Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 16, 2008

Red Hat update for seamonkey

Secunia Advisory: SA31122
Release Date: 2008-07-16


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4
RedHat Linux Advanced Workstation 2.1 for Itanium


Description:
Red Hat has issued an update for seamonkey. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0599.html

Other References:
SA30761:
http://secunia.com/advisories/30761/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 16, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 16, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Red Hat update for firefox

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31121
Release Date: 2008-07-16


Critical:
Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)

Description:
Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.


Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0597.html

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA31120:
http://secunia.com/advisories/31120/

Collapse -
Mozilla Firefox 2 URI Launching Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31120
Release Date: 2008-07-16


Critical:
Less critical
Impact: Security Bypass
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Mozilla Firefox 2.0.x

Description:
A vulnerability has been reported in Firefox 2, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

The vulnerability is reported in versions prior to 2.0.0.16.

Solution:
Update to version 2.0.0.16.
http://www.mozilla.com/en-US/firefox/all-older.html

Provided and/or discovered by:
The vendor credits Billy Rios.

Original Advisory:
MFSA 2008-35:
http://www.mozilla.org/security/announce/2008/mfsa2008-35.html

Collapse -
Red Hat update for php

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31119
Release Date: 2008-07-16


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to bypass certain security restrictions.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0544.html
http://rhn.redhat.com/errata/RHSA-2008-0545.html

Other References:
SA30048:
http://secunia.com/advisories/30048/

Collapse -
phpMyAdmin Cross-Site Request Forgery Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31115
Release Date: 2008-07-16


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: phpMyAdmin 2.x

Description:
Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to perform actions with the privileges of a target user, who is tricked into visiting a malicious website.

The vulnerabilities are reported in versions prior to 2.11.7.1.

Solution:
Update to version 2.11.7.1.

Provided and/or discovered by:
The vendor credits YGN Ethical Hacker Group.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=613660

http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

Collapse -
HP Oracle for OpenView Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31113
Release Date: 2008-07-16


Critical:
Highly critical
Impact: Unknown
Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: HP Oracle for OpenView (OfO) 10.x
HP Oracle for OpenView (OfO) 8.x
HP Oracle for OpenView (OfO) 9.x

Description:
HP has acknowledged some vulnerabilities in HP Oracle for Openview (OfO). Some vulnerabilities have unknown impacts while others can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), disclose sensitive information, gain escalated privileges, or compromise a vulnerable system, and by malicious people to bypass certain security restrictions or to cause a DoS.

The vulnerabilities are reported in versions v8.1.7, v9.1.01, v9.2, v9.2.0, v10g, and v10gR2 running on HP-UX, Tru64 UNIX, Linux, Solaris, and Windows.

Solution:
Install the Oracle Critical Patch Update - July 2008.

Original Advisory:
HPSBMA02133 SSRT061201 rev.9:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143

Other References:
SA31087:
http://secunia.com/advisories/31087/

Collapse -
Gentoo update for mercurial

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31110
Release Date: 2008-07-16


Critical:
Not critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for mercurial. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.

Solution:
Update to "dev-util/mercurial-1.0.1-r2" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200807-09.xml

Other References:
SA31108:
http://secunia.com/advisories/31108/

Collapse -
OpenBSD update for X.Org

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31109
Release Date: 2008-07-16


Critical:
Less critical
Impact: Exposure of sensitive information
Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Patch


OS: OpenBSD 4.2

Description:
OpenBSD has issued an update for X.Org. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.

Solution:
Apply vendor patch.

OpenBSD 4.2:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/012_xorg2.patch

Original Advisory:
http://www.openbsd.org/errata42.html

Other References:
SA30627:
http://secunia.com/advisories/30627/

Collapse -
Mercurial "applydiff()" Directory Traversal Security Issue

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31108
Release Date: 2008-07-16


Critical:
Not critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Workaround


Software: Mercurial 1.x



Description:
A security issue has been reported in Mercurial, which can be exploited by malicious people to manipulate certain data.

