Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 15, 2008

Red Hat update for ruby

Secunia Advisory: SA31090
Release Date: 2008-07-15


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux WS 3

Description:
Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0562.html

Other References:
SA13123:
http://secunia.com/advisories/13123/

SA29794:
http://secunia.com/advisories/29794/

SA30924:
http://secunia.com/advisories/30924/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 15, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 15, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fedora update for wireshark

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31085
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Exposure of sensitive information
DoS

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update wireshark").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html

Other References:
SA30886:
http://secunia.com/advisories/30886/

SA31044:
http://secunia.com/advisories/31044/

Collapse -
Fedora update for php-pecl-apc

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31082
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Security Bypass
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for php-pecl-apc. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages via the yum utility ("yum update php-pecl-apc").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00548.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00582.html

Other References:
SA29509:
http://secunia.com/advisories/29509/

Collapse -
Fedora update for newsx

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31080
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for newsx. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "read_article()" function in src/getarticle.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted NNTP packet.

Solution:
Apply updated packages via the yum utility ("yum update newsx").

Provided and/or discovered by:
Reported by Enrico Scholz in a Red Hat bug report.

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html

Other References:
https://bugzilla.redhat.com/show_bug.cgi?id=454483

Collapse -
Fedora update for drupal

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31079
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Hijacking
Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, session fixation, SQL injection, and script insertion attacks.

Solution:
Apply updated packages via the yum utility ("yum update drupal"). See vendor's advisory for additional information.

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html

Other References:
SA31028:
http://secunia.com/advisories/31028/

Collapse -
Fedora update for java-1.6.0-openjdk

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31078
Release Date: 2008-07-15


Critical:
Highly critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for java-1.6.0-openjdk. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

Solution:
Apply updated packages via the yum utility ("yum update java-1.6.0-openjdk").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00467.html

Other References:
SA31010:
http://secunia.com/advisories/31010/

Collapse -
Yuhhu Pubs Black Cat "category" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31077
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Yuhhu Pubs Black Cat

Description:
RMx has reported a vulnerability in Yuhhu Pubs Black Cat, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "category" parameter in browse.groups.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
RMx

Collapse -
Maian Search "search_cookie" Security Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31075
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Maian Search 1.x

Description:
S.W.A.T. has reported a vulnerability in Maian Search, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the admin/index.php script. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "search_cookie" cookie.

The vulnerability is reported in version 1.1 downloaded before 2008-07-14. Prior versions may also be affected.

Solution:
Update to version 1.1 downloaded on or after 2008-07-14.

Provided and/or discovered by:
S.W.A.T.

Original Advisory:
http://milw0rm.com/exploits/6066

Collapse -
Maian Recipe "recipe_cookie" Security Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31071
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Maian Recipe 1.x

Description:
S.W.A.T. has reported a vulnerability in Maian Recipe, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the admin/index.php script. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "recipe_cookie" cookie.

The vulnerability is reported in version 1.2 downloaded before 2008-07-14. Prior versions may also be affected.

Solution:
Update to version 1.2 downloaded on or after 2008-07-14.

Provided and/or discovered by:
S.W.A.T.

Original Advisory:
http://milw0rm.com/exploits/6063

Collapse -
Maian Guestbook "gbook_cookie" Security Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31070
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Maian Guestbook 3.x

Description:
S.W.A.T. has reported a vulnerability in Maian Guestbook, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the admin/index.php script. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "gbook_cookie" cookie.

The vulnerability is reported in version 3.2 downloaded before 2008-07-14. Prior versions may also be affected.

Solution:
Update to version 3.2 downloaded on or after 2008-07-14.

Provided and/or discovered by:
S.W.A.T.

Original Advisory:
http://milw0rm.com/exploits/6061

Collapse -
Maian Links "links_cookie" Security Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31068
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Maian Links 3.x

Description:
S.W.A.T. has reported a vulnerability in Maian Links, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the admin/index.php script. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "links_cookie" cookie.

The vulnerability is reported in version 3.1 downloaded before 2008-07-14. Prior versions may also be affected.

Solution:
Update to version 3.1 downloaded on or after 2008-07-14.

Provided and/or discovered by:
S.W.A.T.

Original Advisory:
http://milw0rm.com/exploits/6062

Collapse -
Red Hat update for java-1.4.2-ibm

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31067
Release Date: 2008-07-15


Critical:
Highly critical
Impact: Security Bypass
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 3
Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.4.2-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0555.html

Other References:
SA29239:
http://secunia.com/advisories/29239/

Collapse -
Firebird 2 Multiple Vulnerabilities and Weakness

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31064
Release Date: 2008-07-15


Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information
DoS

Where: From local network

Solution Status: Partial Fix


Software: Firebird 2.x

Description:
Some vulnerabilities and a weakness have been reported in Firebird, which can be exploited by malicious users to cause a DoS (Denial of Service) and disclose system information, and by malicious, local users to disclose sensitive information.

Solution:
The vulnerabilities are fixed in version 2.5 Alpha 1.

