Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - January 14, 2009

by Marianna Schmudlach / January 14, 2009 12:10 AM PST

Ubuntu hplip Privilege Escalation Security Issue

Release Date: 2009-01-14

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Ubuntu Linux 7.10

Description:
Ubuntu has acknowledged a security issue in hplip, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to the "postinst" script of the hplip package trying to change the permissions of user config files in an insecure manner, which can be exploited to gain root privileges when e.g. installing or updating the hplip package.

Solution:
Apply updated packages.

Provided and/or discovered by:
Reported in an Ubuntu bug.

Original Advisory:
USN-708-1:
https://lists.ubuntu.com/archives/ubu...ity-announce/2009-January/000826.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - January 14, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - January 14, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Red Hat update for java-1.5.0-ibm
by Marianna Schmudlach / January 14, 2009 12:11 AM PST

Release Date: 2009-01-14

Critical:
Highly critical
Impact: DoS
System access
Exposure of sensitive information
Exposure of system information
Security Bypass

Where: From remote
Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
RHSA-2009-0016:
https://rhn.redhat.com/errata/RHSA-2009-0016.html

Other References:
SA32991:
http://secunia.com/advisories/32991/

Collapse -
Oracle BEA WebLogic Portal Security Bypass Vulnerability
by Marianna Schmudlach / January 14, 2009 12:12 AM PST

Release Date: 2009-01-14

Critical:
Moderately critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch


Software: BEA WebLogic Portal 10.x
BEA WebLogic Portal 8.x
BEA WebLogic Portal 9.x

Description:
A vulnerability has been reported in Oracle BEA WebLogic Portal, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error. No further details are currently available.

The vulnerability is reported in the following versions:
* WebLogic Portal 10.3 GA, on all platforms
* WebLogic Portal 10.2 GA, on all platforms
* WebLogic Portal 10.0 released through Maintenance Pack 1, on all platforms
* WebLogic Portal 9.2 released through Maintenance Pack 3, on all platforms
* WebLogic Portal 8.1 released through Service Pack 6, on all platforms

Solution:
Apply the patches (see vendor advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
BEA:
https://support.bea.com/application_c...portlets/securityadvisories/2808.html

Collapse -
IBM DB2 Denial of Service Vulnerabilities
by Marianna Schmudlach / January 14, 2009 12:13 AM PST

Release Date: 2009-01-14

Critical:
Less critical
Impact: DoS

Where: From local network
Solution Status: Vendor Patch


Software: IBM DB2 9.x

Description:
Some vulnerabilities have been reported in IBM DB2, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply patches.
http://www-01.ibm.com/support/docview.wss?uid=swg27007053

IBM DB2 9.1:
Apply Fixpack 6a.

IBM DB2 9.5:
Apply Fixpack 3a.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (IZ36534, IZ37697, IZ39373, IZ39653):
http://www-01.ibm.com/support/docview.wss?uid=swg21363936

Collapse -
Red Hat update for java-1.6.0-ibm
by Marianna Schmudlach / January 14, 2009 12:14 AM PST

Release Date: 2009-01-14

Critical:
Highly critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote
Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.6.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
RHSA-2009-0015:
https://rhn.redhat.com/errata/RHSA-2009-0015.html

Other References:
SA32991:
http://secunia.com/advisories/32991/

Collapse -
rPath update for samba, samba-client, and samba-server
by Marianna Schmudlach / January 14, 2009 12:15 AM PST

Release Date: 2009-01-14

Critical:
Less critical
Impact: Exposure of sensitive information

Where: From local network
Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for samba, samba-client, and samba-server. This fixes a vulnerability, which can potentially be exploited by malicious people to disclose sensitive information.