The security issue is caused due to an error within the "applydiff()" function in mercurial/patch.py. This can be exploited to manipulate arbitrary files placed outside the repository via directory traversal attacks.

Successful exploitation requires that a user is tricked into importing a malicious patch.

The security issue is reported in version 1.0.1. Other versions may also be affected.

Solution:
Fixed in the development repository.
http://www.selenic.com/hg/rev/87c704ac92d4

Provided and/or discovered by:
Gentoo credits Jakub Wilk.

Original Advisory:
http://bugs.gentoo.org/show_bug.cgi?id=230193

Collapse -
Ubuntu update for kernel

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31107
Release Date: 2008-07-16


Critical:
Moderately critical
Impact: Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose potentially sensitive information, and gain escalated privileges, and malicious people to cause a DoS and potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-625-1

Other References:
SA23073:
http://secunia.com/advisories/23073/

SA30044:
http://secunia.com/advisories/30044/

SA30241:
http://secunia.com/advisories/30241/

SA30580:
http://secunia.com/advisories/30580/

SA30719:
http://secunia.com/advisories/30719/

Collapse -
Mozilla Firefox 3 URI Launching and XUL Error Page Vulnerabi

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31106
Release Date: 2008-07-16


Critical:
Highly critical
Impact: Security Bypass
Spoofing
System access

Where: From remote

Solution Status: Vendor Patch


Software: Mozilla Firefox 3.x

Description:
Some vulnerabilities have been reported in Firefox 3, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system.

Solution:
Update to version 3.0.1.
http://www.mozilla.com/en-US/firefox/

Provided and/or discovered by:
The vendor credits:
1) Billy Rios
2) Ben Turner and Dan Veditz (Mozilla developers)

Original Advisory:
MFSA 2008-35:
http://www.mozilla.org/security/announce/2008/mfsa2008-35.html

Collapse -
Debian update for gaim

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Collapse -
Debian update for lighttpd

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31104
Release Date: 2008-07-16


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid


Description:
Debian has issued an update for lighttpd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00190.html

Other References:
SA26130:
http://secunia.com/advisories/26130/

SA29066:
http://secunia.com/advisories/29066/

Collapse -
Op "XAUTHORITY" Buffer Overflow Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31103
Release Date: 2008-07-16


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Workaround


Software: Op 1.x



Description:
Nico Golde has reported a vulnerability in Op, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a boundary error within the "Go()" function in main.c. This can be exploited to cause a stack-based buffer overflow via an overly long "XAUTHORITY" environment variable.

Successful exploitation requires that "xauth" is enabled.

The vulnerability is reported in version 1.32. Other versions may also be affected.

Solution:
Fixed in the development repository.
http://swapoff.org/changeset/563

Provided and/or discovered by:
Nico Golde

Original Advisory:
http://www.openwall.com/lists/oss-security/2008/07/12/4

Collapse -
WinRemotePC Packet Handling Denial of Service

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31102
Release Date: 2008-07-16


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Unpatched


Software: WinRemotePC 2008

Description:
Shinnok has discovered a vulnerability in WinRemotePC, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the WinRemotePC Server service (WRPCServer.exe) and can be exploited to cause the service to e.g. consume large amounts of CPU resources via specially crafted packets sent to default port 4321/TCP.

The vulnerability is confirmed in WinRemotePC Lite 2008 and also reported in WinRemotePC Full 2008. Other versions may also be affected.

Solution:
Restrict network access to the affected service.

Provided and/or discovered by:
Shinnok

Original Advisory:
http://milw0rm.com/exploits/6077

Collapse -
Pragyan CMS File Inclusion Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31101
Release Date: 2008-07-16


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: Pragyan CMS 2.x

Description:
N3TR00T3R has reported some vulnerabilities in Pragyan CMS, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "sourceFolder" and "moduleFolder" parameters in cms/modules/form.lib.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities are reported in version 2.6.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
N3TR00T3R

Original Advisory:
http://milw0rm.com/exploits/6078

Collapse -
Comdev Web Blogger "arcmonth" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31100
Release Date: 2008-07-16


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Comdev Web Blogger 4.x

Description:
M. Hasran Addahroni has discovered a vulnerability in Comdev Web Blogger, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "arcmonth" parameter to the blog page is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. obtain the administrator password.

