Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 11, 2008

SUSE update for bind

Secunia Advisory: SA31052
Release Date: 2008-07-11


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
openSUSE 11.0
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x

Description:
SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html

Other References:
SA30973:
http://secunia.com/advisories/30973/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 11, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 11, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Pagefusion Multiple Cross-Site Scripting Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31050
Release Date: 2008-07-11


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Pagefusion 1.x

Description:
Julian Rodriguez has discovered some vulnerabilities in Pagefusion, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "acct_fname", "acct_lname", "PID", "PGID", and "rez" parameters in index.php is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in Pagefusion Local Server version 1.5. on Windows. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a web proxy.

Provided and/or discovered by:
Julian Rodriguez

Collapse -
Linux Kernel Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31048
Release Date: 2008-07-11


Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Patch


OS: Linux Kernel 2.6.x

Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges.

Solution:
Update to version 2.6.25.10.

Provided and/or discovered by:
Reported as vulnerabilities by the PaX team.

Original Advisory:
http://lwn.net/Articles/288473/

Collapse -
Wireshark Packet Reassembly Denial of Service

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31044
Release Date: 2008-07-11


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Wireshark (formerly Ethereal) 0.x
Wireshark 1.x



Description:
A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when reassembling packets and can be exploited to cause the application to crash when processing a series of malformed packets that are either captured off the wire or loaded via a capture file.

The vulnerability is reported in versions 0.8.19 to 1.0.1.

Solution:
Update to version 1.0.2.
http://www.wireshark.org/download.html

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
wnpa-sec-2008-04:
http://www.wireshark.org/security/wnpa-sec-2008-04.html

Collapse -
Sun Solaris Thunderbird Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31043
Release Date: 2008-07-11


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: Sun Solaris 10

Description:
Sun has acknowledged some vulnerabilities in Thunderbird included in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or compromise a vulnerable system.

The vulnerabilities affect Thunderbird 2.0 on Solaris 10 on SPARC and x86 platforms.

Solution:
Apply patches.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239546-1

Other References:
SA28808:
http://secunia.com/advisories/28808/

SA29133:
http://secunia.com/advisories/29133/

SA29548:
http://secunia.com/advisories/29548/

Collapse -
eSyndiCat Directory Software Pro "register.php" Cross-Site S

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31041
Release Date: 2008-07-11


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: eSyndiCat Directory Software Pro 2.x



Description:
Fugitif has reported some vulnerabilities in eSyndiCat Directory Software, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "username", "email", "password", "password2", "security_code", and "register" parameters to register.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 2.2. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
Fugitif

Original Advisory:
http://packetstorm.linuxsecurity.com/0807-exploits/esyndicat-xss.txt

Collapse -
phpDatingClub "page" Local File Inclusion

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31040
Release Date: 2008-07-11


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: phpDatingClub 3.x

Description:
Big Ben has discovered a vulnerability in phpDatingClub, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "page" parameter in website.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

The vulnerability is confirmed in version 3.7. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
Big Ben

Original Advisory:
http://milw0rm.com/exploits/6037

Collapse -
Zen Cart Two Local File Inclusion Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31039
Release Date: 2008-07-11


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Zen Cart 1.x

Description:
CraCkEr has discovered two vulnerabilities in Zen Cart, which can be exploited by malicious people to disclose sensitive information.

Solution:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

Provided and/or discovered by:
CraCkEr

Original Advisory:
http://milw0rm.com/exploits/6038

Collapse -
Novell eDirectory LDAP Search Request Buffer Overflow

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31036
Release Date: 2008-07-11


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


Software: Novell eDirectory 8.x

Description:
A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to an error in calculating the size of a heap buffer for storing LDAP search parameters. This can be exploited to cause a heap-based buffer overflow with the string "(null)" via NULL search parameters.

Successful exploitation may allow execution of arbitrary code.

The vulnerability affects version 8.8 and 8.7.3 on all platforms.

Solution:
Apply 8.8.2 FTF2 or 8.7.3.10b.
http://download.novell.com/

Provided and/or discovered by:
Discovered by an anonymous researcher and reported via iDefense Labs.

Original Advisory:
Novell:
http://www.novell.com/support/viewContent.do?externalId=3843876&sliceId=1

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=724

Collapse -
Apple TV Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31034
Release Date: 2008-07-11


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Apple TV 2.x

Description:
Some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Update to version 2.1.

Provided and/or discovered by:
1,6) Chris Ries of Carnegie Mellon University Computing Services.
2) Sanbin Li, reporting via ZDI.
3) An anonymous researcher, reporting via ZDI.
4) Independently discovered by:
* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs
* Petko D. (pdp) Petkov, GNUCITIZEN
5) Luigi Auriemma

Original Advisory:
http://support.apple.com/kb/HT2304

Other References:
SA28423:
http://secunia.com/advisories/28423/

SA28502:
http://secunia.com/advisories/28502/

SA29293:
http://secunia.com/advisories/29293/

SA29650:
http://secunia.com/advisories/29650/

Collapse -
SUSE update for MozillaFirefox

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31051
Release Date: 2008-07-11


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Solution:
Apply updated packages.


Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html

Other References:
SA30911:
http://secunia.com/advisories/30911/

Collapse -
DreamNews Manager "id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31032
Release Date: 2008-07-11


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: DreamNews Manager

Description:
Hussin X has reported a vulnerability in DreamNews Manager, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in dreamnews-rss.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://milw0rm.com/exploits/6035

Collapse -
Xomol CMS "current_url" Cross-Site Scripting Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Secunia Advisory: SA31015
Release Date: 2008-07-11


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Xomol CMS 1.x

Description:
Julian Rodriguez has reported a vulnerability in Xomol CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "current_url" parameter in index.php (when "op" is set to "tellafriend") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 1.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Julian Rodriguez

Collapse -
Security update for Drupal CMS

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

The developers of the Drupal CMS have released versions 5.8 and 6.3, which close cross-site scripting, cross-request forgery, and SQL injection holes. In particular, the OpenID module contains XSS vulnerabilities that attackers could exploit to steal login data. Users who cannot upgrade to the new versions are advised to install the patches for Drupal 5.7 or 6.2.

More: http://www.heise-online.co.uk/security/Security-update-for-Drupal-CMS--/news/111090

Collapse -
ZoneAlarm: internet access restored

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Checkpoint has published an update of its ZoneAlarm products to remedy the internet blockade caused by the installation of Microsoft's DNS patch. The patch from Redmond remedied a security vulnerability where Windows XP and 2000 selected a static port from within a limited range of ports, for name server queries. The Microsoft patch provides a more dynamic choice of port. As a result ZoneAlarm Firewall blocks such queries, because it's not prepared for the change in port selection and Windows is not able to resolve names for IP addresses, therefore blocking all internet access.

More: http://www.heise-online.co.uk/security/ZoneAlarm-internet-access-restored--/news/111089

Collapse -
Microsoft remedies yet another patch blockade

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Microsoft has released a patch to remedy the problem made public last week, related to Windows Server Update Services (WSUS). Under certain circumstances, automatic updates are not distributed if Microsoft Office 2003 is installed on the client. According to the security advisory, the flaw affects WSUS 3.0 and 3.0 SP1. If WSUS is running on Windows Server 2008, the patch might have to be launched directly with administrator privileges. For reasons not explained, the patch may not correctly elevate privileges itself.

More: http://www.heise-online.co.uk/security/Microsoft-remedies-yet-another-patch-blockade--/news/111088

Collapse -
Apple makes its TV service safer

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Apple has released a security update for its Apple TV streaming box and iTunes living room client in order to close six critical security holes. The vendor says that attackers could inject and execute arbitrary code in the device when specially crafted movies are played back. As a result, the unit could be used to purchase iTunes music or be integrated in a bot network as a zombie. The holes are at least partly the result of flaws in the handling of chan and crgn atoms, which lead to buffer overflows. Furthermore, two flaws in QuickTime are related to the handling of certain URLs and RTSP tunnels. Specially crafted PICT images can also provoke a buffer overflow.

More: http://www.heise-online.co.uk/security/Apple-makes-its-TV-service-safer--/news/111087

Collapse -
DoS vulnerability in Sophos antivirus products

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

Antivirus software vendor Sophos has reported the discovery of a DoS vulnerability in some of its products. According to the security advisory, specially crafted attachments to emails can bring down Sophos E-mail Appliance, Pure Message for UNIX and Sophos Anti-Virus Interface (SAVI). For the attack to succeed, the MIME attachment has to have a length of zero. Sophos says that only Linux/UNIX installations are affected.

More: http://www.heise-online.co.uk/security/DoS-vulnerability-in-Sophos-antivirus-products--/news/111086

Collapse -
How to Determine if Adobe Acrobat or Reader 8.1.2 Security U

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

How to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed?

Published: 2008-07-11,
Last Updated: 2008-07-11 09:09:17 UTC
by Raul Siles

A couple of weeks ago, we announce a new critical vulnerability in Adobe Acrobat or Reader 8.1.2 that allows remote code execution. Adobe released an update for it, Security Update 1. The update process was confusing for lot of people, and after completing it, it was not clear how to check if the update had been properly installed, as it still says version 8.1.2 almost everywhere.

More: http://isc.sans.org/

Collapse -
Apple Releases Security Updates for iPhone and iPod touch

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

added July 11, 2008 at 03:17 pm

Apple has released iPhone v2.0 and iPod touch v2.0 to address multiple vulnerabilities. These vulnerabilities affect CFNetwork, Kernel, Safari, and WebKit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, spoof websites, conduct cross-site scripting attacks or cause a denial-of-service condition.

US-CERT encourages users to review Apple Article HT2351 and apply any necessary updates.


http://www.us-cert.gov/current/current_activity.html#apple_releases_security_updates_for

Collapse -
Oracle Critical Patch Update Pre-Release Announcement for

In reply to: VULNERABILITIES \ FIXES - July 11, 2008

added July 11, 2008 at 03:17 pm

Oracle has issued a Critical Patch Update Pre-Release Announcement indicating that its July release cycle will contain 45 security fixes for multiple products including Oracle Database, TimesTen In-Memory Database, Application Server, E-Business Suite, Enterprise, PeopleSoft Enterprise and BEA. Release of these updates is scheduled for Tuesday, July 15.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#oracle_critical_patch_update_pre

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.