Attention: The forums are currently placed on Read Only.

Thank you for visiting the CNET forums. Our site is currently undergoing some maintenance. During this period (6:30 AM to 8 PM PDT,) you can read the forums content, however posting in the forum will not be available. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - January 22, 2008

by Marianna Schmudlach / January 22, 2008 1:17 AM PST

Debian update for libvorbis

Secunia Advisory: SA28614
Release Date: 2008-01-22


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for libvorbis. This fixes some vulnerabilties, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2008/msg00031.html

Other References:
SA26232:
http://secunia.com/advisories/26232/

Discussion is locked
Collapse -
Kayako SupportSuite "syncml/index.php" Information Disclosur
by Marianna Schmudlach / January 22, 2008 1:19 AM PST

Secunia Advisory: SA28613
Release Date: 2008-01-22


Critical:
Not critical
Impact: Exposure of system information

Where: From remote

Solution Status: Unpatched


Software: Kayako SupportSuite 3.x

Description:
Janek Vind has reported a vulnerability in Kayako SupportSuite, which can be exploited by malicious people to disclose system information.

The syncml/index.php script displays the contents of the "$_SERVER[]" array to unauthenticated people. This array contains information like the values of environment variables, full paths to the web root and the syncml/index.php script, and the web server administrator's e-mail address.

The vulnerability is reported in version 3.11.01. Other versions may also be affected.

Solution:
Restrict access to the "syncml/index.php" script (e.g. with ".htaccess").

Provided and/or discovered by:
Janek Vind a.k.a. waraxe

Original Advisory:
http://www.waraxe.us/advisory-63.html

Collapse -
Avaya Products httpd Multiple Vulnerabilities
by Marianna Schmudlach / January 22, 2008 1:20 AM PST

Secunia Advisory: SA28607
Release Date: 2008-01-22


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


OS: Avaya Converged Communications Server (CCS) 3.x
Avaya Modular Messaging 3.x
Avaya SIP Enablement Services (SES) 3.x


Description:
Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious people to conduct cross-site scripting attacks.


The vulnerabilities affect the following products and versions:
* Avaya Communication Manager (CM 3.x, 4.x, 5.0)
* Avaya Intuity AUDIX LX (IALX 2.0)
* Avaya Messaging Storage Server (MSS 3.x)
* Avaya Message Networking (MN 3.1)
* Avaya CCS/SES (3.1.1 and newer)
* Avaya Voice Portal (VP 4.0 and 4.1)
* Avaya Meeting Exchange (MX 5.0)
* Avaya Application Enablement Services (AES 4.0 and 4.1)

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm

Other References:
SA28046:
http://secunia.com/advisories/28046/

Collapse -
Interstage HTTP Server Multiple Vulnerabilities
by Marianna Schmudlach / January 22, 2008 1:22 AM PST

Secunia Advisory: SA28606
Release Date: 2008-01-22


Critical:
Moderately critical
Impact: Cross Site Scripting
DoS

Where: From remote

Solution Status: Partial Fix


Software: Interstage Application Server 5.x
Interstage Application Server 6.x
Interstage Application Server 7.x
Interstage Application Server 8.x
Interstage Application Server 9.x
Interstage Apworks 6.x
Interstage Apworks 7.x
Interstage Apworks 8.x
Interstage Business Application Server 8.x
Interstage Job Workload Server 8.x
Interstage Studio 8.x
Interstage Studio 9.x


Description:
Fujitsu has acknowledged some vulnerabilities in Interstage HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct cross-site scripting attacks.

1) Some errors within the HTTP Server can be exploited to cause a DoS or to conduct cross-site scripting attacks.

2) An unspecified error when receiving certain requests can be exploited to cause a DoS.

This affects Windows systems with the following urgent corrections applied.
* TP08940
* TP38940

3) An unspecified error when using SSL can be exploited to cause a DoS.

This affects Solaris systems with the following urgent corrections applied.
* T023AS-03

Please see the vendor advisory for a list of affected products.

Solution:
The vendor has released patches for certain versions. Please see vendor advisory for a patch matrix.

Provided and/or discovered by:
2, 3) Reported by the vendor.

Original Advisory:
http://www.fujitsu.com/global/support...ty/products-f/interstage-200802e.html

Other References:
SA26273:
http://secunia.com/advisories/26273/

SA26636:
http://secunia.com/advisories/26636/

Collapse -
PacerCMS "submit.php" Cross Site Scripting Vulnerability
by Marianna Schmudlach / January 22, 2008 1:23 AM PST

Secunia Advisory: SA28605
Release Date: 2008-01-22


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: PacerCMS 0.x

Description:
A vulnerability has been reported in PacerCMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to unspecified parameters in submit.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 0.6.1.