Solution:
Update to the fixed versions:
* samba=conary.rpath.com@rpl:1/3.0.33-0.1-2
* samba-client=conary.rpath.com@rpl:1/3.0.33-0.1-2
* samba-client=rap.rpath.com@rpath:linux-1/3.0.33-1-1
* samba-server=conary.rpath.com@rpl:1/3.0.33-0.1-2
* samba-swat=conary.rpath.com@rpl:1/3.0.33-0.1-2

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0006

Other References:
SA32813:
http://secunia.com/advisories/32813/

Collapse -
Oracla BEA WebLogic Server Multiple Vulnerabilities
by Marianna Schmudlach / January 14, 2009 12:16 AM PST

Release Date: 2009-01-14

Critical:
Highly critical
Impact: Exposure of sensitive information
DoS
System access

Where: From remote
Solution Status: Vendor Patch


Software: BEA WebLogic Express 10.x
BEA WebLogic Express 7.x
BEA WebLogic Express 8.x
BEA WebLogic Express 9.x
BEA WebLogic Server 10.x
BEA WebLogic Server 7.x
BEA WebLogic Server 8.x
BEA WebLogic Server 9.x


Description:
Some vulnerabilities have been reported in Oracle BEA WebLogic Server, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

Solution:
Apply the patches (see vendor advisories for details).

Provided and/or discovered by:
1) Vulnerability Research Team, Assurent Secure Technologies

Changelog:
2009-01-14: Updated vulnerability #1 in "Description" with additional information provided by the Vulnerability Research Team of Assurent Secure Technologies.

Original Advisory:
BEA:
https://support.bea.com/application_c...portlets/securityadvisories/2809.html
https://support.bea.com/application_c...portlets/securityadvisories/2807.html
https://support.bea.com/application_c...portlets/securityadvisories/2810.html
https://support.bea.com/application_c...portlets/securityadvisories/2811.html

Collapse -
Oracle Products Multiple Vulnerabilities
by Marianna Schmudlach / January 14, 2009 12:18 AM PST

Release Date: 2009-01-14

Critical:
Highly critical
Impact: Unknown
Cross Site Scripting
Manipulation of data
Privilege escalation
System access

Where: From remote
Solution Status: Vendor Patch


Software: JD Edwards EnterpriseOne Tools 8.x
JD Edwards OneWorld Tools 8.x
Oracle Application Server 10g
Oracle Collaboration Suite 10.x
Oracle Database 10.x
Oracle Database 11.x
Oracle E-Business Suite 11i
Oracle E-Business Suite 12.x
Oracle Enterprise Manager 10.x
Oracle PeopleSoft Enterprise Human Resource Management System 8.x
Oracle PeopleSoft Enterprise Human Resource Management System 9.x
Oracle Secure Backup 10.x
Oracle Times-Ten In-Memory Database 7.x
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition

Description:
Some vulnerabilities have been reported in various Oracle products. Some have unknown impact while others can be exploited by malicious users to conduct SQL injection attacks or manipulate certain data, and by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system.

Solution:
Apply the patches (see the vendor's advisory).

Provided and/or discovered by:
The vendor credits:
* Deniz Cevik, Intellect
* Andy Davis, Information Risk Management Plc (IRM Plc)
* Esteban Martinez Fayo, Application Security, Inc.
* Franz Huell, Red Database Security
* Wasim Iqbal
* Joxean Koret
* Joxean Koret, TippingPoint (3com)
* Alexander Kornbrust, Red Database Security
* Sasa Kos, ACROS Security
* Zhenhua Liu, Fortinet, Inc.
* Andy Sch., Centre for the Protection of National Infrastructure
* Daiki Fukumori [Secure Sky Technology], JPCERT/CC Vulnerability Handling Team
* Geoff Whittington, Assurent Secure Technologies
* Xiaopeng Zhang, Fortinet, Inc.

1) Code Audit Labs, iDefense
2, 3, 4) An anonymous person, reported via iDefense
5) David Litchfield, NGS Software
6) Alexandr Polyakov, Digital Security Reasearch Group

Changelog:
2009-01-14: Updated "Description" to include vulnerability #5 and #6.

Original Advisory:
Oracle:
http://www.oracle.com/technology/depl...ritical-patch-updates/cpujan2009.html

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=767
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=768
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=769

http://secunia.com/advisories/33525/

Collapse -
SUSE Update for Mozilla Products
by Marianna Schmudlach / January 14, 2009 12:20 AM PST

Release Date: 2009-01-14

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
System access

Where: From remote
Solution Status: Vendor Patch


OS: openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x

Description:
SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
SUSE-SA:2009:002:
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00003.html

Other References:
SA33184:
http://secunia.com/advisories/33184/

SA33204:
http://secunia.com/advisories/33204/

SA33205:
http://secunia.com/advisories/33205/

Collapse -
rPath update for samba
by Marianna Schmudlach / January 14, 2009 12:21 AM PST

Release Date: 2009-01-14

Critical:
Less critical
Impact: Exposure of sensitive information

Where: From local network
Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for samba. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information.