Update to version 2.1.1, which fixes vulnerabilities #1, #4, and #5.
http://sourceforge.net/project/showfiles.php?group_id=9028

Restrict access to trusted users only.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://tracker.firebirdsql.org/browse/CORE-1845
http://tracker.firebirdsql.org/browse/CORE-1884
http://tracker.firebirdsql.org/browse/CORE-1887
http://tracker.firebirdsql.org/browse/CORE-1919
http://tracker.firebirdsql.org/browse/CORE-1930

Other References:
SA31003:
http://secunia.com/advisories/31003/

Collapse -
Red Hat update for bluez-libs and bluez-utils

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31057
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for bluez-libs and bluez-utils. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0581.html

Other References:
SA30957:
http://secunia.com/advisories/30957/

Collapse -
Red Hat update for java-1.5.0-sun

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31055
Release Date: 2008-07-15


Critical:
Highly critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.5.0-sun. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0595.html

Other References:
SA31010:
http://secunia.com/advisories/31010/

Collapse -
CodeDB "lang" Local File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31053
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: CodeDB 1.x

Description:
cOndemned has discovered a vulnerability in CodeDB, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "lang" parameter in list.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 1.1.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
cOndemned

Original Advisory:
http://milw0rm.com/exploits/6071

Collapse -
Maian Uploader "uploader_cookie" Security Bypass Vulnerabili

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31045
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Maian Uploader 4.x

Description:
S.W.A.T. has reported a vulnerability in Maian Uploader, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the admin/index.php script. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "uploader_cookie" cookie.

The vulnerability is reported in version 4.0 downloaded before 2008-07-14. Prior versions may also be affected.

Solution:
Update to version 4.0 downloaded on or after 2008-07-14.

Provided and/or discovered by:
S.W.A.T.

Original Advisory:
http://milw0rm.com/exploits/6065

Collapse -
FreeBSD update for bind

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31033
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: FreeBSD 6.x

Description:
FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

Solution:
Update FreeBSD or apply patch.

Fixed versions:
2008-07-12 10:07:33 UTC (RELENG_6, 6.3-STABLE)
2008-07-13 18:42:38 UTC (RELENG_6_3, 6.3-RELEASE-p3)
2008-07-13 18:42:38 UTC (RELENG_7, 7.0-STABLE)
2008-07-13 18:42:38 UTC (RELENG_7_0, 7.0-RELEASE-p3)

Patch for FreeBSD 6.3:
http://security.FreeBSD.org/patches/SA-08:06/bind63.patch
http://security.FreeBSD.org/patches/SA-08:06/bind63.patch.asc

Patch for FreeBSD 7.0:
http://security.FreeBSD.org/patches/SA-08:06/bind7.patch
http://security.FreeBSD.org/patches/SA-08:06/bind7.patch.asc

Original Advisory:
http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc

Other References:
SA30973:
http://secunia.com/advisories/30973/

Collapse -
Firebird 1 Unspecified Path Disclosure Weakness

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA31003
Release Date: 2008-07-15


Critical:
Not critical
Impact: Exposure of system information

Where: From local network

Solution Status: Unpatched


Software: Firebird 1.x



Description:
A weakness has been reported in Firebird, which can be exploited by malicious users to disclose system information.

The weakness is caused due to an unspecified error can be exploited to disclose the server's installation directory.

The weakness is reported in versions 1.0.3, 1.5.4, and 1.5.5. Other versions may also be affected.

Solution:
Restrict access to trusted users only.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://tracker.firebirdsql.org/browse/CORE-1845

Collapse -
Ubuntu update for pcre3

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA30990
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for pcre3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Original Advisory:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-July/000727.html

Other References:
SA30916:
http://secunia.com/advisories/30916/

Collapse -
Maian Weblog "weblog_cookie" Security Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Secunia Advisory: SA30943
Release Date: 2008-07-15


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Maian Weblog 4.x

Description:
S.W.A.T. has reported a vulnerability in Maian Weblog, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the admin/index.php script. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "weblog_cookie" cookie.

The vulnerability is reported in version 4.0 downloaded before 2008-07-14. Prior versions may also be affected.

Solution:
Update to version 4.0 downloaded on or after 2008-07-14.

Provided and/or discovered by:
S.W.A.T.

Original Advisory:
http://milw0rm.com/exploits/6064

Collapse -
BlackBerry PDF parsing vulnerability

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Published: 2008-07-15,
Last Updated: 2008-07-15 22:39:40 UTC
by Maarten Van Horenbeeck

Francois wrote in today pointing us to a vulnerability recently discovered in the BlackBerry attachment service. This service parses documents in various file formats, including PDF, and encodes them in a format readable for the BlackBerry handheld device. Most vulnerabilities that have affected the BlackBerry Enterprise platform have been situated in this service, as it needs to be able to parse a wide number of different files, increasing the risk of software vulnerabilities, particularly heap overflows.

More: http://isc.sans.org/

Collapse -
Oracle (and BEA, Hyperion and TimesTen) critical patch updat

In reply to: VULNERABILITIES \ FIXES - July 15, 2008

Published: 2008-07-15,
Last Updated: 2008-07-15 20:45:56 UTC
by Maarten Van Horenbeeck

Today, July 15th, Oracle has released its quarterly critical patch update. The highest CVSS score of all vulnerabilities patched is 6.8 (6.5 is the maximum for the Oracle Database itself).

Below is the list of software affected, as listed in the pre-release announcement:

http://isc.sans.org/

Collapse -
Oracle Releases Critical Patch Update for July 2008

added July 15, 2008 at 04:38 pm

Oracle has released their Critical Patch Update for July 2008 to address 45 vulnerabilities across several products. This update contains the following security fixes:


11 updates for Oracle Database
3 updates for Times Ten In-Memory Database
9 updates for Oracle Application Server
6 updates for Oracle E-Business Suite and Applications
2 updates for Oracle Enterprise Manager
7 updates for Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
7 updates for BEA Product Suite
US-CERT encourages users to review the July Critical Patch Update and apply any necessary updates.

http://www.us-cert.gov/current/current_activity.html#oracle_releases_critical_patch_update3

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.