages.

Original Advisory:
USN-686-1:
https://lists.ubuntu.com/archives/ubu...ty-announce/2008-December/000797.html

Other References:
SA31519:
http://secunia.com/advisories/31519/

Collapse -
MailingListPro Database Disclosure Security Issue
by Marianna Schmudlach / December 3, 2008 11:59 PM PST

Release Date: 2008-12-04

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: MailingListPro

Description:
AlpHaNiX has reported a security issue in MailingListPro, which can be exploited by malicious people to disclose sensitive information.

The security issue is caused due to the "db/MailingList.mdb" database file being stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information by downloading the file.

The vulnerability is reported in the "Free Edition" of MailingListPro.

Solution:
Restrict access to the database file.

Provided and/or discovered by:
AlpHaNiX

Original Advisory:
http://packetstorm.linuxsecurity.com/0812-exploits/codefixer-disclose.txt

Collapse -
W3matter RevSense "section" Cross-Site Scripting Vulnerabili
by Marianna Schmudlach / December 4, 2008 12:00 AM PST

Release Date: 2008-12-04

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: W3matter RevSense

Description:
Pouya_Server has reported a vulnerability in W3matter RevSense, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "section" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Pouya_Server

Original Advisory:
http://packetstorm.linuxsecurity.com/0812-exploits/revsense-sqlxss.txt

Collapse -
Sun Java JDK / JRE Multiple Vulnerabilities
by Marianna Schmudlach / December 4, 2008 12:01 AM PST

Release Date: 2008-12-04

Critical:
Highly critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote
Solution Status: Vendor Patch


Software: Java Web Start 1.x
Java Web Start 5.x
Java Web Start 6.x
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x

Description:
Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.

Solution:
Update to a fixed version.

JDK and JRE 6 Update 11:
http://java.sun.com/javase/downloads/index.jsp

JDK and JRE 5.0 Update 17:
http://java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.2_19:
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.1_24 (for customers with Solaris 8 and Vintage Support Offering support contracts):
http://java.sun.com/j2se/1.3/download.html

Provided and/or discovered by:
The vendor credits:
2) An anonymous researcher working with ZDI
3) iDefense
4) Sebastian Apelt working with iDefense
5, 6, 7) Peter Csepely working with ZDI
Cool Virtual Security Research
9) Billy Rios of Microsoft and Nate Mcfeters of Ernst and Young
10) Peter Csepely working with ZDI and John Heasman of NGSSoftware
12) Francisco Amato
13) Stefan Middendorf from Cirosec
14) Sami Koivu
15) "regenrecht" working with iDefense
17) Henri Torgemane and Sami Koivu
19) Jan Grant of Bristol University
20) Adam Gowdiak
21) University of Oulu

Original Advisory:
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244986-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244990-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-245246-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246266-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246346-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246366-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246386-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1

Virtual Security Research:
http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt




http://secunia.com/advisories/32991/

Collapse -
Rae Media Contact Management Software "Password" SQL Injecti
by Marianna Schmudlach / December 4, 2008 12:02 AM PST

Release Date: 2008-12-04

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Rae Media Contact Management Software

Description:
b3hz4d has reported a vulnerability in Rae Media Contact Management Software, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "Password" parameter in asadmin/default.asp (when "Submit" is set to "Login") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
b3hz4d

Original Advisory:
http://milw0rm.com/exploits/7333

Collapse -
RadAsm ".rap" Processing Buffer Overflow Vulnerability
by Marianna Schmudlach / December 4, 2008 12:03 AM PST

Release Date: 2008-12-04

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: RadAsm 2.x

Description:
Data_Sniper has discovered a vulnerability in RadAsm, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing RadAsm project files (".rap"). This can be exploited to cause a buffer overflow via a specially crafted ".rap" file containing an overly long "Group" entry.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 2.2.1.5 and reported in version 2.2.1.4. Other versions may also be affected.

Solution:
Do not open untrusted ".rap" files using RadAsm.

Provided and/or discovered by:
Data_Sniper

Original Advisory:
http://milw0rm.com/exploits/7334

Collapse -
Multi SEO phpBB "pfad" File Inclusion Vulnerability
by Marianna Schmudlach / December 4, 2008 12:04 AM PST

Release Date: 2008-12-04

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: Multi SEO phpBB 1.x

Description:
NoGe has discovered a vulnerability in Multi SEO phpBB, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "pfad" parameter in include/global.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local and external resources via URL-encoded NULL bytes.