Solution:
Update to version 0.6.1.
http://pacercms.sourceforge.net/index.php/download/

Provided and/or discovered by:
The vendor credits RawSecurity.org.

Original Advisory:
http://pacercms.sourceforge.net/index...s-code-base-addresses-security-issue/

Collapse -
IBM Tivoli Provisioning Manager for OS Deployment HTTP Serve
by Marianna Schmudlach / January 22, 2008 1:24 AM PST

IBM Tivoli Provisioning Manager for OS Deployment HTTP Server Denial of Service

Secunia Advisory: SA28604
Release Date: 2008-01-22


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


Software: IBM Tivoli Provisioning Manager for OS Deployment 5.x



Description:
A vulnerability has been reported in IBM Tivoli Provisioning Manager for OS Deployment, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the HTTP server. No further information is available.

Solution:
Apply Interim Fix 3, version 5.1.0.3 (5.1.0-TIV-TPMOSD-IF0003). Please see the vendor's advisory for details.

Provided and/or discovered by:
The vendor credits iDefense Labs.

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg24018010

Collapse -
IBM Tivoli Business Service Manager Password Disclosure
by Marianna Schmudlach / January 22, 2008 1:25 AM PST

IBM Tivoli Business Service Manager Password Disclosure



Secunia Advisory: SA28603
Release Date: 2008-01-22


Critical:
Less critical
Impact: Exposure of sensitive information

Where: Local system

Solution Status: Vendor Patch


Software: IBM Tivoli Business Service Manager 4.x


Description:
Some security issues have been reported in IBM Tivoli Business Service Manager, which potentially can be exploited by malicious, local users to disclose sensitive information.

The security issues are caused due to certain passwords being stored in clear text on reconfig or in SM_server.log.

The security issues are reported in 4.1.1.

Solution:
Apply Interim Fix 1 (4.1.1.0-TIV-BSM-IF0001). Please see the vendor's advisory for details.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (166896, 167722):
http://www-1.ibm.com/support/docview.wss?uid=swg24017939

Collapse -
HP Virtual Rooms Install HPVirtualRooms14 Class ActiveX Cont
by Marianna Schmudlach / January 22, 2008 1:27 AM PST

HP Virtual Rooms Install HPVirtualRooms14 Class ActiveX Control Buffer Overflow



Secunia Advisory: SA28595
Release Date: 2008-01-22


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: HP Virtual Rooms Install 1.x


Description:
Elazar Broad has discovered a vulnerability in HP Virtual Rooms Install, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the WebHPVCInstall.HPVirtualRooms14 ActiveX control (HPVirtualRooms14.dll) when handling strings assigned to various properties (e.g. "AuthenticationURL", "PortalAPIURL", "cabroot"). This can be exploited to cause a buffer overflow by assigning an overly-long string to an affected property.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in HPVirtualRooms14.dll version 1.0.0.100. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
Elazar Broad

Original Advisory:
Elazar Broad (via Full-Disclosure):
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059837.html

Collapse -
Citadel SMTP "makeuserkey()" Buffer Overflow Vulnerability
by Marianna Schmudlach / January 22, 2008 1:28 AM PST

Secunia Advisory: SA28590
Release Date: 2008-01-22


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Citadel 7.x

Description:
prdelka has discovered a vulnerability in Citadel, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "makeuserkey()" function in user_ops.c. This can be exploited to cause a stack-based buffer overflow via an overly long argument to the "RCPT TO" SMTP command.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 7.10. Other versions may also be affected.

Solution:
Update to version 7.24.

Provided and/or discovered by:
prdelka. Additional information provided by Secunia Research.

Collapse -
ELOG Script Insertion and Denial of Service Vulnerabilities
by Marianna Schmudlach / January 22, 2008 1:29 AM PST

Secunia Advisory: SA28589
Release Date: 2008-01-22


Critical:
Less critical
Impact: Cross Site Scripting
DoS

Where: From remote

Solution Status: Vendor Patch


Software: ELOG 2.x

Description:
Some vulnerabilities have been reported in ELOG, which can be exploited by malicious users to cause a DoS (Denial of Service) and conduct script insertion attacks.

1) An error exists within elogd when processing certain malformed input. This can be exploited to cause an endless loop by submitting specially crafted entries to any logbook.

Successful exploitation requires privileges to send entries to a logbook.

2) Input passed to the "subtext" parameter is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when a user views malicious data in the logbook.

Successful exploitation requires write access to a logbook.

Solution:
Update to version 2.7.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://midas.psi.ch/elog/download/ChangeLog

Collapse -
WebSphere Application Server Two Vulnerabilities
by Marianna Schmudlach / January 22, 2008 1:31 AM PST

Secunia Advisory: SA28588
Release Date: 2008-01-22


Critical:
Moderately critical
Impact: Unknown

Where: From remote

Solution Status: Vendor Patch


Software: IBM WebSphere Application Server 6.0.x

Description:
Some vulnerabilities with unknown impact have been reported in WebSphere Application Server.

