Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - February 9, 2009

by Marianna Schmudlach / February 8, 2009 11:35 PM PST

Avaya Products OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing

Release Date: 2009-02-09

Critical:
Moderately critical
Impact: Spoofing

Where: From remote
Solution Status: Unpatched


OS: Avaya Message Networking 2.x
Avaya Modular Messaging 2.x
Avaya Modular Messaging 3.x



Software: Avaya Application Enablement Services 3.x
Avaya Application Enablement Services 4.x
Avaya Communication Manager 3.x
Avaya Communication Manager 4.x
Avaya Communication Manager 5.x
Avaya Modular Messaging 4.x

Description:
Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to conduct spoofing attacks.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm

Other References:
SA33338:
http://secunia.com/advisories/33338/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - February 9, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - February 9, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Avaya CMS Solaris "autofs" Kernel Module Vulnerability
by Marianna Schmudlach / February 8, 2009 11:36 PM PST

Release Date: 2009-02-09

Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system
Solution Status: Unpatched


OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially to gain escalated privileges.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2009-041.htm

Other References:
SA33665:
http://secunia.com/advisories/33665/

Collapse -
Avaya CMS Solaris IP Minor Numbers Denial of Service Vulnera
by Marianna Schmudlach / February 8, 2009 11:37 PM PST

Release Date: 2009-02-09

Critical:
Not critical
Impact: DoS

Where: Local system
Solution Status: Unpatched


OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2009-042.htm

Other References:
SA33751:
http://secunia.com/advisories/33751/

Collapse -
Avaya CMS Solaris IP-in-IP Processing Denial of Service Vuln
by Marianna Schmudlach / February 8, 2009 11:38 PM PST

Release Date: 2009-02-09

Critical:
Not critical
Impact: DoS

Where: Local system
Solution Status: Unpatched


OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2009-043.htm

Other References:
SA33727:
http://secunia.com/advisories/33727/

Collapse -
PHP-Calendar Two Information Disclosure Security Issues
by Marianna Schmudlach / February 8, 2009 11:39 PM PST

Release Date: 2009-02-09

Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: PHP-Calendar 1.x

Description:
Two security issues have been reported in PHP-Calendar, which can be exploited by malicious people to disclose sensitive information.

The "update08.php" and "update10.php" scripts are stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information (e.g. database host, user name, password, name, table prefix, and type) by requesting the files directly.

The security issues are reported in version 1.1. Other versions may also be affected.

Solution:
Delete the update scripts after successfully updating the system.

Provided and/or discovered by:
Justin C. Klein Keane

Collapse -
Debian update for boinc
by Marianna Schmudlach / February 8, 2009 11:41 PM PST

Release Date: 2009-02-09

Critical:
Less critical
Impact: Spoofing

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for boinc. This fixes a vulnerability, which can potentially be exploited by malicious people to conduct spoofing attacks.

Solution:
Apply updated packages.

Original Advisory:
DSA-1718-1:
http://lists.debian.org/debian-security-announce/2009/msg00027.html

Other References:
SA33806:
http://secunia.com/advisories/33806/

Collapse -
ilchClan "X-Forwarded-For" SQL Injection Vulnerability
by Marianna Schmudlach / February 8, 2009 11:42 PM PST

Release Date: 2009-02-09

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Vendor Patch


Software: ilchClan 1.x

Description:
Gizmore has discovered a vulnerability in ilchClan, which can be exploited by malicious people to conduct SQL Injection attacks.

Input passed via the "X-Forwarded-For" HTTP header to the "getip()" function in include/includes/func/statistic.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is confirmed in version 1.1L. Prior versions may also be affected.

Solution:
Update to version 1.1M.

Provided and/or discovered by:
Gizmore, wechall.net

Original Advisory:
http://www.ilch.de/news-188.html

Collapse -
SilverNews "section" Local File Inclusion Vulnerability
by Marianna Schmudlach / February 8, 2009 11:43 PM PST

Release Date: 2009-02-09

Critical:
Less critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SilverNews 2.x

Description:
x0r has discovered a vulnerability in SilverNews, which can be exploited by malicious users to disclose sensitive information.

Input passed to the "section" parameter in admin.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Successful exploitation requires administrative access to the application.

The vulnerability is confirmed in version 2.0.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Grant only trusted users administrative access to the application.

Provided and/or discovered by:
x0r

Original Advisory:
http://milw0rm.com/exploits/8004

Collapse -
Gentoo update for sudo
by Marianna Schmudlach / February 8, 2009 11:44 PM PST

Release Date: 2009-02-09

Critical:
Not critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

Solution:
Update to "app-admin/sudo-1.7.0" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200902-01.xml

Other References:
SA33753:
http://secunia.com/advisories/33753/

Collapse -
Avaya CMS BIND "EVP_VerifyFinal()" and "DSA_do_verify()" Spo
by Marianna Schmudlach / February 8, 2009 11:45 PM PST

Release Date: 2009-02-09

Critical:
Less critical
Impact: Spoofing

Where: From remote
Solution Status: Unpatched


OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious people to conduct spoofing attacks.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm

Other References:
SA33683:
http://secunia.com/advisories/33683/

Collapse -
MediaWiki Installer Cross-Site Scripting Vulnerabilities
by Marianna Schmudlach / February 8, 2009 11:46 PM PST

Release Date: 2009-02-09

Critical:
Not critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: MediaWiki 1.x

Description:
Some vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via unspecified parameters to config/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the installer has not yet been used to install the wiki.