This vulnerability is confirmed in version 1.1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
NoGe

Original Advisory:
http://milw0rm.com/exploits/7335

Collapse -
ImpressCMS Session Fixation Vulnerability
by Marianna Schmudlach / December 4, 2008 12:05 AM PST

Release Date: 2008-12-04

Critical:
Less critical
Impact: Hijacking

Where: From remote
Solution Status: Vendor Workaround


Software: ImpressCMS 1.x

Description:
A vulnerability has been reported in ImpressCMS, which can be exploited by malicious people to conduct session fixation attacks.

The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.

The vulnerability is reported in versions prior to 1.1.1 RC1.

Solution:
Fixed in version 1.1.1 RC1.

Provided and/or discovered by:
David Vieira-Kurz, HACKATTACK IT SECURITY GmbH

Original Advisory:
Impress CMS:
http://sourceforge.net/forum/forum.php?forum_id=893767

Collapse -
PowerDNS CH HINFO Denial of Service Vulnerability
by Marianna Schmudlach / December 4, 2008 12:06 AM PST

Release Date: 2008-12-04

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Vendor Patch


Software: PowerDNS 2.x

Description:
A vulnerability has been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing CH HINFO queries and can be exploited to cause a crash.

Successful exploitation may require that the server is running in single threaded mode (i.e. "distributor-threads=1").

The vulnerability is reported in versions prior to 2.9.21.2.

Solution:
Update to 2.9.21.2.

Provided and/or discovered by:
The vendor credits Daniel Drown.

Original Advisory:
http://doc.powerdns.com/powerdns-advisory-2008-03.html

Collapse -
Debian update for perl
by Marianna Schmudlach / December 4, 2008 12:07 AM PST

Release Date: 2008-12-04

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for perl. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerabilities are caused due to the reintroduction of CVE-2004-0452 and CVE-2005-0448.

Solution:
Apply updated packages.

Original Advisory:
DSA-1678-1:
http://lists.debian.org/debian-security-announce/2008/msg00270.html

Other References:
SA13643:
http://secunia.com/advisories/13643/

SA14531:
http://secunia.com/advisories/14531/

Collapse -
Drupal Storm Module SQL Injection Vulnerabilities
by Marianna Schmudlach / December 4, 2008 12:08 AM PST

Release Date: 2008-12-04

Critical:
Less critical
Impact: Manipulation of data

Where: From remote
Solution Status: Vendor Patch


Software: Storm 1.x (module for Drupal)

Description:
Jakub Suchy has reported some vulnerabilities in the Storm module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in the following versions:
- Storm for Drupal 5 prior to 5.x-1.14
- Storm for Drupal 6 prior to 6.x-1.18

Solution:
Update to version 5.x-1.14 or 6.x-1.18.

Provided and/or discovered by:
Jakub Suchy

Original Advisory:
SA-2008-072:
http://drupal.org/node/342246

Collapse -
Gallery MX "ID" SQL Injection Vulnerability
by Marianna Schmudlach / December 4, 2008 12:09 AM PST

Release Date: 2008-12-04

Critical:
Less critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Gallery MX 2.x

Description:
R3d D3v!L has reported a vulnerability in Gallery MX, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "ID" parameter in pics_pre.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 2.0.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d D3v!L

Original Advisory:
http://milw0rm.com/exploits/7326

Collapse -
Calendar Mx Professional "ID" SQL Injection Vulnerability
by Marianna Schmudlach / December 4, 2008 12:10 AM PST

Release Date: 2008-12-04

Critical:
Less critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Calendar Mx Professional 2.x

Description:
R3d D3v!L has reported a vulnerability in Calendar Mx Professional, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "ID" parameter in calendar_Eventupdate.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 2.0.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d D3v!L

Original Advisory:
http://milw0rm.com/exploits/7327

Collapse -
PHP ZipArchive::extractTo() Directory Traversal Vulnerabilit
by Marianna Schmudlach / December 4, 2008 12:11 AM PST

Release Date: 2008-12-04

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


Software: PHP 5.2.x

Description:
Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error within the "ZipArchive::extractTo()" function when extracting ZIP archives. This can be exploited to extract files to arbitrary locations outside the specified directory via directory traversal sequences in a specially crafted ZIP archive.

The vulnerability is reported in versions prior to 5.2.7.

