Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - January 30, 2009

by Marianna Schmudlach / January 29, 2009 11:22 PM PST

IBM AIX "rmsock" and "rmsock64" Log File Privilege Escalation


Release Date: 2009-01-30

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: AIX 5.x
AIX 6.x

Description:
IBM has acknowledged a security issue in IBM AIX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the "rmsock" and "rmsock64" commands creating log files in an insecure manner. This can be exploited to e.g. append data to arbitrary files.

The security issue is reported in the AIX platforms 5.2, 5.3, and 6.1. Other versions may also be affected.

Solution:
Apply fix or APARs.

Original Advisory:
http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc

http://secunia.com/advisories/33773/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - January 30, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - January 30, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fedora update for gedit
by Marianna Schmudlach / January 29, 2009 11:23 PM PST

Release Date: 2009-01-30

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for gedit. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

Solution:
Apply updated packages using the yum utility ("yum update gedit").

Original Advisory:
FEDORA-2009-1189:
https://www.redhat.com/archives/fedor...e-announce/2009-January/msg01195.html

Other References:
SA33769:
http://secunia.com/advisories/33769/

Collapse -
Sun Solaris OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerabili
by Marianna Schmudlach / January 29, 2009 11:25 PM PST
Collapse -
Fedora update for glpi
by Marianna Schmudlach / January 29, 2009 11:26 PM PST

Release Date: 2009-01-30

Critical:
Less critical
Impact: Manipulation of data

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for glpi. This fixes some vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks.

Solution:
Apply updated packages via the yum utility ("yum update glpi").

Original Advisory:
FEDORA-2009-1092:
https://www.redhat.com/archives/fedor...e-announce/2009-January/msg01095.html

Other References:
SA33680:
http://secunia.com/advisories/33680/

Collapse -
GNOME gedit Insecure Python Module Search Path Vulnerability
by Marianna Schmudlach / January 29, 2009 11:27 PM PST

Release Date: 2009-01-30

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Unpatched


Software: GNOME gedit 2.x

Description:
A vulnerability has been reported in gedit, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to gedit using the current working directory as part of the module search path, which can be exploited to e.g. execute arbitrary Python code with the privileges of another user by tricking the user into executing gedit in a directory containing a Python file named like one of the modules gedit uses.

Solution:
Do not execute gedit in untrusted directories.

Provided and/or discovered by:
James Vega

Original Advisory:
http://bugzilla.gnome.org/show_bug.cgi?id=569214

http://secunia.com/advisories/33759/

Collapse -
Ubuntu update for linux
by Marianna Schmudlach / January 29, 2009 11:28 PM PST

Release Date: 2009-01-30

Critical:
Not critical
Impact: DoS

Where: Local system
Solution Status: Vendor Patch


OS: Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for linux. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-715-1:
https://lists.ubuntu.com/archives/ubu...ity-announce/2009-January/000834.html

Other References:
SA32913:
http://secunia.com/advisories/32913/

SA32933:
http://secunia.com/advisories/32933/

Collapse -
Ubuntu update for moinmoin
by Marianna Schmudlach / January 29, 2009 11:30 PM PST

Release Date: 2009-01-30

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.10
Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for moinmoin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass security restrictions, manipulate certain data, or potentially compromise a vulnerable system.

Solution:
Apply update packages.

Original Advisory:
USN-716-1:
https://lists.ubuntu.com/archives/ubu...ity-announce/2009-January/000835.html

Other References:
SA29010:
http://secunia.com/advisories/29010/

SA33593:
http://secunia.com/advisories/33593/

Collapse -
Coppermine Photo Gallery Variable Overwrite Vulnerability
by Marianna Schmudlach / January 29, 2009 11:31 PM PST

Release Date: 2009-01-30

Critical:
Highly critical
Impact: System access
Security Bypass

Where: From remote
Solution Status: Unpatched


Software: Coppermine Photo Gallery 1.x

Description:
Michael Brooks has discovered a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

The vulnerability is caused due to an error while filtering variables in the include/init.inc.php script. This can be exploited to overwrite arbitrary variables and e.g. execute arbitrary PHP code by uploading arbitrary PHP files via the picEditor.php script.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in version 1.4.19. Other versions may also be affected.

Solution:
Set "register_globals" to "Off".

Provided and/or discovered by:
Michael Brooks

Original Advisory:
http://milw0rm.com/exploits/7909

Collapse -
ManageEngine Firewall Analyzer Cross-Site Request Forgery Vu
by Marianna Schmudlach / January 29, 2009 11:32 PM PST

Release Date: 2009-01-30

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: ManageEngine Firewall Analyzer 4.x
ManageEngine Firewall Analyzer 5.x

Description:
A vulnerability has been discovered in ManageEngine Firewall Analyzer, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The vulnerability is caused due to the application allowing the user to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. add administrative users by enticing a logged-in administrator to visit a malicious site.

The vulnerability is confirmed in version 5.0.0. Other versions may also be affected.

Solution:
Do not visit untrusted web sites while being logged-in to the application.

Provided and/or discovered by:
Michael Brooks

Original Advisory:
http://milw0rm.com/exploits/7918

Collapse -
Profense Web Application Firewall Cross-Site Scripting and C
by Marianna Schmudlach / January 29, 2009 11:33 PM PST

Release Date: 2009-01-30

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: Profense Web Application Firewall 2.x

Description:
Michael Brooks has discovered some vulnerabilities in Profense Web Application Firewall, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

Solution:
Do not follow untrusted links and do not visit untrusted web sites while being logged-in to the web-based management interface.