Solution:
Update to version 1.13.4, 1.12.4, or 1.6.12.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES

http://secunia.com/advisories/33881/

Collapse -
FotoWeb "s" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / February 8, 2009 11:47 PM PST

Release Date: 2009-02-09

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: FotoWeb 6.x

Description:
A vulnerability has been reported in FotoWeb, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "s" form field in cmdrequest/Login.fwx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

This vulnerability is reported in version 6.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Stelios Tigkas, FortConsult

Original Advisory:
http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf

Collapse -
glFusion "username" Script Insertion Vulnerability
by Marianna Schmudlach / February 8, 2009 11:48 PM PST

Release Date: 2009-02-09

Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: glFusion 1.x

Description:
A vulnerability has been reported in glFusion, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the "username" parameter to lib-comment.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious comment is viewed.

Successful exploitation of this vulnerability requires that anonymous comments are enabled.

This vulnerability is reported in version 1.1.1. Other versions may also be affected.

Solution:
Apply security update.

Provided and/or discovered by:
Bjarne Mathiesen Schacht

Original Advisory:
glFusion:
http://www.glfusion.org/article.php/xsscomments

FortConsult:
http://www.fortconsult.net/images/pdf/advisories/glFusion-xss-advisory.pdf

Collapse -
Wicd D-Bus Configuration Information Disclosure Security Iss
by Marianna Schmudlach / February 8, 2009 11:50 PM PST

Release Date: 2009-02-09

Critical:
Less critical
Impact: Exposure of sensitive information

Where: Local system
Solution Status: Vendor Patch


Software: Wicd 1.x

Description:
A security issue has been reported in Wicd, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to the application's D-Bus configuration file allowing unrestricted access to the org.wicd.daemon object. This can be exploited to read Wicd messages and potentially disclose e.g. wireless network credentials.

The security issue issue is reported in versions prior to 1.5.9.

Solution:
Update to version 1.5.9.

Provided and/or discovered by:
Tiziano Mueller, Gentoo

Original Advisory:
http://www.openwall.com/lists/oss-security/2009/02/06/4
http://bazaar.launchpad.net/~wicd-devel/wicd/trunk/revision/222

Collapse -
Trend Micro InterScan Web Security Suite Security Bypass
by Marianna Schmudlach / February 8, 2009 11:51 PM PST

Release Date: 2009-02-09

Critical:
Less critical
Impact: Security Bypass

Where: From local network
Solution Status: Vendor Patch


Software: Trend Micro InterScan Web Security Suite for Windows 3.x

Description:
Julien Cayssol has reported a vulnerability in Trend Micro InterScan Web Security Suite, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to an access control error in multiple JSP pages and can be exploited to modify the certain configuration values and e.g. create an administrator account.

Successful exploitation requires "Auditor" or "Report Only" credentials.

The vulnerability is reported in version 3.1.

Solution:
Apply patch.
http://www.trendmicro.com/ftp/products/patches/iwss_31_win_en_cp1237.zip

Provided and/or discovered by:
Julien Cayssol

Original Advisory:
Trend Micro:
http://www.trendmicro.com/ftp/documen.../iwss_31_win_en_readme_CP_1237_EN.txt

Collapse -
Google Chrome URI Handler Registration Vulnerability
by Marianna Schmudlach / February 8, 2009 11:52 PM PST

Release Date: 2009-02-09

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


Software: Google Chrome 1.x

Description:
A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to the application registering itself as a handler for certain URIs in an improper way. This can be exploited to inject arbitrary command line arguments and potentially execute arbitrary commands by tricking the user into clicking a specially crafted link in a different browser.

The vulnerability is reported in versions prior to 1.0.154.48.

Solution:
Update to version 1.0.154.48.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sites.google.com/a/chromium.or...-channel/release-notes/release1015448

Other References:
SA25984:
http://secunia.com/advisories/25984/

Collapse -
Strange...When I Click the Secunia Adisory Link
by tobeach / February 9, 2009 2:16 PM PST

it shows this vulnerability as reported & updated 7th & 20th of
JULY, 2007!! Is this an error or has it really taken 1 1/2 years to get here? Confused Sandy Grin

Collapse -
HP printer hack risk prompts update
by Marianna Schmudlach / February 8, 2009 11:56 PM PST

Firmware update guards against file snaffling

By John Leyden
9th February 2009

Users of HP LaserJet printers need to apply a firmware update following the discovery of a potentially troublesome vulnerability.