1) A security concern with monitor role users in the Administrative Console component has been reported. No further information is available.

2) An unspecified error exists within the PropFilePasswordEncoder utility. No further information is available.

Solution:
Update to version 6.0.2.25.
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24018003

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (PK45768, PK52709):
http://www-1.ibm.com/support/docview.wss?uid=swg27006876

Collapse -
IBM WebSphere Business Modeler Repository Deletion Security
by Marianna Schmudlach / January 22, 2008 1:32 AM PST

Secunia Advisory: SA28586
Release Date: 2008-01-22


Critical:
Less critical
Impact: Manipulation of data

Where: From local network

Solution Status: Vendor Patch


Software: IBM WebSphere Business Modeler 6.x



Description:
A security issue has been reported in IBM WebSphere Business Modeler, which can be exploited by malicious users to manipulate certain data.

The problem is that non-administrator users and users outside of the group that owns a repository are able to perform deletions from the repository.

The security issue is reported in version 6.0.2.1.

Solution:
Apply Interim Fix 11. Please see the vendor's advisories for details.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (JR28175):
http://www-1.ibm.com/support/docview.wss?uid=swg24018060
http://www-1.ibm.com/support/docview.wss?uid=swg24018061

Collapse -
OZJournals "id" Information Disclosure Vulnerability
by Marianna Schmudlach / January 22, 2008 1:33 AM PST

Secunia Advisory: SA28582
Release Date: 2008-01-22


Critical:
Less critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: OZJournals 2.x

Description:
shinmai has discovered a vulnerability in OZJournals, which can be exploited by malicious people to disclose potentially sensitive information.

Input passed to the "id" parameter in index.php when "show" equals "printpreview" is not properly sanitised before being used to read files. This can be exploited to partially disclose the content of arbitrary files on the local system, containing TAB characters.

The vulnerability is confirmed in version 2.1.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
shinmai

Original Advisory:
http://milw0rm.com/exploits/4953

Collapse -
AlstraSoft Forum Pay Per Post Exchange "catid" SQL Injection
by Marianna Schmudlach / January 22, 2008 1:34 AM PST

AlstraSoft Forum Pay Per Post Exchange "catid" SQL Injection Vulnerability

Secunia Advisory: SA28581
Release Date: 2008-01-22


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: AlstraSoft Forum Pay Per Post Exchange 2.x



Description:
t0pP8uZz & xprog have reported a vulnerability in AlstraSoft Forum Pay Per Post Exchange, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "catid" parameter in index.php (if "menu" is set to "forum_catview") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised or filter malicious characters and character sequences using a web proxy.

Provided and/or discovered by:
t0pP8uZz & xprog

Original Advisory:
http://milw0rm.com/exploits/4956

Collapse -
Mandriva update for cairo
by Marianna Schmudlach / January 22, 2008 1:36 AM PST

Secunia Advisory: SA28555
Release Date: 2008-01-22


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for cairo. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:019

Other References:
SA27880:
http://secunia.com/advisories/27880/

Collapse -
Debian update for scponly
by Marianna Schmudlach / January 22, 2008 1:37 AM PST

Secunia Advisory: SA28538
Release Date: 2008-01-22


Critical:
Less critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for scponly. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2008/msg00034.html

Other References:
SA28123:
http://secunia.com/advisories/28123/

Collapse -
Debian update for xine-lib
by Marianna Schmudlach / January 22, 2008 1:40 AM PST

Secunia Advisory: SA28507
Release Date: 2008-01-22


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2008/msg00032.html

Other References:
SA28384:
http://secunia.com/advisories/28384/

Collapse -
Lama Software "MY_CONF[classRoot]" File Inclusion Vulnerabil
by Marianna Schmudlach / January 22, 2008 1:42 AM PST

Lama Software "MY_CONF[classRoot]" File Inclusion Vulnerabilities

Secunia Advisory: SA28442
Release Date: 2008-01-22


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: Lama Software

Description:
QTRinux has reported some vulnerabilities in Lama Software, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "MY_CONF[classRoot]" parameter in admin/functions/inc.steps.access_error.php, admin/functions/inc.steps.check_login.php, and admin/functions/inc.steps.init_system.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires in all three cases that "register_globals" is enabled.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
QTRinux

Original Advisory:
http://milw0rm.com/exploits/4955

Collapse -
IDMOS "fileName" Information Disclosure Vulnerability
by Marianna Schmudlach / January 22, 2008 1:43 AM PST