Solution:
Update to version 5.2.7.

Provided and/or discovered by:
Stefan Esser

Original Advisory:
http://www.sektioneins.de/advisories/SE-2008-06.txt

Collapse -
Check Up System for Thai Healthcare "search" SQL Injection
by Marianna Schmudlach / December 4, 2008 12:12 AM PST

Release Date: 2008-12-04

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Check Up System for Thai Healthcare 4.x

Description:
CWH Underground has reported a vulnerability in Check Up System for Thai Healthcare, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "search" parameter in findoffice.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerability is reported in version 4.52. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://milw0rm.com/exploits/7328

Collapse -
Nagios Unspecified CGI Vulnerability
by Marianna Schmudlach / December 4, 2008 12:14 AM PST

Release Date: 2008-12-04

Critical:
Moderately critical
Impact: Unknown

Where: From remote
Solution Status: Vendor Patch


Software: Nagios 3.x

Description:
A vulnerability with an unknown impact has been reported in Nagios.

The vulnerability is caused due to an unspecified error within "the CGIs and related to adaptive external commands". No further information is currently available.

The vulnerability is reported in versions prior to 3.0.6.

Solution:
Update to version 3.0.6.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.nagios.org/news/#88

Collapse -
RSyslog "AllowedSender" Security Bypass Vulnerability
by Marianna Schmudlach / December 4, 2008 12:15 AM PST

Release Date: 2008-12-04

Critical:
Moderately critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch


Software: RSyslog 3.x



Description:
A vulnerability has been reported in RSyslog, which can be exploited by malicious people to bypass certain security restrictions.

The problem is that the "AllowedSender" configuration directive is not respected, allowing unrestricted network access to the application.

The vulnerability is reported in versions 3.12.1 through 3.20.0.

Solution:
Update to version 3.20.1.

The vendor recommends using a firewall in order to better control access to the application.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.rsyslog.com/Article322.phtml

Collapse -
Security update for VMware
by Marianna Schmudlach / December 4, 2008 12:40 AM PST

4 December 2008

VMware has issued updates to fix vulnerabilities in a number of its virtualisation solutions. One problem affecting virtually all products, with the exception of older versions of ESX(i) Server, is that a malicious request sent from a guest operating system to the virtual hardware can cause the virtual hardware to write to uncontrolled physical memory.

More: http://www.heise-online.co.uk/security/Security-update-for-VMware--/news/112153

Collapse -
ClamAV 0.94.2 resolves buffer overflow when scanning JPGs
by Marianna Schmudlach / December 4, 2008 12:41 AM PST

4 December 2008

With the release of version 0.94.2, the developers of ClamAV have fixed a flaw that could crash the scanner when it is parsing malformed jpegs. This is caused by a recursive buffer overflow that occurs when scanning thumbnails contained in the images. The thumbnails themselves are jpegs, and they are checked by the same ClamAV function cli_check_jpeg_exploit in libclamav/special.c used to check the original images.

More: http://www.heise-online.co.uk/security/ClamAV-0-94-2-resolves-buffer-overflow-when-scanning-JPGs--/news/112156

Collapse -
XP Service Pack 3 blocks .NET security patches
by Marianna Schmudlach / December 4, 2008 1:08 AM PST

By Susan Bradley

Installing SP3 on Windows XP eliminates the operating system's ability to install important security patches for Microsoft's .NET technology and possibly other software.

This problem forces XP SP3 users to apply patches manually to complete vital updates.

The new error is the latest in a long series of glitches relating to XP's SP3, which Scott Dunn described in his Sept. 11 Top Story. The issues include spontaneous rebooting of systems based on AMD chipsets, as documented by Jesper Johansson in a blog post from last May.

To determine whether your XP SP3 system has a version ? or multiple versions ? of the .NET Framework installed, open Control Panel's Add or Remove Programs applet and look for it among the list of currently installed programs. If you don't see any .NET entries, you don't have the framework installed on your system and needn't be concerned about the update problem.

More: http://windowssecrets.com/comp/081204/

Collapse -
Yep, We Noticed Such Here..
by Grif Thomas Forum moderator / December 4, 2008 2:00 AM PST

Recently, I had to install .NET Framework 3.5 SP1 to all our XP SP3 machines because of ASPNET issues with the SQL server software. They had not updated automatically. Once manually updated, things were good again.

Hope this helps.

Grif

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.