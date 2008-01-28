Thread display:
Collapse /
Expand
19 total posts
Collapse -
Fedora update for cups
Secunia Advisory: SA28676
Release Date: 2008-01-28
Critical:
Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
OS: Fedora 8
Description:
Fedora has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Apply updated packages via the yum utility ("yum update cups").
Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2008-January/msg00908.html
Other References:
SA28129:
http://secunia.com/advisories/28129/
Collapse -
Gentoo update for xine-lib
Secunia Advisory: SA28674
Release Date: 2008-01-28
Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
OS: Gentoo Linux 1.x
Description:
Gentoo has issued an update for xine-lib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
Solution:
Update to "media-libs/xine-lib-1.1.9.1" or later.
Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200801-12.xml
Other References:
SA28384:
http://secunia.com/advisories/28384/
Collapse -
Gentoo update for ngircd
Secunia Advisory: SA28673
Release Date: 2008-01-28
Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Gentoo Linux 1.x
Description:
Gentoo has issued an update for ngircd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Update to "net-irc/ngircd-0.10.4" or later.
Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200801-13.xml
Other References:
SA28425:
http://secunia.com/advisories/28425/
Collapse -
Gentoo update for blam
Secunia Advisory: SA28672
Release Date: 2008-01-28
Critical:
Not critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
OS: Gentoo Linux 1.x
Description:
Gentoo has issued an update for blam. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
Solution:
Update to "net-news/blam-1.8.4" or later.
Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200801-14.xml
Other References:
SA26480:
http://secunia.com/advisories/26480/
Collapse -
Proficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing
Secunia Advisory: SA28663
Release Date: 2008-01-28
Critical:
Moderately critical
Impact: DoS
System access
Where: From local network
Solution Status: Vendor Patch
Software: Proficy HMI/SCADA - CIMPLICITY 6.x
Proficy HMI/SCADA - CIMPLICITY 7.x
Description:
Eyal Udassin has reported a vulnerability in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to a boundary error in w32rtr.exe when processing packets and can be exploited to cause a heap-based buffer overflow by sending a specially-crafted packet to default port 32000/TCP.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in version 6.1. Other versions may also be affected.
Solution:
Apply hotfixes. Please see the vendor's advisory for details.
* CIMPLICITY 6.1 SP6 Hot Fix - 010708_162517_6106
* CIMPLICITY 7.0 SIM 9
Provided and/or discovered by:
Eyal Udassin, C4 Security
Original Advisory:
GE Fanuc (KB12458):
http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458
C4 Security (via BugTraq):
http://archives.neohapsis.com/archives/bugtraq/2008-01/0372.html
Other References:
US-CERT VU#308556:
http://www.kb.cert.org/vuls/id/308556
Collapse -
CandyPress Store SQL Injection and Cross-Site Scripting
Secunia Advisory: SA28662
Release Date: 2008-01-28
Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: CandyPress Store 3.x
CandyPress Store 4.x
Description:
Some vulnerabilities have been reported in CandyPress Store, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1) Input passed to various parameters in ajax/ajax_optInventory.asp, "idcust" in ajax/ajax_getTiers.asp and ajax/ajax_getCust.asp, "recid" in ajax/ajax_getBrands.asp, "tableName" in ajax/ajax_tableFields.asp, "helpfield" in admin/utilities_ConfigHelp.asp, and "FedExAccount" in admin/SA_shipFedExMeter.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability allows e.g. retrieving various usernames and passwords from the product's configuration settings.
2) Input passed to the "helpfield" parameter in admin/utilities_ConfigHelp.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 4.1.1.26 and all prior 4.1.x.x versions. Two of them also affect earlier 4.x.x.x and 3.x.x.x versions.
Solution:
Update to version 4.1.1.27.
Provided and/or discovered by:
AmnPardaz Security Research & Penetration Testing Group and the vendor
Original Advisory:
CandyPress Store:
http://www.candypress.com/CPforum/forum_posts.asp?TID=10630&PN=1
AmnPardaz:
http://milw0rm.com/exploits/4988
Collapse -
phpIP Management Two SQL Injection Vulnerabilities
Secunia Advisory: SA28656
Release Date: 2008-01-28
Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: phpIP Management 4.x
Description:
Charles Hooper has discovered two vulnerabilities in phpIP Management, which can be exploited by malicious people and users to conduct SQL injection attacks.
1) Input passed to the "password" parameter in login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability allows e.g. logging in as administrator without valid administrator credentials, but requires knowledge of the administrator username.
2) Input passed to the "id" parameter in display.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability allows e.g. retrieving usernames, password hashes, and e-mail addresses, but requires valid user credentials.
NOTE: Other parameters are reportedly also affected by SQL injection issues.
The vulnerabilities are confirmed in version 4.3.2. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
Charles Hooper
Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059902.html
Collapse -
F5 BIG-IP Application Security Manager "report_type" Cross-S
F5 BIG-IP Application Security Manager "report_type" Cross-Site Scripting
Secunia Advisory: SA28655
Release Date: 2008-01-28
Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched
OS: BIG-IP Application Security Manager 9.x
Description:
nnposter has reported a vulnerability in F5 BIG-IP Application Security Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "report_type" parameter in "dms/policy/rep_request.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in version 9.4.3. Other versions may also be affected.
Solution:
Filter malicious characters and character sequences using a web proxy.
Do not browse untrusted websites or follow untrusted links while logged on to the management interface.