The vulnerability is confirmed in version 4.1.3. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
M. Hasran Addahroni

Original Advisory:
http://e-rdc.org/v1/news.php?readmore=102

Collapse -
php Help Agent "content" File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31099
Release Date: 2008-07-16


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: php Help Agent 1.x

Description:
BeyazKurt has discovered a vulnerability in php Help Agent, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.

Input passed to the "content" parameter in include/head_chat.inc.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled. Successful exploitation from external resources (FTP servers) requires that "allow_url_fopen" and "allow_url_include" are enabled.

The vulnerability is confirmed in version 1.1 Full. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
BeyazKurt

Original Advisory:
http://milw0rm.com/exploits/6080

Collapse -
Galatolo WebManager SQL Injection and Cross-Site Scripting

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31098
Release Date: 2008-07-16


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Galatolo WebManager 1.x

Description:
StAkeR has discovered two vulnerabilities in Galatolo WebManager (GWM), which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
StAkeR

Original Advisory:
http://milw0rm.com/exploits/6075

Collapse -
Black Ice Document Imaging SDK "OpenGifFile()" Buffer Overfl

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31095
Release Date: 2008-07-16


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Black Ice Document Imaging SDK 10.x

Description:
r0ut3r has discovered a vulnerability in Black Ice Document Imaging SDK, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within "OpenGifFile()" in BiGif.dll. This can be exploited to cause a heap-based buffer overflow e.g. by passing an overly long string to the "GetNumberOfImagesInGifFile()" method of the BIImgFrm Control ActiveX control (BIImgFrm.ocx).

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 10.95. Other versions may also be affected.

Solution:
Set the kill-bit for the BIImgfrm Control ActiveX control.

Provided and/or discovered by:
r0ut3r

Original Advisory:
http://milw0rm.com/exploits/6083

Collapse -
IBM AIX DNS Cache Poisoning

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31094
Release Date: 2008-07-16


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: AIX 5.x
AIX 6.x

Description:
A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to poison the DNS cache.

Original Advisory:
http://www.kb.cert.org/vuls/id/MIMG-7DWR4J

Other References:
SA30973:
http://secunia.com/advisories/30973/

Collapse -
F5 Products DNS Cache Poisoning Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31093
Release Date: 2008-07-16


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Unpatched


OS: 3-DNS Controller 4.x
BIG-IP 4.x
BIG-IP 9.x
BIG-IP Application Security Manager 9.x
F5 Enterprise Manager 1.x
FirePass 5.x
FirePass 6.x
WANJet 5.x

Description:
A vulnerability has been reported in various F5 products, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to the products not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.

Solution:
The vendor recommends disabling DNS recursion. Please see vendor's advisory for more details.

Provided and/or discovered by:
Dan Kaminsky, IOActive

Original Advisory:
https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8938.html

Other References:
US-CERT VU#800113:
http://www.kb.cert.org/vuls/id/800113

Collapse -
Oracle Products Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31087
Release Date: 2008-07-16


Critical:
Highly critical
Impact: Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
System access
Unknown

Where: From remote

Solution Status: Vendor Patch


Software: BEA WebLogic Express 10.x
BEA WebLogic Express 7.x
BEA WebLogic Express 8.x
BEA WebLogic Express 9.x
BEA WebLogic Server 10.x
BEA WebLogic Server 6.x
BEA WebLogic Server 7.x
BEA WebLogic Server 8.x
BEA WebLogic Server 9.x
Oracle Application Server 10g
Oracle Database 10.x
Oracle Database 11.x
Oracle E-Business Suite 11i
Oracle E-Business Suite 12.x
Oracle Enterprise Manager 10.x
Oracle Hyperion Business Intelligence Plus 9.x
Oracle Hyperion Performance Suite 8.x
Oracle PeopleSoft Enterprise Customer Relationship Management (CRM) 9.x
Oracle PeopleSoft Enterprise Tools 8.x
Oracle Times-Ten In-Memory Database 7.x
Oracle9i Application Server
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition



Description:
Multiple vulnerabilities have been reported for various Oracle products. Some vulnerabilities have unknown impacts while others can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), disclose sensitive information, gain escalated privileges, or compromise a vulnerable system, and by malicious people to bypass certain security restrictions or to cause a DoS.