Solution:
Update to:
samba=conary.rpath.com@rpl:1/3.0.33-0.1-2
samba-client=conary.rpath.com@rpl:1/3.0.33-0.1-2
samba-client=rap.rpath.com@rpath:linux-1/3.0.33-1-1
samba-server=conary.rpath.com@rpl:1/3.0.33-0.1-2
samba-swat=conary.rpath.com@rpl:1/3.0.33-0.1-2

Original Advisory:
rPSA-2009-0006:
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0006

Other References:
SA32813:
http://secunia.com/advisories/32813/

Collapse -
Members Area Manager "cid" SQL Injection Vulnerability
by Marianna Schmudlach / January 14, 2009 12:22 AM PST

Release Date: 2009-01-14

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Members Area Manager 1.x

Description:
ajann has reported a vulnerability in Members Area Manager, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cid" parameter in upload_image_security_level.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 1.2. Other versions may also be affected.

Solution:
Edit the source code to ensue that input is properly sanitised.

Provided and/or discovered by:
ajann

Original Advisory:
http://milw0rm.com/exploits/7774

Collapse -
Fast Guest Book Two SQL Injection Vulnerabilities
by Marianna Schmudlach / January 14, 2009 12:25 AM PST

Release Date: 2009-01-14

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Fast Guest Book

Description:
Moudi has discovered two vulnerabilities in Fast Guest Book, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "name" and "pass" parameters in admin/authorize.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Moudi

Original Advisory:
http://milw0rm.com/exploits/7719

Collapse -
phpMDJ "id_animateur" SQL Injection Vulnerability
by Marianna Schmudlach / January 14, 2009 12:26 AM PST

Release Date: 2009-01-14

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: phpMDJ 1.x

Description:
darkjoker has discovered a vulnerability in phpMDJ, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id_animateur" parameter in animateurs.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is confirmed in version 1.0.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
darkjoker

Original Advisory:
http://milw0rm.com/exploits/7724

Collapse -
Linux Kernel 64bit ABI System Call Parameter Sign Extension
by Marianna Schmudlach / January 14, 2009 12:27 AM PST

Release Date: 2009-01-14

Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system
Solution Status: Unpatched


OS: Linux Kernel 2.6.x

Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially cause a DoS (Denial of Service) or gain escalated privileges.

The security issue is caused due to the kernel accepting certain 32bit parameters passed in a 64bit register from userspace without ensuring that the value is correctly sign extended. This may be exploited to crash a system or potentially gain escalated privileges by passing specially crafted parameters to affected system calls.

Reportedly, the following architectures use a vulnerable ABI system when running a 64bit kernel and a 64bit userspace:
* S390
* PowerPC
* SPARC64
* MIPS

Solution:
Restrict access to trusted users only.

Provided and/or discovered by:
Red Hat credits Christian Borntraeger.

Original Advisory:
https://bugzilla.redhat.com/show_bug.cgi?id=479969

Other References:
http://marc.info/?l=linux-kernel&m=123155111608910&w=2

Collapse -
Weight Loss Recipe Book Two SQL Injection Vulnerabilities
by Marianna Schmudlach / January 14, 2009 12:28 AM PST

Release Date: 2009-01-14

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Weight Loss Recipe Book 3.x

Description:
x0r has discovered two vulnerabilities in Weight Loss Recipe Book, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "administrators_username" and "administrators_pass" parameters in admin-login.php (when "action" is set to "admin_login") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are confirmed in version 3.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
x0r

Original Advisory:
http://milw0rm.com/exploits/7728

Collapse -
Realtor 747 "INC_DIR" File Inclusion Vulnerability
by Marianna Schmudlach / January 14, 2009 12:29 AM PST

Release Date: 2009-01-14

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: Realtor 747 4.x

Description:
ahmadbady has discovered a vulnerability in Realtor 747, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "INC_DIR" parameter in include/define.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local and external resources.