Provided and/or discovered by:
nnposter
Original Advisory:
http://seclists.org/bugtraq/2008/Jan/0380.html
Collapse -
Linux Kernel minix File System Denial of Service Vulnerabili
Secunia Advisory: SA28654
Release Date: 2008-01-28
Critical:
Not critical
Impact: DoS
Where: Local system
Solution Status: Vendor Patch
OS: Linux Kernel 2.6.x
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to improper handling of corrupted data structures in the minix file system. This can be exploited to crash a system by mounting a specially crafted image.
The vulnerability is reported in versions prior to 2.6.24.
Note: Several other issues, of which some may be security relevant, were also reported in the change log of version 2.6.24.
Solution:
Update to version 2.6.24.
Provided and/or discovered by:
LMH
Original Advisory:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24
Other References:
SA23034:
http://secunia.com/advisories/23034/
Collapse -
Pre Dynamic Institution Multiple SQL Injection Vulnerabiliti
Secunia Advisory: SA28651
Release Date: 2008-01-28
Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: Pre Dynamic Institution
Description:
Aria-Security Team have reported some vulnerabilities in Pre Dynamic Institution, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "sloginid" and "spass" parameters in login.asp and siteadmin/login.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows e.g. logging in as student or administrator without valid user credentials.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
Aria-Security Team
Collapse -
NamoInstaller ActiveX Control NamoInstall Class "Install()"
NamoInstaller ActiveX Control NamoInstall Class "Install()" Insecure Method
Secunia Advisory: SA28649
Release Date: 2008-01-28
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Namo Web Editor Control 6.x
NamoInstaller ActiveX Control 1.x
NamoInstaller ActiveX Control 2.x
NamoInstaller ActiveX Control 3.x
Description:
plan-s has discovered a vulnerability in NamoInstaller ActiveX Control, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the NamoInstaller.NamoInstall.1 ActiveX control (NamoInstaller.dll) including the insecure "Install()" method. This can be exploited to e.g. download and execute a malicious program when a user is tricked into visiting a malicious website.
The vulnerability is confirmed in NamoInstaller.dll versions 1.0.0.4, 2.0.0.1, and 3.0.0.1. Other versions may also be affected.
Solution:
Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by:
plan-s
Original Advisory:
http://www.milw0rm.com/exploits/4986
Collapse -
Alice Gate2 Plus Wi-Fi Cross-Site Request Forgery Vulnerabil
Secunia Advisory: SA28618
Release Date: 2008-01-28
Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting
Where: From remote
Solution Status: Unpatched
OS: Alice Gate2 Plus Wi-Fi
Description:
WarGame/DoomRiderz has reported a vulnerability in Alice Gate2 Plus Wi-Fi, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.
The vulnerability is caused due to the device allowing users to perform certain actions via HTTP requests, without checking the validity of the request or proper authentication of the user sending the request. This can be exploited by malicious people to e.g. disable the encryption of the wireless network by tricking a user into visiting a malicious site.
Solution:
Visit trusted sites only. Use a firewall to restrict access to the affected device.
Provided and/or discovered by:
WarGame/DoomRiderz
Original Advisory:
http://vx.netlux.org/wargamevx/
Collapse -
Debian update for gforge
Secunia Advisory: SA28598
Release Date: 2008-01-28
Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid
Description:
Debian has issued an update for gforge. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
Solution:
Apply updated packages.
Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2008/msg00037.html
Other References:
SA23675:
http://secunia.com/advisories/23675/
Collapse -
Firebird "username" Buffer Overflow Vulnerability
Secunia Advisory: SA28596
Release Date: 2008-01-28
Critical:
Moderately critical
Impact: DoS
System access
Where: From local network
Solution Status: Vendor Workaround
Software: Firebird 1.x
Firebird 2.x
Description:
A vulnerability has been reported in Firebird, which can potentially be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the processing of usernames and can be exploited to cause a stack-based buffer overflow via an overly long username.
Successful exploitation may allow execution of arbitrary code.
The vulnerability affects version 2.1 Beta 2, 2.0.3, 2.0.2, 2.0.0, 1.0.3, 2.1 Beta 1, 2.1 Alpha 1, 2.0.1, and 1.5.4.
Solution:
The vulnerability is fixed in version 2.1 RC1.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
http://tracker.firebirdsql.org/browse/CORE-1603
Collapse -
Metasploit version 3.1 adds iPhone support
Report of 28.01.2008
Version 3.1 of exploit framework Metasploit has been released. The most important changes since version 3.0, released around 10 months ago, are a Windows graphical interface, numerous integrated tools and additional modules. In developing the GUI, which now provides a file and process browser, Metasploit developer H.D. Moore received support from security specialist Fabrice Mourron. The tools include the METASM suite, written in Ruby, which includes an assembler, disassembler, compiler, linker and debugger.
More: http://www.heise-security.co.uk/news/102572
Collapse -
xine-lib update closes security holes
Report of 28.01.2008
A xine-lib update closes vulnerabilities in the media library. Attackers were able to use crafted data streams or MPEG files to inject arbitrary code into users' systems.
In version 1.1.9.1, the developers fixed a recently published vulnerability in the implementation of the Realtime Streaming Protocol (RTSP). The new version 1.1.10 addresses another flaw which allows malicious code to be injected and executed when processing crafted MPEG files. This flaw originally affected xine-lib 1.1.1 and was resolved, but developers reintroduced it as they continued to develop the software.
More: http://www.heise-security.co.uk/news/102544