Solution:
Apply patches (see the vendor's advisory).

Provided and/or discovered by:
The vendor credits:
* Flavio Casetta of Yocoya
* Esteban Martinez Fayo of Application Security, Inc.
* Johannes Greil, SEC Consult
* guyp, Sentrigo
* Joxean Koret
* Alexander Kornbrust, Red Database Security
* Stephen Kost, Integrigy
* Dave Lewis
* David Litchfield, NGS Software
* Hirofumi Oka, JPCERT/CC Vulnerability Handling Team
* Tanel Poder
* Alexandr Polyakov, Digital Security
* Andrea Purificato
* Dave Wichers, Aspect Security

Original Advisory:
Oracle:
http://www.oracle.com/technology/depl...ritical-patch-updates/cpujul2008.html

Oracle / BEA:
https://support.bea.com/application_c...portlets/securityadvisories/2782.html
https://support.bea.com/application_c...portlets/securityadvisories/2790.html
https://support.bea.com/application_c...portlets/securityadvisories/2789.html
https://support.bea.com/application_c...portlets/securityadvisories/2785.html
https://support.bea.com/application_c...portlets/securityadvisories/2786.html
https://support.bea.com/application_c...portlets/securityadvisories/2791.html
https://support.bea.com/application_c...portlets/securityadvisories/2792.html

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=725
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=727

David Litchfield:
http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0240.html

Other References:
SA24373:
http://secunia.com/advisories/24373/

Collapse -
Afuse Shell Command Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA31086
Release Date: 2008-07-16


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Unpatched


Software: Afuse 0.x



Description:
A vulnerability has been reported in Afuse, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to the application improperly sanitising filenames before using them in calls to "system()". This can be exploited to execute arbitrary commands with escalated privileges by requesting a file with a specially crafted filename from a directory registered with Afuse for mounting.

The vulnerability is reported in version 0.2. Other versions may also be affected.

Solution:
Restrict access to Afuse virtual directories to trusted users only.

Provided and/or discovered by:
Debian credits Anders Kaseorg.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490921

Collapse -
PPMate PPMedia Class ActiveX Control Buffer Overflow

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Secunia Advisory: SA30952
Release Date: 2008-07-16


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: PPMate 2.x

Description:
Parvez Anwar has discovered a vulnerability in PPMate, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the PPMedia Class ActiveX control (PPMPlayer.dll) when handling arguments passed to the "StartUrl()" method. This can be exploited to cause a heap-based buffer overflow via an overly long string passed as argument to the affected method.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 2.3.1.93. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
Parvez Anwar

Collapse -
Critical vulnerability in BlackBerry Enterprise Server

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Crafted Portable Document Format files can allow an attacker to gain control of a BlackBerry server. According to a security advisory from BlackBerry vendor RIM, the bug is in the PDF Distiller component of the Attachment Service, which runs on the server and prepares PDF email attachments for display on a BlackBerry handheld. The bug is only triggered when a user opens the PDF on his or her BlackBerry handheld.

BlackBerry does not give any further information on the nature of the bug, but it can be used to inject and execute code on the server. BlackBerry Enterprise Server 4.1 Service Pack 3 (4.1.3) to 4.1 Service Pack 5 (4.1.5) and BlackBerry Unite! prior to 1.0 Service Pack 1 (1.0.1) Bundle 36 are affected. Whilst the problem has been fixed in BlackBerry Unite from bundle 36, according to the vendor no patch or update is as yet available for Enterprise Server.

http://www.heise-online.co.uk/security/Critical-vulnerability-in-BlackBerry-Enterprise-Server--/news/111108

Collapse -
BlackBerry Security Advisory

added July 16, 2008 at 10:46 am

Research In Motion has released a Security Advisory to address a vulnerability in the BlackBerry Enterprise Server. This vulnerability is due to the improper processing of PDF files within the distiller component of the BlackBerry Attachment Service. By convincing a user to open a maliciously crafted PDF attachment on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the system running the BlackBerry Attachment Service.

