Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - January 23, 2008

by Marianna Schmudlach / January 22, 2008 11:41 PM PST

Fedora update for bind

Secunia Advisory: SA28487
Release Date: 2008-01-23


Critical:
Less critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00782.html
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00781.html

Other References:
SA28579:
http://secunia.com/advisories/28579/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - January 23, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - January 23, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fedora update for libXfont
by Marianna Schmudlach / January 22, 2008 11:43 PM PST

Secunia Advisory: SA28500
Release Date: 2008-01-23


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for libXfont. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00771.html
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00674.html

Other References:
SA28532:
http://secunia.com/advisories/28532/

Collapse -
Fedora update for boost
by Marianna Schmudlach / January 22, 2008 11:44 PM PST
Collapse -
Fedora update for clamav
by Marianna Schmudlach / January 22, 2008 11:46 PM PST

Secunia Advisory: SA28587
Release Date: 2008-01-23


Critical:
Highly critical
Impact: Unknown
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for clamav. This fixes some vulnerabilities, where one vulnerability has an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00644.html
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00740.html

Other References:
SA28117:
http://secunia.com/advisories/28117/

Collapse -
Fedora update for mantis
by Marianna Schmudlach / January 22, 2008 11:48 PM PST

Secunia Advisory: SA28591
Release Date: 2008-01-23


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for mantis. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00676.html
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00734.html

Other References:
SA28577:
http://secunia.com/advisories/28577/

Collapse -
Fedora update for xorg-x11-server
by Marianna Schmudlach / January 22, 2008 11:50 PM PST

Secunia Advisory: SA28592
Release Date: 2008-01-23


Critical:
Less critical
Impact: Exposure of sensitive information
Privilege escalation
DoS

Where: From local network

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for xorg-x11-server. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.

Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00704.html
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00641.html

Other References:
SA28532:
http://secunia.com/advisories/28532/

Collapse -
aflog SQL Injection and Script Insertion Vulnerabilities
by Marianna Schmudlach / January 22, 2008 11:52 PM PST

Secunia Advisory: SA28594
Release Date: 2008-01-23


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: aflog 1.x

Description:
shinmai has discovered some vulnerabilities in aflog, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct SQL injection attacks.

1) Input passed to the "id" parameter in comments.php and view.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.

2) Input passed to the "text" parameter in comments.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious comment is viewed.

Successful exploitation of this vulnerability requires valid user credentials.

The vulnerabilities are confirmed in version 1.01. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
shinmai

Original Advisory:
http://milw0rm.com/exploits/4958

Collapse -
Lycos FileUploader Module File Upload Component ActiveX Cont
by Marianna Schmudlach / January 22, 2008 11:53 PM PST

Lycos FileUploader Module File Upload Component ActiveX Control Buffer Overflow

Secunia Advisory: SA28599
Release Date: 2008-01-23


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Lycos FileUploader Module 2.x

Description:
Elazar Broad has discovered a vulnerability in Lycos FileUploader Module, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the FileUploader.FUploadCtl.1 ActiveX control (FileUploader.dll) when handling strings assigned to the "HandwriterFilename" property. This can be exploited to cause a heap-based buffer overflow by assigning an overly-long string to the affected property.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in FileUploader.dll version 2.0.0.2. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
Elazar Broad

Original Advisory:
http://www.milw0rm.com/exploits/4967

Collapse -
PHP-Nuke "modules/Search/index.php" SQL Injection
by Marianna Schmudlach / January 22, 2008 11:55 PM PST

Secunia Advisory: SA28624
Release Date: 2008-01-23


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: PHP-Nuke 8.x

Description:
Foster & 1dt.w0lf have discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "sid" parameter through modules.php to modules/Search/index.php (when "type" is set to "comments") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving the administrator password hash, but requires that "magic_quotes_gpc" is disabled - not the value recommended by the installer - and having knowledge of the database table prefix.

The vulnerability is confirmed in version 8.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Set "magic_quotes_gpc" in php.ini to On.

Use another product.

Provided and/or discovered by:
Foster & 1dt.w0lf

Original Advisory:
http://milw0rm.com/exploits/4965

Collapse -
Firefox leaks information
by Marianna Schmudlach / January 22, 2008 11:57 PM PST

Report of 23.01.2008

A directory traversal vulnerability in Firefox may allow crafted web pages to read confidential information from users' computers. The Mozilla development team are currently investigating the problem.