Provided and/or discovered by:
Michael Brooks

Original Advisory:
http://milw0rm.com/exploits/7919

Collapse -
SUSE update for kernel
by Marianna Schmudlach / January 29, 2009 11:34 PM PST

Release Date: 2009-01-30

Critical:
Less critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: openSUSE 10.3
openSUSE 11.0
SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to cause a DoS or to potentially compromise a vulnerable system.

Solution:
Apply updated packages.


Original Advisory:
SUSE-SA:2009:008:
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html

Other References:
SA32510:
http://secunia.com/advisories/32510/

SA32719:
http://secunia.com/advisories/32719/

SA32913:
http://secunia.com/advisories/32913/

Collapse -
Novell GroupWise bug threatens mass email theft
by Marianna Schmudlach / January 29, 2009 11:39 PM PST

A mole's dream

By Dan Goodin in San Francisco
30th January 2009

Security researchers have identified two critical holes in Novell's GroupWise WebAccess, the web front end for the company's email and employee collaboration package, that allow malicious hackers to steal user messages with ease. All supported versions of the program are vulnerable.

One vulnerability allows an attacker to forward all of a user's email simply by sending a specially crafted email, according to Adrian Pastor, an employee for ProCheckUp, a penetration testing firm based in London. The cross-site request forgery bug allows attackers to add new forwarding rules simply by tricking a user into opening the email, no clicking of links necessary.

A second security vulnerability is the result of a persistent cross site scripting (XSS) error that allows attackers to remotely run code on a user's computer. Miscreants could exploit the flaw by inserting malicious javascript into an HTML email or by including an HTML attachment.

More:http://www.theregister.co.uk/2009/01/30/novell_groupwise_vulns/

Collapse -
Google fixes security vulnerabilities in Chrome
by Marianna Schmudlach / January 29, 2009 11:42 PM PST

30 January 2009

The Google Chrome development team have released update 1.0.154.46, which fixes three security vulnerabilities, two of which affect calls to the Adobe Reader plug-in and enable cross-site scripting attacks to be carried out using crafted PDF files. The Chrome update prevents calls to the plugin, but does not address the actual problem ? Adobe is also currently working on an update for its Reader plug-in.

More: http://www.heise-online.co.uk/security/Google-fixes-security-vulnerabilities-in-Chrome--/news/112525

Collapse -
Microsoft PR blunder over Internet Explorer security
by Marianna Schmudlach / January 29, 2009 11:44 PM PST

30 January 2009

Once again, Microsoft's security evangelist Jeff Jones has tried to substantiate his proposition that Internet Explorer is at least as secure as Firefox. However, the Washington Post's Brian Krebs has clarified that the figures Jones used for making the comparison, are misleading.

For his current PR campaign, Jeff Jones released a whole series of articles on the website of CIO magazine, which is produced by US publishers IDG. In the first few parts of the series he discussed a study by Brian Krebs, according to which the users of Internet Explorer were acutely threatened by security holes on a total of 284 days in 2006.

More: http://www.heise-online.co.uk/security/Microsoft-PR-blunder-over-Internet-Explorer-security--/news/112526

Collapse -
Microsoft's Web Sandbox is now open source
by Marianna Schmudlach / January 29, 2009 11:45 PM PST

30 January 2009

Microsoft's Web Sandbox Live Labs project is now available under an open source license. Microsoft chose the Apache 2.0 license for the project, but pointed out that the project will not become an Apache project, although the vendor has been a member of the Apache Software Foundation since July 2008.

The Sandbox technology aims at allowing developers to create secure mash-up solutions and page extensions, like ads, or web-based gadgets, by isolating the components. In addition, the project wants to provide interoperability with script frameworks.

More: http://www.heise-online.co.uk/security/Microsoft-s-Web-Sandbox-is-now-open-source--/news/112527

Collapse -
WebSphere Application Server Unspecified Information Disclos
by Marianna Schmudlach / January 30, 2009 1:04 AM PST

Release Date: 2009-01-30

ritical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch

Software: IBM WebSphere Application Server 6.0.x

Description:
A vulnerability has been reported in WebSphere Application Server, which can potentially be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to an unspecified error, which can be exploited to retrieve arbitrary files. No further details are currently available.

The vulnerability is reported in WebSphere Application Server 6.0.1 for z/OS.

Solution:
Apply APAR PK79232.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (PK72036):
http://www-01.ibm.com/support/docview.wss?uid=swg1PK79232

Collapse -
Novell Releases Updates for GroupWise
by Marianna Schmudlach / January 30, 2009 6:50 AM PST

added January 30, 2009 at 11:53 am

Novell has released updates for GroupWise 7 and 8 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, compromise a GroupWise account, conduct cross-site scripting attacks, or obtain sensitive information.

US-CERT encourages users to review the Novell download page and apply the appropriate patch to help mitigate the risks.


http://www.us-cert.gov/current/current_activity.html#novell_releases_updates_for_groupwise

Collapse -
Microsoft to unblock Windows Service packs
by Marianna Schmudlach / January 30, 2009 2:27 PM PST

Vista, XP updates will be pushed to users automatically

Written by Shaun Nichols in San Francisco

vnunet.com, 30 Jan 2009
Microsoft is planning to end a feature which allows users to block the automatic installation of Windows service packs.

The company revealed on Thursday that it would be removing the option of blocking the Windows XP SP3 and Windows Vista SP1 updates from the Automatic Update service.

Microsoft first created the blocking feature to allow administrators the ability to keep the service packs from reaching end-users while the updates could be tested for possible compatibility and stability problems.

More: http://www.vnunet.com/vnunet/news/2235487/microsoft-unblock-windows

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.