US-CERT encourages users to review BlackBerry Security Advisory KB15766 and apply the workarounds to help mitigate the risk.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#blackberry_security_advisory

Collapse -
Linux package management systems not completely secure

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

A report from the University of Arizona claims that the package managers used in most Linux distrubutions contain security flaws that allow malicious distribution mirror servers to inject clients with old packages containing flaws. The researchers were able to demonstrate that setting up a mirror for a distribution is relatively easy.

Given their critical role in a system, everyone expects package managers to be extremely secure. Not so, say this report's authors Justin Cappos, Justin Samuel, Scott Baker and John H. Hartman: the vulnerabilities in the managers APT, YUM, YaST for Linux and BSD give attackers the ability to access parts of the system at will, to modify, erase and add files, and to install backdoors.

http://www.heise-online.co.uk/security/Linux-package-management-systems-not-completely-secure--/news/111103

Collapse -
Intel CPUs may allow OS-independent attacks

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Systems based on Intel's processors may be vulnerable to attack, irrespective of the operating system used or patches applied, according to a security researcher. Developer and reverse engineer Kris Kaspersky intends to present his proof of concept code for attacks on Intel processor based systems at the forthcoming Hack in the Box security conference. Kaspersky plans to demonstrate a specific attack on an Intel CPU using JavaScript and TCP packet storms.

It is common knowledge that attackers exploit security vulnerabilities in applications to gain control of systems. That processors bugs might also be used for such exploits is, however, less widely known. According to Kaspersky's pre-conference announcement, Intel lists 128 bugs in the specification for its Core 2 processor alone and more than 230 for the Intel Itanium. Some of these merely cause crashes, others allow remote or local attackers to gain control of a system. It is apparently irrelevant what operating system and applications are running on the computer at the time and what patches have been installed. Some of the bugs can be exploited using specific command sequences if the function of the underlying compiler. such as the JIT Java compiler, is known.

http://www.heise-online.co.uk/security/Intel-CPUs-may-allow-OS-independent-attacks--/news/111107

Collapse -
Firefox 2.0.0.16 fixes two security vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 16, 2008

Published: 2008-07-16,
Last Updated: 2008-07-16 10:02:33 UTC
by Maarten Van Horenbeeck

The Mozilla Foundation has just released Firefox 2.0.0.16 which fixes two critical security vulnerabilities:

MFSA 2008-35 (CVE-2008-2933) Command-line URLs launch multiple tabs when Firefox not running
MFSA 2008-34 (CVE-2008-2785) Remote code execution by overflowing CSS reference counter

It should be noted that the second vulnerability would also affect users that run Thunderbird with Javascript enabled for e-mail reading. Needless to say this is a no-no. We recommend users to upgrade their Firefox installation. Firefox 2.x will still be supported only until mid-December, so investigating and planning an upgrade path to Firefox 3 is advised.

http://isc.sans.org/

Collapse -
Mozilla Releases Firefox 2.0.0.16

In reply to: Firefox 2.0.0.16 fixes two security vulnerabilities

added July 16, 2008 at 10:46 am

Mozilla has released Firefox 2.0.0.16 to address two vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey.

US-CERT encourages users to review the following Mozilla Foundation Security Advisories and upgrade to a fixed version or implement the workarounds listed in the documents to help mitigate the risks.

MFSA 2008-34 : Remote code execution by overflowing CSS reference counter
MFSA 2008-35 : Command-line URLs launch multiple tabs when Firefox not running


http://www.us-cert.gov/current/current_activity.html#mozilla_releases_firefox_2_03

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.