Secunia Advisory: SA28436
Release Date: 2008-01-22


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: IDMOS 1.x

Description:
MhZ91 has discovered a vulnerability in IDMOS, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "fileName" parameter in administrator/download.php is not properly sanitised before being used. This can be exploited to download arbitrary files through directory traversal attacks or by passing full paths.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
MhZ91

Original Advisory:
http://milw0rm.com/exploits/4954

Collapse -
MiniWeb Directory Traversal and Buffer Overflow
by Marianna Schmudlach / January 22, 2008 1:44 AM PST

21 Jan. 2008

Summary
MiniWeb is "a mini HTTP server implementation written in C language, featuring low system resource consumption, high efficiency, good flexibility and high portability". Two vulnerabilities have been discovered in MiniWeb, these allow a remote attacker to either cause the product to execute arbitrary code through the overflowing of an internal buffer, to access files that reside outside the bounding HTML root directory via a directory traversal vulnerability.

Credit:
The information has been provided by Hamid Ebadi.
The original article can be found at: http://www.bugtraq.ir/adv/miniweb-english.pdf

http://www.securiteam.com/windowsntfocus/5IP0M0AN5E.html

Collapse -
Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication
by Marianna Schmudlach / January 22, 2008 1:45 AM PST

Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability

Summary
A vulnerability in Belkin Wireless G Plus MIMO Router allows remote attackers to access one of the router's CGI scripts and gather all the sensitive information related to the router, such as the PPP username and password, administrative username and password, WAP keys, etc all this without being required to pass any sort of authentication credentials.

Credit:
The information has been provided by DarkFig.
The original article can be found at: http://acid-root.new.fr/?0:17


http://www.securiteam.com/securitynews/5HP0L0AN5E.html

Collapse -
Microsoft issues advance warning of automatic IE7 upgrade
by Marianna Schmudlach / January 22, 2008 1:51 AM PST

Microsoft has published an article in its Knowledge Base to warn administrators of the imminent update of Internet Explorer to version 7. The software giant intends to mark the update on 12 February as an Update Rollup package, which means that it will automatically be distributed and installed on corporate networks whose SWUS servers are configured to auto-approve such packages. Many companies have not yet updated from IE6 to IE7: some have critical, often locally developed, business applications that do not work or have limited functionality with the newer version of the browser.

More: http://www.heise-security.co.uk/news/102235

Collapse -
Vulnerabilities in Visual Studio 6
by Marianna Schmudlach / January 22, 2008 1:52 AM PST

Developers who are still using Microsoft Visual Studio 6 and open project files downloaded from the internet could become contaminated by malicious code. In both the Visual Basic components and Visual InterDev, which creates web applications with Microsoft's Active Server Pages (ASP), a buffer overflow can occur when specially designed project files are opened, allowing injected code to be executed in the process.

More: http://www.heise-security.co.uk/news/102187

Collapse -
Fake crack kills unlicenced screen reader software
by Marianna Schmudlach / January 22, 2008 1:54 AM PST

Antivirus vendor Sophos has reported a virus that disables unlicensed screen reader software for the visually impaired. Screen readers convert text displayed on the monitor to speech output.

Affected users quickly identified the problem. They had downloaded and installed a crack for the popular JAWS screen reader that allows the software to run without a valid licence, but the download turned out to be a trojan.

More: http://www.heise-security.co.uk/news/102181

Collapse -
Bitdefender's Update Server discloses information
by Marianna Schmudlach / January 22, 2008 1:55 AM PST

Bitdefender includes an Update Server for local networks in its business product range. This server contains a directory traversal vulnerability which allows attackers to view any data stored on the server, warns Oliver Karow in a security advisory.

According to Karow, the http.exe Update Server runs at LocalSystem privilege level. This allows files stored on the server system to be read using these privileges. Karow offers the example command line: echo -e "GET /../../boot.ini HTTP/1.0\r\n\r\n" | nc <server> <port>, which reads boot.ini.

More: http://www.heise-security.co.uk/news/102176

Collapse -
Ikea rapped for flat-pack spam
by Marianna Schmudlach / January 22, 2008 2:09 AM PST

Vulnerability on homepage gave hackers access to email servers

Clement James, vnunet.com 22 Jan 2008

ADVERTISEMENT
Security firm Tier-3 has warned companies to review IT security arrangements following a potentially serious spam incident that affected the email servers of furniture giant Ikea.

Tier-3 said that Ikea had recently closed a serious security hole that gave hackers and phishers full access to its email servers, allowing them to send bulk email from the furniture giant's systems.

Geoff Sweeney, chief technology officer at Tier-3, said that the most troubling aspect is that the flaw allowed hackers to use Ikea as a launch pad to send specially targeted emails containing zero-day Trojans or root-kits.

More: http://www.vnunet.com/vnunet/news/2207748/ikea-slammed-flat-pack-spam

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!