A demonstration of the vulnerability has turned up on the hiredhacker.com blog. It shows how a web page can gain access to the saved settings in the Thunderbird e-mail client. However, the exploit does require there to be an add-on installed in Firefox which is not packed as a .jar archive. According to the Mozilla development team, browser add-ons are frequently present in this form. A web page could then access chrome:// URLs using, for example, commands for loading images, scripts or stylesheets. Firefox fails to convert encoded characters such as %2e%2e%2f into ../ in such URLs and also fails to filter them out ? with the result that they can be used to read arbitrary files.

More: http://www.heise-security.co.uk/news/102291

Collapse -
Skype blocks videos completely to protect Windows users
by Marianna Schmudlach / January 22, 2008 11:59 PM PST

Skype has completely deactivated the "Add video to chat" function in its client software to close a potential security hole in its Windows software. At the end of last week, the eponymous company behind the Skype client blocked access to video portal Dailymotion in order to prevent attackers from executing JavaScript injected into video pages in Skype, allowing them to gain control of a user's PC. This latest move means that it is no longer possible to add videos from Metacafe either.

The problem results from the way in which Skype presents external video sites in its selection window. According to a security advisory from Skype, it uses Internet Explorer's HTML render engine and JS/ActiveX API. In doing so, however, the content runs in the local zone, giving it the highest level of privileges.

More: http://www.heise-security.co.uk/news/102282

Collapse -
Home router attack serves up counterfeit pages
by Marianna Schmudlach / January 23, 2008 12:45 AM PST

Drive-by pharming

By Dan Goodin in San Francisco

Published Wednesday 23rd January 2008

A security researcher says he has observed criminals using a new form of attack that causes victims to visit spoofed banking pages by secretly making changes to their high-speed home routers.

According to Symantec researcher Zulfikar Ramzan, the attack changes a router's settings controlling the domain name system server that translates domain names like theregister.co.uk into numerical IP address.

Malicious javascript code embedded into one email message he uncovered caused the URL for a popular Mexico-based bank to map to a fraudulent website controlled by the attackers. Anyone who tried to do business on the rogue site would have their banking credentials lifted.

More: http://www.theregister.co.uk/2008/01/23/pharming_attack_in_the_wild/

Collapse -
SDL_Image GIF Handling Buffer Overflow
by Marianna Schmudlach / January 23, 2008 12:50 AM PST

Summary
SDL_Image is "an open source library providing image file handling functionality". GIF format handling routines suffers from lack of proper buffer size validating, which makes it vulnerable to a buffer overflow attack. An attacker could DoS an application using SDL_Image, or execute arbitrary code (this has not been confirmed, and is believed to be nontrivial). Since this is a library, in some cases the attack could be remote.

Credit:
The information has been provided by Gynvael Coldwind.

http://www.securiteam.com/unixfocus/5BP0L0UN5Y.html

Collapse -
New versions of the Apache web server released
by Marianna Schmudlach / January 23, 2008 5:28 AM PST

Report of 23.01.2008

The Apache Foundation has released Apache versions 2.2.8, 2.0.63 and 1.3.4, in which the developers have patched some vulnerabilities and numerous other errors not related to security. Versions 2.2.7, 2.0.62 and 1.3.40 were simply skipped. The vulnerabilities addressed were essentially the well-known XSS problems in some of the modules.

http://www.heise-security.co.uk/news/102329

Collapse -
Firefox chrome: URL Handling Directory Traversal
by Marianna Schmudlach / January 23, 2008 5:30 AM PST
Collapse -
Cisco Releases Security Advisories to Address Vulnerabilitie
by Marianna Schmudlach / January 23, 2008 5:32 AM PST

added January 23, 2008 at 03:16 pm

Cisco has released Security Advisory cisco-sa-20080123-asa and cisco-sa-20080123-avs to address vulnerabilities in the PIX 500 Series Security Appliance (PIX), 5500 Series Adaptive Security Appliance (ASA), and Application Velocity System (AVS).

The vulnerability affecting the PIX and ASA devices could allow a remote attacker to cause a denial-of-service condition. The vulnerability affecting AVS could allow an attacker to gain full administrative rights to the system or user-level access to the host operating system.

http://www.us-cert.gov/current/current_activity.html#cisco_releases_security_advisories_to3

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?