This vulnerability is confirmed in version 4.11. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
ahmadbady

Original Advisory:
http://milw0rm.com/exploits/7743

Collapse -
Joomla Fantasy Tournament Component Multiple SQL Injection
by Marianna Schmudlach / January 14, 2009 12:31 AM PST

Release Date: 2009-01-14

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Fantasy Tournament 2009.1.5 (component for Joomla)

Description:
H!tm@N has reported some vulnerabilities in the Fantasy Tournament Component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
H!tm@N

Original Advisory:
http://milw0rm.com/exploits/7777

Collapse -
Interspire Shopping Cart "ProcessLogin()" Authentication Byp
by Marianna Schmudlach / January 14, 2009 12:32 AM PST

Release Date: 2009-01-14

Critical:
Moderately critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch


Software: Interspire Shopping Cart 4.x

Description:
A vulnerability has been reported in Interspire Shopping Cart, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the "ProcessLogin()" function in class.auth.php setting the authentication cookie before successfully completing the authentication process. This can be exploited to log in without entering the correct password.

The vulnerability is reported in version 4.0.1 Ultimate edtion. Prior versions may also be affected.

Solution:
Update to version 4.0.2.

Provided and/or discovered by:
Truong Van Tri and Blue Moon Consulting

Original Advisory:
http://bluemoon.com.vn/advisories/bmsa200901.html

Collapse -
Admins warned over latest Windows patch
by Marianna Schmudlach / January 14, 2009 1:18 AM PST

14 January 2009

Microsoft's Patch Tuesday has dropped in on 2009 with a whisper revealing only a single patch covering three vulnerabilities with the Windows operating system's Server Message Block Protocol.

But it is the nature of the possible exploit of those vulnerabilities that could have IT screaming for mercy, according to security experts.
While the patch is rated critical, Microsoft's new exploitability index gives patch MS09-001 only a three, meaning that exploit code is unlikely. None has been posted online although some experts are seeing discussions on hacker sites.

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=109483

Collapse -
Windows 7 gets its first patch
by Marianna Schmudlach / January 14, 2009 1:20 AM PST

14 January 2009

By Gregg Keizer, Computerworld (US)
Microsoft has issued its first patch for the just-released Windows 7 beta, but it passed on plugging a hole in an important file-sharing protocol that it fixed in older versions of the operating system.

Earlier, Windows Update, Microsoft's primary update service, began delivering the first patch to Windows 7 since the company struggled to launch the public beta last Friday. The update fixes a flaw that shaves several seconds of audio from any MP3 file that's edited, including files modified automatically as users connect to the Internet.
"Without action on your part, all MP3 files that have large headers in your Windows Media Player and Windows Media Center libraries are likely to lose some audio," Microsoft said in the support document it published Saturday, several days after it first posted the fix to its MSND and TechNet subscription services

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=109477

Collapse -
Researcher warns of data-snooping bug in Apple's Safar
by Marianna Schmudlach / January 14, 2009 1:22 AM PST

Mac or Windows, equal pwnage opportunity

By Dan Goodin in San Francisco

Apple's Safari web browser for both the Mac and Windows suffers from a serious vulnerability that can expose emails, passwords and other sensitive contents of a user's hard drive, a researcher has warned.

Those using Mac OS X 10.5, aka Leopard, are susceptible to the data-snooping bug even if they use Firefox or another alternate browser, according to open source software developer Brian Mastenbrook. Apple has yet to plug the gaping hole, so the only way users can currently protect themselves is to change RSS reader settings in Safari's preferences panel.

Windows users are also vulnerable, but only if they are using Safari. For the time being, it's probably a good idea for Windows users with Safari installed to leave it closed and use a different browser.

More: http://www.theregister.co.uk/2009/01/13/safari_data_snooping_bug/

Collapse -
RIM warns of BlackBerry PDF processing vulnerabilities
by Marianna Schmudlach / January 14, 2009 5:45 AM PST

January 14th, 2009

Posted by Ryan Naraine

Hackers can use booby-trapped PDF attachments sent to BlackBerry devices to launch malicious code execution attacks, according to warnings issued by Research in Motion (RIM).

The company shipped patches this week to address a pair of critical vulnerabilities affecting its enterprise product line.

The vulnerabilities are due to the improper processing of PDF files within the Distiller component of the BlackBerry Attachment Service, RIM said. Here are the raw details:

More: http://blogs.zdnet.com/security/?p=2378&tag=nl.e550

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.