The security bug creates a means for hackers to gain access to files sent to printers via the web administration console on vulnerable machines. A security advisory from HP explains various versions of its HP Digital Senders as well as HP LaserJet printers and HP Color LaserJet printers are all potentially vulnerable.

Users of HP LaserJet 2410, 2420, 2430, 4250, 4350, 9040, and 9050 series all need to upgrade their printer's firmware software to a secure version. HP Color LaserJet 4730mfp, HP Color LaserJet 9500mfp and HP 9200C Digital Sender users also need to update.

More:http://www.theregister.co.uk/2009/02/09/hp_printer_firmware_update/

Collapse -
HP Network Node Manager patched
by Marianna Schmudlach / February 8, 2009 11:58 PM PST

9 February 2009

Hewlett Packard has released patches for its Network Node Manager (NNM) which aim to close several vulnerabilities, including some which allow for remote execution of code. The problems are caused by buffer overflows and received parameters being passed to other processes unchecked. It is the latter hole that allows for the injection of commands by an attacker. The rights with which the server executes those injected commands is dependent on the operating system that NNM is running on.

More: http://www.heise-online.co.uk/security/HP-Network-Node-Manager-patched--/news/112599

Collapse -
Kaspersky hack: Kaspersky respond
by Marianna Schmudlach / February 8, 2009 11:59 PM PST

9 February 2009

In a response to reports that the Kaspersky web site had been leaking information, Kaspersky.com has released a statement which reads "A vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site. Upon detection of the vulnerability Kaspersky Lab USA immediately took action to roll back the subsection of the site to eliminate the risk". The response claims that as this was an attack on the US site, UK users were unaffected. Kaspersky also said "It is important to stress that the attack did not have a malicious end and no data was exposed due to the vulnerability".

More: http://www.heise-online.co.uk/security/Kaspersky-hack-Kaspersky-respond--/news/112601

Collapse -
DDoS attacks on security sites
by Marianna Schmudlach / February 9, 2009 12:01 AM PST

9 February 2009

A distributed denial of service attack disabled various security sites, including Metasploit, Packetstorm, Immunity and Milw0rm for periods of time over the weekend. The attack appears to have originated from a botnet, whose bots established TCP connections and made HTTP requests on port 80. The flood of queries was even able to follow the DNS being changed to other IP addresses. According to HD Moore, the brains behind Metasploit, the attack has now ebbed and the websites are back to full availability.

More: http://www.heise-online.co.uk/security/DDoS-attacks-on-security-sites--/news/112602

Collapse -
New security initiative at PayPal
by Marianna Schmudlach / February 9, 2009 12:02 AM PST

9 February 2009

Early this year, PayPal, the eBay online transaction subsidiary, introduced a new security measure for their customers in the form of a hardware Security Key. The key is a key fob device, rather like a pager. In use, a single button press generates a six digit password, which is entered at the user logon. In addition to the user name and original password, this provides users with two factor authentication for their account access. As an alternative to the PayPal Security Key a similar service is available that delivers the six digit number via a mobile phone.

More: http://www.heise-online.co.uk/security/New-security-initiative-at-PayPal--/news/112598

Collapse -
BitDefender website also leaking
by Marianna Schmudlach / February 9, 2009 12:03 AM PST

9 February 2009

BitDefender's Portuguese website has been found to be vulnerable to SQL injection attacks. Kaspersky's web site was hacked over the weekend using the technique, and now, the same hacker has found that the Portuguese website of the maker of BitDefender AntiVirus is vulnerable to a similar attack. The hacker, who goes by the name of "unu", has published screenshots of the compromise as evidence of the vulnerability.

More: http://www.heise-online.co.uk/security/BitDefender-website-also-leaking--/news/112603

Collapse -
TYPO3 Critical security issue
by Marianna Schmudlach / February 9, 2009 12:04 AM PST

9 February 2009

Tomorrow, the 10th of February, the TYPO3 security team will be posting a security bulletin, on typo3.org at 9:00 am GMT regarding a "critical security issue." Updates for TYPO3 versions 4.2.x, 4.1.x and 4.0.x, as well as patches for versions 3.3, 3.5, 3.6, 3.7, 3.8 and 4.3 Alpha 1 will be released at the same time.

More: http://www.heise-online.co.uk/security/TYPO3-Critical-security-issue--/news/112604

Collapse -
Largest Bulletin PHP Board providers compromised
by Marianna Schmudlach / February 9, 2009 10:31 AM PST

February 9, 2009

I regularly contribute and help run a couple of Internet Bulletin Boards in my spare time, and it was while running one of these this morning that something quite interesting popped up. On this particular site I had installed PHPBB (which holds the largest Market Share for Internet boards), and my version was a bit out of date so I thought it was time to wander over to http://www.phpbb.com and grab the latest update. To my surprise I came across:


Figure 1. PHPBB warning message.

More: http://blog.trendmicro.com/

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.